e03794dec8f826914d4ee3d45a93ec89d33cab7d74fd70aa8207d677dcc315b5

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 08:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3eb6e43898bfc31f7262e0aeb37ad4fc_JaffaCakes118.html
Size

63KB
MD5

3eb6e43898bfc31f7262e0aeb37ad4fc
SHA1

cf8ae7433d69525765c99b589f2790a9c47c12bd
SHA256

e03794dec8f826914d4ee3d45a93ec89d33cab7d74fd70aa8207d677dcc315b5
SHA512

774f98d6b1c9c7f1d8986f6791f7fb04affd851bbd30e05e1f977ec176756ad69aef7453df38b2b92e7a46649dd6de8b4e0a4a1e8a821731d7ac69fe737dcf1b
SSDEEP

768:593IbrI4JPgG0hBUjUYdgAA/5OnwlHqJTD8B3Q8YPtX5YOm29SiV9:5938PChBUjZyAA/5OnwuYmtX5YOT9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1192	msedge.exe
1192	msedge.exe
2476	identity_helper.exe
2476	identity_helper.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 3956	1192	msedge.exe	83
PID 1192 wrote to memory of 3956	1192	msedge.exe	83
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 4040	1192	msedge.exe	85
PID 1192 wrote to memory of 1876	1192	msedge.exe	86
PID 1192 wrote to memory of 1876	1192	msedge.exe	86
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87
PID 1192 wrote to memory of 1908	1192	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3eb6e43898bfc31f7262e0aeb37ad4fc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff06ba46f8,0x7fff06ba4708,0x7fff06ba4718
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,192310847230402889,17758540847729879107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
e4882836e64c7f4a0db3102ca97cf0c5

SHA1
ab62e01fb61fc753eab34bb2656c2ab8c959cec7

SHA256
3cfb18b8e3740a8a2b8d2d51909d857e19fc65ca0c311692b4cc92a584a0ef2b

SHA512
b989a54ac3e19dcaad3b6bf92dfd5c9dfec839992ee6959daad334d9d1dcc663e90e179f18efe2108efcb2a7221316e63ad583ba8cf99c203e613f5e4e05996d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
78b3f392682a30b1b549a3b195b5dc8b

SHA1
cbe85087328e5ed16972f2b708727a6bbd9361e8

SHA256
cc88da5df7a1f9aed4b3522f334b33847fa682914840eee8b437ada19b3b5bc8

SHA512
f0de8e288a822bef560b4e9fdc6ad988827f4151dd8a095b88f9ba53c1ccd22b4b9d73187a7a571ef978a47777385bd4a150078c955e2a3a1b4e9e5adb08cef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8645cabfbeff126729116add57ac6b99

SHA1
c78324ec962b81a8e23895f65ec82560e82d22c1

SHA256
91a29633b1a8ede6572f7a41b5eb86025cfceb9e9c2757d5b48252467f7da3e2

SHA512
81f5fd3e436bb4620199a6823b646df7d26501f67046ff820d77eb2891f93cec84c89969f78c4cc3b890ef259569702355b3acea2510be7fc2f21b6472f53f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d70de0b1703b68b6f08d35cb0a78f2fb

SHA1
dd2be928ad0f365ef849b033b2c09b73ec0b7f39

SHA256
43765110b6865798c8401db4f318870ddd018b4c3a82acc43699ed30106602fd

SHA512
0872ea135ce76387de5fbb77cbf486fb52bacac2fafa22eae4e985805fb89677707eff51f14dbc84ef27a3a2d97aa5fabd95df2a2ec3a082e00c9481285c6912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71a390c571eb4533e563855d2fda1bb0

SHA1
8d3fb9754b94b726b08a864c28b0a78684b566bd

SHA256
4421a879a714bb77be159e2e4308ca4e7494a0e50a340298f263f3a96990866c

SHA512
6355ac88d0976f831ee397469f0cea2f6e442d72d431d6bf67973d7f13462d96180d2798e1b7415d2252de7c88b045d0039a7eb2562146464831c44364341837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf7ae555afb135de9607b98a860b9c6b

SHA1
cf8187d031d45dbcb0171d4961c594b3da17e0d1

SHA256
c5091972f6bac1a086306ba7b8660af0ad69813cb9c902893a276632aea76f17

SHA512
336c529ed5bb8e9a83795268a240644dd8dd488eb1c173fa7332fa5b84bea6ad64f1829de57ee79b0e9fa06276d7410fdbed400b36d21384f009a7bf2a5bd742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b82df8dd0115fef298270df2945717d3

SHA1
dbf7bc5549e3fd9d277235471a4e0fdb8c22c8d7

SHA256
28cd0d20b80ccf6c63231298759ef7b93b1c3d192db645389330403034a7c779

SHA512
5832c1e38488d1ad88947f3e90b2eb7204b29dfb8ffd32c09dce514b836ea7cb744d9acf8d779630ae0b35f6a9fe739afd5fb11b71bef7c2bf112949f6c93059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fe4f4bf969458cad342078b40c379eff

SHA1
f1275f5dd23beef574dde4a5769fb4296e178f00

SHA256
4ddadb51481c415562f1f7d955c1e854cf2d9a1def164829eaaf3de8c7f83f83

SHA512
ceeba7e42031c3ebcdb9d16a06875ad1d44fb97463e6b21744df521cff8627015e1e5439548f2f77c8d00a54cee1def727e619438facf37302eea15ba1526037

Download Submit