a9244def340e8a9e8e58a3bb6ec1f953ae8301220c1ee678ed98e56d53a0c5c1

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfda2e5af4949f508eeb335c48d77ea1_JaffaCakes118.html
Size

90KB
MD5

dfda2e5af4949f508eeb335c48d77ea1
SHA1

8e88f1ccdb81ae80f9a566dc39f5951f4cbf42f0
SHA256

a9244def340e8a9e8e58a3bb6ec1f953ae8301220c1ee678ed98e56d53a0c5c1
SHA512

392c28f23dedb5d543c7602f3791528e61ff85a5417cf1f07bd970a2a72a1f86bd4e00c2f12477562a718283cea18bd7aeb7f3e1de000f78805c98d8a9ec6172
SSDEEP

1536:32ZPMAP2VWHZMJNDXSDXTDXQHltz0DWORudT2jBIt:0P2VW5E+nAdT2jBIt

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
3460	msedge.exe
3460	msedge.exe
2832	identity_helper.exe
2832	identity_helper.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 3336	3460	msedge.exe	83
PID 3460 wrote to memory of 3336	3460	msedge.exe	83
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1056	3460	msedge.exe	84
PID 3460 wrote to memory of 1356	3460	msedge.exe	85
PID 3460 wrote to memory of 1356	3460	msedge.exe	85
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86
PID 3460 wrote to memory of 4248	3460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dfda2e5af4949f508eeb335c48d77ea1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb70f746f8,0x7ffb70f74708,0x7ffb70f74718
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,10343263780776600993,2513899364908206723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
249c525870ae35926c67966525075fda

SHA1
ff7ca26730ff081b3ddfcfd132e18b94dad5bb50

SHA256
9e0939cbbb33662748afa03d895f8e681f372e46957b7cd4dde10838443b53db

SHA512
e11eefc6154ad48d7ed4adb63ba5ecd565adb1ed8eeb2ca8a9bbfb93966f6505cbfcc81acee7b109db30c0f56944441a9a696e35074df398f837350deba94063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eeef2ed4c226366cc880895ebc207316

SHA1
d92c6c2f579b014867ef220776074c469f17913b

SHA256
5a20f1dc87da8caa4a7aa41c2164782247db7ef357d2eb4fe8e6c62d2a16ea51

SHA512
508234f9ab72395e56b19f57e4eb8c439ef1aa4faa98ca8e5a2c0ae0866418dae63a9169d0915a23b0d8e63b18ad16473fd832326ad075aec7ca6dc3fe909a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5ad1539d750127a5de4fb33c92b52232

SHA1
73bf7c53068bff66d2468a3fe9547893f4eebb3c

SHA256
c6066f3ba04b933e562881c4c8baad4a78653acc306d5e32a1fca8e188fbd9fc

SHA512
3e7b935967b4147ce25d337a6975f261da6450fee42ed2fd97b936fa08db8dc0c7c9ea0301e273eefc1268c87a20f78945ea834aac6d8a0773371dfa6c189920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b247fa1eba91ad9bd3b08095f11069ee

SHA1
b98b4f6cf06962424551f67747d2ed91e38fb8d5

SHA256
d42d16466b93cd21125586a4b00c552dda4d438d843e3c8594557be4cd750476

SHA512
92c1bb71d37c219a1beba7095f6a4e89e352554c58d630ff844c5b96de2472405daabe4d2f662af28679cd6c73254fd9dd9abfb5967fcdfeb0b5ae04752da00e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d81b97879f064bc5dd68eba535fe5bc

SHA1
33fc7cb03f3a8e925847bd09e88154ddb6e214d9

SHA256
700cb3bbc12d291ab47809c208e64ea43545c890110338da7e00cbe46598d0a9

SHA512
fb7ca8dc8e8b61cee4b45dcf91fa8807ab41d50794bc6231d9fe0de9267c055c02a30f487858728fb1df0b58e0d26fbb520b249681bc512b9c9978465988abb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
588694d98049e8ce92619362564572ee

SHA1
88a91a731cca1047aea1dd4ba5a4c14dae1fcb38

SHA256
b3a7d2f6868e410393b8fb884e427770658a81f6817cd9d3d0f95166dedfbb83

SHA512
2f3802e36c177c8b5d2d726fb5f9d451e389882f0295efcfd8cfc6025c8cea4331920b169c487634aea38591a0e6eb727c8d804963ac35f2fa7eb646164ffdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
add47ea322ca47b9084964cfb3ff35f7

SHA1
c9733a9ae7602623e8a03e5b3f0eae32a409d78a

SHA256
40b631507c0e1dcc2fceb847da59abfe100e7f08ed0e5359210239b69c3d5582

SHA512
5c8c78aa18f6dbe85a20c7efd49e197edf1a58c472c57060e9032f6b81aa3127c89efbfbbf3ac16367e183ead6ad6da4ea38ccf6b98b3067139865e622bdf382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1844bf9a001a5604d529ec8ec5c50709

SHA1
914a0160503e8054ac225f83755c7e3d02eac6be

SHA256
673634e3a4a28a770579e54ac21a3d5e83becd75542539aa6254d8edae9daad6

SHA512
3eac278a39b5bd792f37d931ffbbb276140b92c48d4eada514ead0909458ac05f96c62fc2b57f5ec44116c056a88e4a464885711104bc2dd328732763a933270

Download Submit