88dd5a198054be0bd119efadecb1eb3840ffa3d50b55fb853f85d3e2ba63656b

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 17:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f687ea32dae1a61f76df3ade0c45a6e6_JaffaCakes118.html
Size

133KB
MD5

f687ea32dae1a61f76df3ade0c45a6e6
SHA1

80c402c75dc5269e070b13f898ae73594d8b9811
SHA256

88dd5a198054be0bd119efadecb1eb3840ffa3d50b55fb853f85d3e2ba63656b
SHA512

07b1786fc8a0172d90adb77caa46ab441a2a482bc08ea659b0dc70bb94e8b2de07edb6ff5f2d097a1db65f1ff920a1af45db6699b31185520239f81a3749ba9d
SSDEEP

3072:swlQ4SPZD3UcZcXmNRS7rGvmowxEsIm0e4rFHRJs1hO+bX/h6:sTYXmNRT3e4rFHRJsi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4908	msedge.exe
4908	msedge.exe
1748	identity_helper.exe
1748	identity_helper.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2088	4908	msedge.exe	82
PID 4908 wrote to memory of 2088	4908	msedge.exe	82
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 2744	4908	msedge.exe	83
PID 4908 wrote to memory of 4632	4908	msedge.exe	84
PID 4908 wrote to memory of 4632	4908	msedge.exe	84
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85
PID 4908 wrote to memory of 4900	4908	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f687ea32dae1a61f76df3ade0c45a6e6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff381446f8,0x7fff38144708,0x7fff38144718
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,7274537017202745736,13721345515081794076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5572 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
67771cba48ed4e877de19ee83fabdcd7

SHA1
18380619449238fb34359cd7b1116f297902d2db

SHA256
93b38dabe25f3e4253111f453b7cb7e0d2a062c95a51c6d4dc985ad587ee70db

SHA512
f52eed893b83f4c7203c97a581538aa64e831998de6fcd672bc9f81d38da7d76ade0de6fbcb5da9d2abc40f565d3459f5c2a75c8f6c2fe79345ce4dfb7c9b7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ca4053b85a25957aca151715f1934ff9

SHA1
216575201621b0ac95dbd6250e0dbcce77bbfb3d

SHA256
823fca55ee9db4f7f0408197d401936c418bcfa58c9f299e6445dd9007c57faa

SHA512
7e2bddd6c90aee026fe8a02d107d9d5cdbe7e8ec1da421ca3fb3011ef485968b61a88ba06d82f2dd67a34b218601ab9cbd741a52a8e4f3f90b0c2f2f54844553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
65ebe22838db2d3cbb7d75aff83447da

SHA1
a67342b0046e7222828fd1b5c9b829175e6067fc

SHA256
3daa1c2caf5e64b2fd8a12e19b39020865669607533f9316eb143a9301b7df35

SHA512
ddfc3256f20e95816f4efb7ca1317d90a63f4da5a08a450d6298a22d5151edbe470b548779b7a20ce3a01f82bdddbc14527529bba483f1a08cb1bd1829fa17ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e18c1e0c3441487e82e6262dcac0b04

SHA1
3d12f9f6f7c2a0f2dc34f5b6e127e0e03e4ec9e9

SHA256
89b68c39e71445e9b3e7a57ed5dbce8e13ead347dcc58a5b8ebe9f61730fe97e

SHA512
59433abfa1b3427d36c18149a3d1341b2c79732b63352fb4c0828344b72744dc79025b103982629d3d2e0ca196b963f6fe2cf71831fc9c1cd4402b395b14f75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cde8bbed2440a8833a5f3a779d986cf0

SHA1
6f40d34ebe9bc2ec4dc40caf52a70e628d1ee077

SHA256
2c3a086446d8eea5b1a9f7f657881d7a627adccc275ad6e412ab9ad8f283b21a

SHA512
cfde7197a3ba05d07b20f1da9ba0fbe39bbb13ef08a8a58f7d0d650b7497b909d0b46cdbc657e7921711147ad8ed75b6243ee7d467dc7cf768f670f9b5a8c205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f4c0e85ada2cb9f35b4db3411a09e26

SHA1
158d1084d6e7a01d833c4e4f53a7371ffebd05ff

SHA256
c4c8e3b8a8c28024a0580be6c0d19c5ee671c94a0859d1de3636cb903dbb37c9

SHA512
f63aba549f261cac6f7ba025e01b409361f171450d5ebed362c351b760be3ab89bdeddcad23e5fe7e4ec516a14b2be14c845b0a32a9674e0a9195897a5be0e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a581daeca543412f9c6ef32946378daf

SHA1
70669a2081d028248956d697af1659d51104d39e

SHA256
622bb8d16334ac14dcba093adadcca8b2df2f01fdc11b97dadd6e3543b6be529

SHA512
f0bb8ced184fa99b10d8c48a33aab64b7b586fce432f5451425abf53d115a3fcaab3ebf0d0e96cc3b07eb707df08d41eb1f9526c27d35be24bc9b2ecf007345c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7beab39f3d9f48a5f3d188a11caf31c4

SHA1
e9288bbed3bddb7dccff7a85740a691528d0e8d7

SHA256
891f399312bc422f3955b60f210ff92e53723843a7b6146dd8a4202855f5b79c

SHA512
1f570131a49f24420535bf5ccd6f47f21097390c93e08169bc1553bc94d8f44ea734f54bae52b99533c8afc056a79d827f2bc82ae69a1d4e8ff667b79237d2b7

Download Submit