2e44514efee85d8ae1cfe730f09d93ecca943b7db24aae472c9932040b85f1ac

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd0c8bb478f274abd3b2c427ca2c2acc_JaffaCakes118.html
Size

71KB
MD5

fd0c8bb478f274abd3b2c427ca2c2acc
SHA1

1ca65b652d688a3a7f5f55452ddaef914f48fbda
SHA256

2e44514efee85d8ae1cfe730f09d93ecca943b7db24aae472c9932040b85f1ac
SHA512

fa6df946da1b8a067da179a39a14c446e5e62bfbabd973155d48d4939484cda3002bebd7d747a22dcb7e1e186b605e0f055b533e352d778f1b1c981ddf980a70
SSDEEP

768:Sn0hqGbIiP//mdvsYSgLj/DVWmTMYq8Dfr7Vq3t40MSxjfLD+PHgkyMrj3DZ+/V0:S6naIk/xtnwOHKwpm/kuc3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
4760	msedge.exe
4760	msedge.exe
1852	identity_helper.exe
1852	identity_helper.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 380	4760	msedge.exe	82
PID 4760 wrote to memory of 380	4760	msedge.exe	82
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 2156	4760	msedge.exe	83
PID 4760 wrote to memory of 3572	4760	msedge.exe	84
PID 4760 wrote to memory of 3572	4760	msedge.exe	84
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85
PID 4760 wrote to memory of 3432	4760	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd0c8bb478f274abd3b2c427ca2c2acc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbda5446f8,0x7ffbda544708,0x7ffbda544718
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9139075374843175265,4017840846134469212,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a9a479b42cf2692312353be8b2760e35

SHA1
fe4729a049ad9bac2ebb4f374cb1bd1bfef54eb6

SHA256
3da1d52ec12f37c5a5516e0fb2d757550c9d29c5a9bcdc6e6c475f6bb848e7ca

SHA512
043fd423ec3dee36da94b5330d8a09a485cc68e4625f5a29b87e464252b0fd1929658572e05e3e046e6c48073b93238594078eb31e2cf6a1fb7d886e04761f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
401B

MD5
8393375eb0d6e1bac8f08fc10221b035

SHA1
f01486074331ff13f8b716b40ff38ea233462d86

SHA256
86c56421d9f45c8b522f114b9fe920cdf9eaa9515a673dbb82501caaf81445cd

SHA512
dedc82f70f1d2afea9c0d134cd6324b49c6f932ed833c57b170123dda544ee94dcf98229ce1eccbd9294833848c73978c8116a2b2587c865a494bb4e05a311ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f055998f6e5d5ae38e1143b350afbb34

SHA1
4246f4c248aaa8cb7cee03f2128579cd041697f7

SHA256
1ab426d010ef1822d28800edc7fc44493ecc878e6d02a3048884778aca5e2260

SHA512
b0c6db06116fb6e9fdeb4059cea5efd4bc3aa7ca7a30c21982e7fe814507c9459893bb456de5984fad60bb8fb1a93fa2400f70605757a625b5832fb893fabfcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e3b115002e6b2ed1cf6180b1031be15

SHA1
1cfc101c9118bc8f261d4b9d942649460b93affd

SHA256
567593e3ba8738cbfc8c9b81cd35d0b51c3b6e33d722ed6ba54612eacd221833

SHA512
4bbd35459e16ab9ce5ffcd035b1575a99ef9f5604a210a2fa02eced384f41d57dfcfad837da261d7a8e48969641a63f75ade75d1dd9c06d3b453465011d43387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24778735abd4b7c55ff6653e217ccff0

SHA1
13cd433a8b4065bb5b27c3b3bb2662b222d2431a

SHA256
04c3bf44a57ff05552e37fd772bdbaa1f31f005c29d03abeb8d9e6cdeedbe418

SHA512
7a071d910c460d83433ebc2b3ab2e2eccb5050dc3f91f78d7bd2fa7afc7ada3f7e158f6699c26bfa1848f1841faefe1099832f2687748394e9e856481505005a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c03cf7278289979943fae5ff23047332

SHA1
5cec7e79cff74dc5fbf3c067023d1eb369388f52

SHA256
1cef2bbce3d11a2ddf8c33eda5598585232fc47951746d3ca2f8cc6e9c91eabd

SHA512
24aa23ed07940f22981a8ebe329b6000665df74b08775461f9d18bce883bd2a0dc090234c9041358d7ce84541091fe686e7a4ccc8c383f79d7c9880f0ef59617

Download Submit