8ace578dc1f0de5de33bc5b44005cc0029032b9426d1aaa39e3ea7ef3b402b37

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 20:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6c3cc3d6efa70997407d220955b1ccfb_JaffaCakes118.html
Size

190KB
MD5

6c3cc3d6efa70997407d220955b1ccfb
SHA1

22b883777336c990614d7d66fd111af24b5c9e8b
SHA256

8ace578dc1f0de5de33bc5b44005cc0029032b9426d1aaa39e3ea7ef3b402b37
SHA512

7ba02e779c40e2876694f5d8a3827be60f1fc1ce6db97e0cb387ce1359dd0a8818111c78353a4560b4df0f6de1f67adb417366064384419ae0d0198240f82158
SSDEEP

3072:ucgRWCZY9wIP3lFEBZNKDjEgORjlIlUlkOxYO42ZMalDCv5C+zMM7jWrSNBLtNtF:ucgRWCZY9wIP3l2BjKORjlIlUlVr42/4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
3108	msedge.exe
3108	msedge.exe
2968	identity_helper.exe
2968	identity_helper.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 1088	3108	msedge.exe	83
PID 3108 wrote to memory of 1088	3108	msedge.exe	83
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 3324	3108	msedge.exe	84
PID 3108 wrote to memory of 2612	3108	msedge.exe	85
PID 3108 wrote to memory of 2612	3108	msedge.exe	85
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86
PID 3108 wrote to memory of 1900	3108	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c3cc3d6efa70997407d220955b1ccfb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8539706359999262415,17059601535625645067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f4c4a4e-ff05-41af-8875-72ed6dbdfe15.tmp

Filesize
7KB

MD5
f1714f55b330d241a819e2e0f1bbef03

SHA1
f0466e90c47970305616d670929cb0d6f820047a

SHA256
0778777201b2fe58c9a5a66f79556c7720b0a78e02601d7f22c9ef828e4be469

SHA512
dd4b14e6f5a90e2025f9583845bf32965bacc3ad38288309c14b0202a09d6da1ac1546ac52eeab3eb13d7ad28734da5fbc2ebbc6c99c355b37452cc444cbfe4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50a3888c-a464-45a5-8459-14ae656515dd.tmp

Filesize
1KB

MD5
42fa3d73fe921dcccf72fd95b789c36f

SHA1
cfcba45947a5b43bfa5ef464ccb42693909d53d5

SHA256
08eedc86ca1cb892a211417c14e9c1a8aeca9c40c99a7aeca26c410f4552270a

SHA512
518223c63dfc38a2762b45520146d9956ddcb0399d86777a427d5a493df5d4dced8a6b9e014e2770d90b8c0eef42f81f94af96c6ee17d1b48c48cb522d178b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3171ac809e92ccb4e5e38896fdeb4b3f

SHA1
5be3358e694352608e19c42529aebbc9de36d411

SHA256
f77c967ffa4b82828ef72f2bb91361d20d44842742bf8c595cd9ff68ac8c1daf

SHA512
dc7368dce35b43e4d62b08f4e98cbdeacadc56594364c8a2dcdd8e515c77ac06ab8bc20330336d130cd739baa849238250540d2364a13ed223ba4454da18da3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ed7a6a8a56a22e94b438a3047940d0e4

SHA1
653eb360345b3a73b40bbeb7f1a05bdec17e6f91

SHA256
a862f366cb7e1e82c49cefc260b140bde3ad3e8f77784a6a8438babe099505a3

SHA512
6fc218b1a18a33add28ad69b74a1c151d84b00df58682a721d88bb46205931837ab7d062194333bf029ffd02e29d7a59c385153eef307e37c69b1bd63b2f8448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97b078b8d29b4b615549734f43a9a82c

SHA1
2a6a0d4502fa9fd83070b3502efa8b6a230a3ae9

SHA256
a61565cdcc92a0934f586cd358922fe08a8120cb019f35e6eb6226caaa856b32

SHA512
89142e175d4a20f44beb87472e6c4aa80ece8c063350cc6b4d033a95cfa771935f0f770dd8d8db668f5479645535f4e82d132e35729d3dacb6b27be998141a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6680021f089ea73dbcf938594e69c08

SHA1
6ae002a4cf362dddd95ad5568712161ee2a78c4c

SHA256
38d1f8e5c7808c0f1ef5bede48e494bbe5933189004d1d45ffb6084ee4537054

SHA512
fd14050ac808fc7ef0107da892cbd627e485697b9e7ed5e24115773d24fd81bfa46aba8b83a20c7be29c64cb25830ecefe6b1813815cb97622677eb9249274a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db8541238be58f2924326773d0196003

SHA1
04cc498ee52bf52b774f09d32fd5ecad9aa434bf

SHA256
a6c36c92dc96a1b14d344559d94e11dc62430bc76c4ea0e59579ec6bc4671cfc

SHA512
6501fb17a1a4c4d8fe25e75287049ed8372ac2fc07f1a682b9d82abd57a5faa50148ce95fdbfe00dac201ae6367e9c4f21a15a93fb3f76bb5437f8adf0212cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d371ac7414cb2c3769a8ddd8d6372150

SHA1
525a38ee6da52a3f9540bd9d9301f860bad28234

SHA256
b09fff42a1f9594bff007f85f4f3a2f0207097532805261776cd8a7431634775

SHA512
64eae041ebeb01f3d67ecd1ff961df14825dd99b2293dfbeac69fb932fa52eb3770f4feef0b811a99561b07c64d70d7658bcec94b72cd21d9317ac3183cf564d

Download Submit