de2b935388b0612e9910909dc889688bcb95b4ef541959c3df9c8af0e8d0ab20

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c7a6aaea6643befa9e4454b1bfec31f_JaffaCakes118.html
Size

34KB
MD5

0c7a6aaea6643befa9e4454b1bfec31f
SHA1

e00ce2a27ae40a73ed8724eceea128d2277a5b65
SHA256

de2b935388b0612e9910909dc889688bcb95b4ef541959c3df9c8af0e8d0ab20
SHA512

9379c39f02423858fa459e17c3e640a96d34a9f938d2547e7ecbccea7a2b2b2a428a9fd234d31bfd86666a136bcb91fba0467644f442786ddc24c4c72d209e13
SSDEEP

384:CpEQpWlnIceNYX3GDMTNh7ju2z4tJS18Mpar3U5NWu0W5xFEO2fvSsdME:CzQlnIceNYnzT3h4t42lzfJdj

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
1672	msedge.exe
1672	msedge.exe
4292	identity_helper.exe
4292	identity_helper.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 4892	1672	msedge.exe	83
PID 1672 wrote to memory of 4892	1672	msedge.exe	83
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3632	1672	msedge.exe	84
PID 1672 wrote to memory of 3944	1672	msedge.exe	85
PID 1672 wrote to memory of 3944	1672	msedge.exe	85
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86
PID 1672 wrote to memory of 4004	1672	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0c7a6aaea6643befa9e4454b1bfec31f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15f846f8,0x7ffd15f84708,0x7ffd15f84718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1819785686135129963,9910314793668351789,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4a777f9e70d7fc840217295916c7217d

SHA1
b0554e7815df0ac02d525e3e129b9ebe63f47f53

SHA256
45e0060df2712d5baee408d6ca829de8b2f6b61d90a8044a03e1b05bf4b480db

SHA512
cb31bf5b17c457851b325b30691a8530f842ccabfe1f46de6d6cab5811e7917be4f3f184a3d00b28cfea86bde4501ce8c74a5e1c8781ffcafbdcdb81508de426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
bc1d3574616f7f0292af36537ac350ce

SHA1
0d03546c9150a3c3ac882f40e223661234540b63

SHA256
0ec61332863de121d97bf4ed26086e95486f543e931b589ede67e6878f300153

SHA512
cb25508e04b2de5ae4bb1b9221d2a98ea3774b2c2df64481a3330ae8b53955e6167ab1f51b0ca45976d4deaec1d603dca160b0f7468ec58392dbabb730f96f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5fb250ef062a42c63d1fa1b9ea912813

SHA1
bae95511fcedc4638ea68e7d2162833530ca7a03

SHA256
e535b68eaffa5c5edb36df9c7437ff3d0897b2eba1ff95cc8527a8f6af4db289

SHA512
9c881f68cb30b8242245b3a364b4a722b590d3b780b1c11b2f43842f4264191055e84c3729f9bdca4180353830f52e0fab9d2f9b1b8d2412a038c6ffb42e7bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
524484f19b06a28d9e946c6375706f08

SHA1
1f587a4185254ca3da2eb7aa46b00f3ee9f9110d

SHA256
e5f9e8dafff85ebbdf8daf0186f8571956fdf822379ddd3745ec1cb9a1be8869

SHA512
23fb08dd4b3b20b23d11f18725f32b10fc4e259cb3e8b2e3b1a41cf085555680293614b73bb35e79b9adffa5cc16250aac364c3c0281cea57033d159746f3fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9076e01c73ef0a87076c098e5310610a

SHA1
e2f5231aef45160b1111590f97f2e42cb5587c31

SHA256
5802215c51d97a3cc748fed407591f0e56cbdab720dcbe0c33965647a0529064

SHA512
0bc5d96c441922100504fd3d1476ca678ea4be004a4827ed82dade984e25b304a3aa290bb53a8627ee92cd481b2da8a522f436bd1bec99e426cfcdd239609978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
524405df0c0bd349ed4db28c2f685026

SHA1
d377386b072d836e8aae1c62c0e724d4adc04146

SHA256
9485097975aeac44fae8a9a595a37ea0d938da0525c979ebde5f20892d72b28c

SHA512
2f68ef3c9dc54b7e5c134cfc5f4ad6e5864f6a9a46a8a1568e6435fe23c83f88feb96b4240d5d33bb4c1b72b547a836c257cd0e29819d33c210725c28eb86d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08f7034b03329a811330575b1a06552d

SHA1
9f47ced4217b91c349583ece61bfd2910504c209

SHA256
cd8852187502c1eb72fada7547b58be4c8bc66e297caa18ca3083dceab9653bb

SHA512
50a479b363b11d493836a375f111ce4638a49fb809878f0220551b8d358928ee20996632c73b0211f4e3458c2b56aecc227e870d16aa7209738f26091c100d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fce68ca2-5fc2-4466-bbff-f3bac9baec64.tmp

Filesize
7KB

MD5
b5e8671d151624cc8c1f47b8bf1a1fca

SHA1
3d04c663d92c52610f246cf6e531a4ddedf68988

SHA256
3aa4c5afa62db9b8a2757264e3d0b6f386869a874d8e64bec9bd75dc71f34993

SHA512
701978e3a4895a9b7ef11b8c5f6c1ec4b2b7044d9231b219346a63efea59a7ccf452a38ba32f5d30f85e61d5aaf684fa5c29725be6f587a984c04c17b97cf613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
80636aabb800c67e45ba8c963122f2e7

SHA1
b42a94d32c32a9c596fb5dc74988df3837813e2b

SHA256
7134dd5074d35d4adee5884e88f6d8affc1ac4dca1172a1485a007555c9ebcb3

SHA512
b7985e621d49c478c10af24d090a1c8f4bde26ef01443cb02414fc6cfb727f660abf5e0f6e1e13a610f203d381a3d1bd861c65928c58a3d61c225a0ddea79167

Download Submit