1d73f63570c4d006c59524deda35658e0f8a98778c98ec0d3d1ad62e5f816967

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b731edb97f88183ffa119baae398d25e_JaffaCakes118.html
Size

44KB
MD5

b731edb97f88183ffa119baae398d25e
SHA1

7bf226649b38fdb8e75de345f77a5273832fb303
SHA256

1d73f63570c4d006c59524deda35658e0f8a98778c98ec0d3d1ad62e5f816967
SHA512

a2d899b177bfe5cac5bb967efb7c4ba98083a483c4d0c5c765e2bae8d2e8d6f5ee8cb8bf92e8c49c7e94b32cd46ee865e5d6d9bfe4b52384d14afbf10bc1e8a2
SSDEEP

384:au6sK3o0lAt3gMKw0Gc8PITHCZnmaxw89MICZKO0BCNaGWDlNc4k7KZ0/N7Ex/9Q:YlN8DhohJHyML

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
2888	msedge.exe
2888	msedge.exe
976	identity_helper.exe
976	identity_helper.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 1904	2888	msedge.exe	84
PID 2888 wrote to memory of 1904	2888	msedge.exe	84
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1012	2888	msedge.exe	85
PID 2888 wrote to memory of 1448	2888	msedge.exe	86
PID 2888 wrote to memory of 1448	2888	msedge.exe	86
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87
PID 2888 wrote to memory of 1684	2888	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b731edb97f88183ffa119baae398d25e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b8946f8,0x7fff5b894708,0x7fff5b894718
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18027296226007473141,12614647252620247000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
26f1384d426c8c36151789a5ef749321

SHA1
7bf9cac364eaaadbb182caf26bd4c36370e91f64

SHA256
d30f4e401cfea73a61a97b150568d82988c458ea547511e58359263c12690b16

SHA512
4b74fe02d696d4052a9ad5dad569a0570beee1fa76dd730ed0808b55854f49ac5a6d56d2d9234c8ff21a18fe44bacbc28773825dbb25d767d0794987f5f8f0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
eadd410be5b7071835742531e41b37bb

SHA1
943c6db29bf1e1c978d58b0809f4a968b3a598cf

SHA256
83f127f41eff14a4f7e80a58a8c93985e99f811d65f478edd2f606c53d3cd593

SHA512
8fed83539d681b479eef432a0865bad28bc3a486a87be629b50596f5dc7651044ff0fdf076d58a12eb96e1cfdef80f67154f50439230a4efe4f7eb0be57f94f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1024B

MD5
64e042c7ec757434aad5f6805af53b8b

SHA1
d3c9cf37655000cadc394aeb3991b5d638ad56b2

SHA256
5343ff3b165ecbb4ec6d91e323e32e889d18bd20264f4f218545e1d94883c9f6

SHA512
10b471250923f88b74d97b6a97859118cba63062c4263f8d177138f4b26c354bc864f717c896aa0dd6aa95812c2b6500b2a2286c1e5b1b590b1615f07a655f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4d9dec12f9ee2f8526806aec91c03603

SHA1
7a1bdeac34097ef89f929881b40cd62fcafad959

SHA256
bd2d944f93535afa34015f5f465452f67c101c841b3055aa7e91023505dbf4b8

SHA512
5c185a3d278f9d647a66838b6730a7b426d0d7feb88bfd50b6cbf014dabb87d859c2b973a64bbefaf2c5ac780a0d3758b2af3460ab64bdc962a005be1774b348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f7dbddf8fa13e8d1783006a17a5e2c4

SHA1
316fc6fa2eb1db7fcd296d5e3b52eb8c18710a7e

SHA256
9adcd573f121b232a2aa5d6885398639c48d6db35b4d87ec8e6e413838f987ed

SHA512
032217217d9c28694aea47a6a6eb2ee311349bf9b4cfa3e18cf78aef5f271c22697b42f7b62aaa7cb983c4283270eafbfc0775d17f7f917dd0477b3834625be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b76b04d2c2a8cc2225a2f0e032e77f17

SHA1
037d7316d9079ca1d6956c998a66987a4c02f250

SHA256
5d2186a6f52897d65903a12e46d4c240cc2043491c970eb222242ea47c53e9f5

SHA512
6de5a46ea65894a3df2be98c8acef1ac0ff50c644053c6da2b50f5a1f0601a40eb5e989fd7b187e346268968acd5de1e3c5b308b6eedc856813511b7f91a1285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b469df5d8e8ae0d5b54eb50a18f4978b

SHA1
82a25ea52db2d64d8e2aac9f77b913504049de1a

SHA256
2b25007e564980b70b102ea33ce34b5dc83e2cd1e5b05733f0d89c6dfed218eb

SHA512
f8a5c368658c3db3d36f2b7332e116ab670156127286a38ad5e44dc29f064614d5e654e85ca57855355035aaaf3fa634c73eac06b19b1dfd17f1f301282b2350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b435d9fe47e3a222245f2d81fd36404

SHA1
9299593c8fface4307c097b643ae6d183bd2ad65

SHA256
cc869f6d7ecea728a3c2693cd3025e8e748426c9200bb9ce9c4f3b7e9a4ea978

SHA512
f99f3cfc3587e1089bb243d30a3fa56fb563b29f8ace97a2ae5070a017efb3cfead5a082c7b2396da27cd760655c979dce5f1a41603a0621ec3dd04d177f265f

Download Submit