1a14234e4493178eb1a44ab4205cb0d540fd9b3dc4c519cd44921ee5e8a74397

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e03ae2de77514fff472810b2dfe7913_JaffaCakes118.html
Size

71KB
MD5

2e03ae2de77514fff472810b2dfe7913
SHA1

22f63c3eea07baa343201f51535e02735244f2d9
SHA256

1a14234e4493178eb1a44ab4205cb0d540fd9b3dc4c519cd44921ee5e8a74397
SHA512

819cd365026ad81c35535898100fba186cc3d3f5a8346f34ebd662e3e0dac4137c51f4e3c6a2f52fbfde1ba560ec96f18bc4c8767d72b20c906cc6bb70813b38
SSDEEP

768:ZlkDgOriWNcaSoagG0kFlMtgOT72S/l+poawwN1nNt/i29rM8C:z/CkFnOTA1Nt/P0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
3856	msedge.exe
3856	msedge.exe
2980	identity_helper.exe
2980	identity_helper.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 1160	3856	msedge.exe	81
PID 3856 wrote to memory of 1160	3856	msedge.exe	81
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 208	3856	msedge.exe	82
PID 3856 wrote to memory of 3920	3856	msedge.exe	83
PID 3856 wrote to memory of 3920	3856	msedge.exe	83
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84
PID 3856 wrote to memory of 4552	3856	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e03ae2de77514fff472810b2dfe7913_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9904646f8,0x7ff990464708,0x7ff990464718
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,3912360586583356589,9685506346630058426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a932418f3b0735619e71b15ba45bd603

SHA1
570e96df9607e984fabcbce08e77ff4bd4238706

SHA256
735e6aafd0a5ef77b04cd3de11388ac93812250e0114c27c6fca06158765cb86

SHA512
16387575f31852b689af62eb7d8cd368994739d22ed5be4007aa227e504aaf0d38147de2723cfc4e9cf47e3374ad27b994097cd2c32002da10e9516dd94af038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8bbb743a0f6720935bcadc5fbe3a44e4

SHA1
878c84d7cecebe77997b86b580212abe1df0858e

SHA256
746adca0b99d64b577205d5eb50420ba23702d604681550cad7df3dcaf1b4ac9

SHA512
8d4af293bc999ad4a9b7f980a6f5aee597946da92eee6360123d11a49f3783990e17ebb367eaf8c4d93311df400cf84a75283dd0ef5a082ae9736e9e27a7443f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
66d8ecf1f472089225b74e7750be716e

SHA1
41c9b6b12d859589010b04fafe97598b89f5fb35

SHA256
82a2a8fe74b4517764459f9d02929bf56545a1bbb381c3761d70a10c829de6a9

SHA512
57038c7de35b77eacc425d59648816faccbaef3cf95b5fd0fde525bd316e1dfe95e26bb601ff5fe514db76114b4de372b9b20ab6e41c6014ca702eb4a6b92cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20cbd7b5fb7f2ac049cb4165d1876423

SHA1
c5416fe2ef41b74bdee7612e9742b890b45eb463

SHA256
f2257f88e10bb46e7b716e9f8bc947526069557544dfdbe2a703df0b7b228f67

SHA512
271bced2ee92a45a3a70416a8d9538b1c44a971302033a75eaedd135d2dd249dc05638851921c3e33c9d425eb0f334412b222e343857acb7591d39b01094c29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d18faf8ecc32ca2ef2bf3984d07fcb0c

SHA1
1fd49175fb1c866a0d8a938393e74a1fa328f407

SHA256
4944a4d7c43f20275d83d15b802e901b4075f4918e2e92b4b911185beb7039ad

SHA512
89359ddec2491d32a35065b6587adb5757d0c7a9b3a0cf5161da0fd1971b91dbc5ab7cab05386ca0e0599d3a6637955418809c377a9ee5e78322b269e5a763e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e2430523cfb9d65048e8e1d74ff2fc3

SHA1
d662c2e2d515304ca7098fc93d86b82e4a442996

SHA256
ed34a77b1e8790b815bacc27937450bad33aa887da9599bf3b637b63edd171a0

SHA512
b7b7d87140d8367065af3de45ff8722475135f383773c9596ec8dda88d9aaa8550856c92c2629cc1569659723e5ccbbc6273fc6b8bbaf39210824c6634cfaef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
511bb17d2ccc988d25d92e1a711cd9eb

SHA1
8183e32459645c10d202706cea380297332ece60

SHA256
baa20e9cfb193bda02f977ba3662b0296a33ad81971be1e9a4b1cecb6b38ba22

SHA512
93c17cdf941c4f728ffc7712628102a99ccfbc541330baf37e00c8e76e12a77abb2f08f06b9fd3b3f1e38f9f065e2acf14e92c75a784760ef5c4b3a47f90af41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48bec3efeea2e105e9d1e5574b97374f

SHA1
9adb235fea13308b7d050d09a7c594f4989adbd7

SHA256
39dfc308c67f51feb9c0aa296f7a6c8aa0ff029536b693322471bbc91ba5336e

SHA512
b3d292036e64f77e06f35721f513adcb948be18256aff654ce5084f8bdd8160877379effd2edd661d416e8a70331a3017c123497627e8401da71a7a59b3b0e74

Download Submit