43a8b739b3aeb4a018725b5765b4181028d47d76b5396b6f223544bb03f930c5

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c844fe53a5b9f1d0cf62dd2f92f1f4c6_JaffaCakes118.html
Size

118KB
MD5

c844fe53a5b9f1d0cf62dd2f92f1f4c6
SHA1

c83ebef4b4d0b60d55291f7796daeb237d95aaf3
SHA256

43a8b739b3aeb4a018725b5765b4181028d47d76b5396b6f223544bb03f930c5
SHA512

59029887a0f540e3401e1aaff9fdb6c2071f32457c008958c33b9c5affebf54fc16a0773c62bf118c7fa69364e3a681bd9fb8975bd46ead0d74dc7daaf327bc6
SSDEEP

3072:+E2ALzexRM7NKULf9+hWL8u7wui6Zb7hUCloczBlHje:+P

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
4800	msedge.exe
4800	msedge.exe
864	identity_helper.exe
864	identity_helper.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 2664	4800	msedge.exe	85
PID 4800 wrote to memory of 2664	4800	msedge.exe	85
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 4408	4800	msedge.exe	86
PID 4800 wrote to memory of 2224	4800	msedge.exe	87
PID 4800 wrote to memory of 2224	4800	msedge.exe	87
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88
PID 4800 wrote to memory of 844	4800	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c844fe53a5b9f1d0cf62dd2f92f1f4c6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffac72346f8,0x7ffac7234708,0x7ffac7234718
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11765479662243288072,100610586801030439,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
132KB

MD5
0c64565bfe2f2cce29ad1286489f5213

SHA1
67c237750c866ada366f16b82cdcbe6d2f15e558

SHA256
6946e80b40cd4062d31f049f4305ec4c0a1072733b162763bf9466dac7a2f0a4

SHA512
3b62e27fcc8c3c2817b0ed1dedc7f6ac5ffb492083916398b3a580aa51fc2eb69563a4a1195ee3328d7e27902fceac83d348c8acff71ec3f2db6d7ec8464a6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c04975182c96098cd09964d0c5784c87

SHA1
311c99756c16e198ac19c47826c3c0e1c8830ea4

SHA256
43b321958aab0364c6ed0285000df901f5ff74f0d22bf0b6acbda5780ba5f1b3

SHA512
f277ad9f4752b51839bbfa95c1ea4f7dab24afa89d509776cb6661ce788ab21a674c946312966817438c00519774be422d5d8b7623a400fd41c23d92bdd41c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
444c91ec06254f40f0a7b48b6837a3fa

SHA1
b109051d6f869f77c96cce65bfc046fd75a9ee22

SHA256
c00a31006e030438119ff0022c7e9990f3c44594031ffb31683b67ea716dc2bd

SHA512
ea9d104a4743ce71245aab625cb2427fd41ecb8fc2f5750faff4b311a573323e5614e4c94bbf515858c989556dc7e342dc6635bf024ff75a69112bbd32d55dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b72a49d56363c706e5e49d101cd66cce

SHA1
16acf344318f1faa494adc9c77d69b834f02c88f

SHA256
15c0c8ee0e38371268075518e0373680adbd54f9eee9627f2123e8970b1356ae

SHA512
1abfc9daa39f732d64f8d8a00e24e46a8c3c34e3fe6695394b14a25e92fbe657177eeae39b03296e7b08c17fcb9a02dfc8c3ec904d7220db1543aee8c190f8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
51566bacba133b6a5fd6ffaad2623a15

SHA1
b5e8a389405f5139105a663b65f01872a2844585

SHA256
de7e69c99e2c2295955da8c8fb2a9e729f6d0a6879a6e0717d16c0244c457cdc

SHA512
2a393ebe1ee90123b2c837fa714f3f7c499d3bcd69be8e5efdcef609caec565a3301782f86fc9f1ebc1e7ddf08692c13e7b48acdf6e72f302f2314356d0f14a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38b93576829ac27a2d9ea1c59ca323b1

SHA1
2f44901184f7baea91d28bb0efe55c96253fb135

SHA256
72eb1a2ce07b53a0848ea65b340094962538c2ef04558af0792e7c0ca8d49e26

SHA512
2944ae34da2d54392c17c6a2935146e9dbb32be1129a482ea31c3c832f03750522ae84158489cdb3dd7fa2ebf8a83a0ab205802f4abab362ebce68ec6f35898b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f549caa787575c49c59d74e7c4f8e817

SHA1
abf05ab7feb6ad7687f4d01dc97f1feef20b9909

SHA256
83f27d8a39dcca14033a50beaaa52575698653a14eb9bb2b16efa4027d3d5671

SHA512
9463ee2beb0b0e8764d1a8c5ad1007dd3aadfaac5f3ac2101bc9f2f0f8707f99e4f22f7e70552fd172ac7916d3b618d04092c890895071cbc0400ab4d5c3cf92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c5ae7a66782349ca0a3e6020fe6792cf

SHA1
04326415096a2c037dec6eea834553bdbaff0e6e

SHA256
4a70df4891bade4af7ea92807484c2280b39bfa379205e8d7d6c7cdcaf0d5568

SHA512
10f38061c4580320061b9c2ca05d93c35a27eb31cf9752fb87301e6d752706be178fdb21f07a3bd9ec2895da328b4cce3a25c247544ca8432880a85043125550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b91beab3db483d038a479af4439902e

SHA1
efe152f9f380f21ee044313fe46a9095ad287fc7

SHA256
e93a28a0aed0b3db36a70a7f1a16be0fa5fc827415e48eb3522c444c01f9d62a

SHA512
280e980b359d092d95adb19612db563f01baffae43db29ab46c26b3a522d2a27fdfd0077867f2d0a3a3cb865ad2bc689554b172f8fab3251202394f97d394375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec1c30c42bda6478e509771508576a3c

SHA1
0c0a242d586ee27ee6587718a652746ca982185b

SHA256
60f3fdb7a8c889a88283c3dec4288235fa051a5f6a86dbe49cbfaa7379afa6d2

SHA512
72c0aaac4ee916d90fbe02fe6d53267da00576b297e61d7d046f7af5069fa42c86e05b38f15ddd7a7c76ba6784d2a280c21dfc54e853085d480d395a687f56bf

Download Submit