5ab2914285da93ce092638c85de3d54b6783efdbea2e8cbc7eb319e7b291e776

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 16:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8ea3bb0d6e7cdb4708d498a1008bb9b6_JaffaCakes118.html
Size

186KB
MD5

8ea3bb0d6e7cdb4708d498a1008bb9b6
SHA1

f5be5a043353c080be32b48770ba4e60257e53f5
SHA256

5ab2914285da93ce092638c85de3d54b6783efdbea2e8cbc7eb319e7b291e776
SHA512

2230f343586ef583930d59128b5afc6bf03ba6e7bb9dc7549d40da0c3c16121df3f2a20e0443bc968e258c8a23370d98d1134165eee8b634018297873d684af4
SSDEEP

3072:rxDNvG8rm/GXmNJUNBV7+e+EOmlnTLIWVA4Pv7xF2mpR4aat6Yr:jVXmNJmoXr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
3424	msedge.exe
3424	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
4632	identity_helper.exe
4632	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3164	3424	msedge.exe	81
PID 3424 wrote to memory of 3164	3424	msedge.exe	81
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 3172	3424	msedge.exe	82
PID 3424 wrote to memory of 772	3424	msedge.exe	83
PID 3424 wrote to memory of 772	3424	msedge.exe	83
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84
PID 3424 wrote to memory of 2180	3424	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ea3bb0d6e7cdb4708d498a1008bb9b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fe446f8,0x7fff1fe44708,0x7fff1fe44718
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15231820880876993187,14751114289075400572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
9a8e538524054f86eb73eeb00e31424a

SHA1
35ab0fff51a81aec3f1c1ca6406dd521c09893f7

SHA256
28a27c07cccf1a8e37658352320891fc286dd15482331d2012cdf5422b5dcd82

SHA512
d8bc2dec1323bf759fc4c3e2a77b64b56d3d80676aa38c7386ffc650a762ebe1633d5a802c5d71c9b485348415ae6c22951b3a5e141a2f203f7faed1620d4136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b0c0c271a9edde1c18a52b37fe2ee6b3

SHA1
de63847d187c3171641876ecb8e01de4d86a6446

SHA256
ec39a29ec93d1664ebcad5394b7582bbcfb7ff96671e1e230c651a14aad49c8a

SHA512
1ed0aa3b66cb86f26b5873d4d8ad17e0bd1b40ac58967b6c4036a956275f02b1520380b0d74a44cee826f8d4fa73948b9f06e0fce06a6826d798e3f89458d64e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
82bcf4690e9c6750d8f4376cfd6ee65e

SHA1
085747ba03c1fdf1496fc51b0e88462d45141700

SHA256
8d078b593ef2ee97d60d456988703e57d524a0ba30902ca4a1a55d539065b5e4

SHA512
da173934005689b951992b3d838e2a376f30ae8a68d10ba7db954d825c71488994fe2d69d1111ab2ae980f3321ea8ba44be2ebb205058c0ee843942c1f4d8b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
df977a6b1ea0e35a5ea28b512da37320

SHA1
55aabcadb5cd02fabaf5e40f09690e80a17113e9

SHA256
d351391326f20e901a224d6c7a70eaa5a9be9bb05f4311e14cf33a555a288a61

SHA512
aa97044f5b731fd465b470ced2b618f288803dd42b260df3e88c8f24e8256c458bfe71a64a7b71f8f6eb97d53a54ae9d2fa0567f7c30913ba93fe656cbf9acc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a9a42f56c866a749fd45afbc618c40a

SHA1
0feae66939d92dd0072fce5346b26d2825136fbb

SHA256
5cc00d471b4b86f10b69bb0d8fae8afa08ecbdce80d37b6eb1ddff135021b406

SHA512
63a0e64dbc176ac29aad10f777cb9451b29cd37bc0dcb1339973459c8d605d46aba2e987838f22fed0cef0c5228a8c00dcd530c5f42a680ac043cdef4fb25708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c1ff049399a7354b1c8368b31cfe1ece

SHA1
3d195c8d6f5805af93393bb3b510175c11bb177a

SHA256
997e275cde28d20b6f36f20cae779644bd64c552daaee670083d222ce684d3dd

SHA512
4992b238ac056f5be50ac167c97d815101d7130d8a2d11fe943a4c973e70e5d348b61c3eac69fe12da5836cc71dd2aed8828bee8f28113a5243954e301a9294b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4b38cbefb0ab5e8f7793ac23ff54e8f3

SHA1
cb2f627961b74f5ee90e43ee19c6af863c2fdd49

SHA256
d43ba3daf5f5b1010289a1d76779efc53d8c368213e747e0d3470c3a501eafd7

SHA512
b365d8ca05167a1c505e34087cefcf21078a82fbdc67bd2597e45e42d6646fd066e7bb8e534b6fb89776746b1cdf11c623c2f2bf353ebe69028c375c10ed9caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd4718a5be9e25a367b231fbddc33092

SHA1
d37a11d073ae69a2d2a8967c6caa4a68524cb990

SHA256
ce9a96b1534868abc36622006fb914a442847c1e9dfa089db8b0637a2a54e223

SHA512
3a239dedeb27c16e490b499044b3af3cdbd79c02795b7ec0668a1dbaf7fcec99731f6678a8fa3d71e56f8b0ba5353cd0ac46758a8772c255ad3ffc87bb6694a8

Download Submit