31a6898c969f54965c095d1a70eef36a9dcf5e1d6b9871fbe6c3b069ff188360

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

285c3fc1f98e423ebc4687c728d01ae9_JaffaCakes118.html
Size

41KB
MD5

285c3fc1f98e423ebc4687c728d01ae9
SHA1

4ef88fd3d16495e62fb20164a37c3e07992efb27
SHA256

31a6898c969f54965c095d1a70eef36a9dcf5e1d6b9871fbe6c3b069ff188360
SHA512

342e673c35c9e48da44b51ee249d763a88fcf420bdb2716f93bf5d07540c8816c2fa9f882fbc92b0b8c70375810bcd2fd580242d543022f85dd269a1ce620131
SSDEEP

768:btk4NfQAyOwgxdJMN9wsamde+MMAaVLVnVqTDaULZ/7ECLE7KT1Z+482EgZh8hs5:Zk4NfQAyOwgxvMN9wsamde+MMA2JnVq7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
2892	msedge.exe
2892	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 4180	2892	msedge.exe	83
PID 2892 wrote to memory of 4180	2892	msedge.exe	83
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1080	2892	msedge.exe	84
PID 2892 wrote to memory of 1496	2892	msedge.exe	85
PID 2892 wrote to memory of 1496	2892	msedge.exe	85
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86
PID 2892 wrote to memory of 2032	2892	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\285c3fc1f98e423ebc4687c728d01ae9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92c546f8,0x7ffd92c54708,0x7ffd92c54718
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16910006867456654489,3770871370591435462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1376 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
72a5bcc066c1a64bfd0a69f44a07ff64

SHA1
0dddc7285f80f05c6ecb470f7694a1919cec85a2

SHA256
5fc9202a1477c91a8f51911fa4829fa22f94b137cbd36528d2b46c279d076cf7

SHA512
ba5bb858a8e18506e8c20dae72de741aaff57d22434b28ca80f0a9614352ec5350321daa7e352bc25da5c73f230e7120d7c1e1719f7bb39145f473c5cb0b9321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3865837a96d10d8fff557e78b7424e4c

SHA1
c5064b9d4bdeee99c81b43c80b95c6e67ea22cb4

SHA256
a1c047bfc50acc0111f58b863de5ccdd3bc173cda40379e48b86ae727c0c6b6b

SHA512
261c30b9f9a03a423ae7e579ac517c5687dc2317b524404fc843236fb913342b614005c151f2135e14f24206e99a9e5035c143cfd163e52840b27e780dd51ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
28a22c7d7b04d086e6a4d8e316503a85

SHA1
12966eba36f8439fed335e144fc200b96424cb9d

SHA256
ef22eaa1214423e5925db63dbc70b69de2fa96cf3903bd16734bd0dac42a9958

SHA512
f35571581a50aae4ae7942959ad62c6d9b90cfd18b6ad66d466a5b69b40889f93a208da713439101034cc44b25fde20057ce913618bd07ee26939de67e4b4219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4fb951911218bd0cd1b842feee99409

SHA1
62e42a820f5ce89f2efb3cd7c6e1ec9de46ec8cd

SHA256
c3da8dcb5bd56d8ecea30abea36d6f78d3ad9947deac3ee6c3f0c32399bc8aed

SHA512
da4468db5bfae88e5882dca0b128425b828b6b8bb4cee112edd94a8236ef7e6cceeb38034b908117e618a2e2ffdef81fdb644dff1ed06174b62b7aed7dcdc7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc6a5985e1a8005b68f9116678b73257

SHA1
4f484949dba5e29b9132c19e9f767e66746b318f

SHA256
fa792ae754b1ed001532206a3f0572162402d970285c891770e8f219051ac12a

SHA512
56f970e32fbc76d6f1bfa135914262834702b7706d5f354854d9c01360db2509c278f83d55a23c507c4eaed8d39e3f6bd8bc195466059af7b5ee686e75952980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45e9cd66dcc71ee85507c75d28c44520

SHA1
6ff58a4302782f7f7e94251c46b537ef893f1aa3

SHA256
6607584c123f1f4e7c761be74619a585953a38328ca0dabe75b44304be97165e

SHA512
0482a280e6c4023f849c474bcb894fd958e620d282e1d587b8624f6e7f8cbe0c337e278eaac273641d6966f5baa45c21fed99be50b21e0f827bc244d2b0cf95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88e916c97110a16e1ddfd76bada38d2d

SHA1
6052e263206ce8dbbf1feead3c38036b8f585f0d

SHA256
20c87ab5238884c60aeff3e822cf3e94e22402eb22473bf6f003eda9c4f4cca3

SHA512
a299947f85b385d9d741f5b3b8b6a7802127dc8f140405ded7638bb67b7a6ed7f145c3e5ec1c1a0007ffc424190545cb216ee0c5f78f320071f7c74a06fceca7

Download Submit