e1b192f962ad0011fd4780b8d326e7f2d59b62a4d548ba1041cf7828b36e3632

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec82d56cb0d6fd0e31d35b75ffde99d3_JaffaCakes118.html
Size

16KB
MD5

ec82d56cb0d6fd0e31d35b75ffde99d3
SHA1

b6c856f68a3c28f9b90d1ffa9a7a7fb635b91083
SHA256

e1b192f962ad0011fd4780b8d326e7f2d59b62a4d548ba1041cf7828b36e3632
SHA512

e6dad154b3121c3584547bd701020ca7dfa1171e9daafd1818db57ad74130f62657c6aea9ef04be0ba5da75ed961020280899edb6e96fe650819fa014836c678
SSDEEP

384:SeUArFAJH1a3G4duZWx8+AzadCxk4pBrOMOsuNmC4:SCFQV6d4Wi+TRMOs2mp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
4388	msedge.exe
4388	msedge.exe
3024	identity_helper.exe
3024	identity_helper.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 3488	4388	msedge.exe	85
PID 4388 wrote to memory of 3488	4388	msedge.exe	85
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2096	4388	msedge.exe	86
PID 4388 wrote to memory of 2132	4388	msedge.exe	87
PID 4388 wrote to memory of 2132	4388	msedge.exe	87
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88
PID 4388 wrote to memory of 1508	4388	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ec82d56cb0d6fd0e31d35b75ffde99d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff858ea46f8,0x7ff858ea4708,0x7ff858ea4718
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7176522433546348369,583625958500288278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
5ee0252e2decbc463a6836b4644944cf

SHA1
ece04be6904d2fa53f47a5ce4441cede7e672530

SHA256
2d923fec0cef8f8685631958275c13e0228113cd9c3abaf8d78b73299b5e1908

SHA512
c242aeb360f88bd727075353e4fea4c086df02e3f6bfd8f938cebd85ebb72bfa31a46f5626b3c8a75f6d99ce616b6373f4fc6d98d538fb46059bc70423cefab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
c4b0ee1e170e9f1e35a4216c798818cf

SHA1
ad7906268074923276b6cfb27115ce22df1c8da3

SHA256
08b8000ae1cda17cf65db60f1df78b6a0cd2d7a6466da45be6e8a71cee350b9c

SHA512
90871aa7b04ecb9267562c3bcb14752fec4cf1322c41735a96dc678a9b17b4f7c63a143811f0680420c43ee4c95cdc9430f0ae72e9017e5db5a488d3d72b7dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
02d743f05fadcce6d656dd3a92e696d7

SHA1
b00c18df2bd4c6eb14ecae5b58e95641e25d7526

SHA256
22ed6da49630eb70d881e484b38fff60abb558e7a9403bce28537ab27e086267

SHA512
f919679421b522a99b2d3b80baf70e151bda204489b77f5fe368cc7fc031c0792b925f216a83d921785ed285e2b299c7a09375b78b49d9a5fdea4a4464f46038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a6741f6a224acf13cd42f4a251a85d96

SHA1
5e4904d33f5265ca5fe41928dfa168db53de6ee5

SHA256
77f25be53ec24225ed804c92b3ed6bc916922b540a1a1eb5899715e1bfce7548

SHA512
a38dc0d1bc68b01ec7105764628b784b8e480a032d881c4edc3f6d61ca6663a23f73099f79563431662d359ad4b07412e509f70737b50aee7562276a06da61db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd963339f05d09043d709ce626b102fc

SHA1
10914f13b5b72f5f5be67aaf29919a7d1a8449db

SHA256
ff95be36491ca1d68bf29ba1f8579f2fdcf16a052bf1da8ce3819e28600a0b11

SHA512
ef23b8495bcc995ac9e9db8f4f98c0337695d3734eb6e34f08fa75b38addbaba067ab944a22107c82bc0b63acf4122d584ab328866e1faf011da39093b1ec752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d63fa233d79c519d9d41f104c4f7e045

SHA1
1e897a5f0dee0311a4bad6a34026f196215ee189

SHA256
e97f45553384d0a7ce1f1707220fe19921571d0abb5580f078aad8b3ed78b22a

SHA512
ed415d9daa06d0deff4843b18bb65589e86b85963e052572741b964d1e81056208b8d1e03bba62c8e02342b9b29f71ce6990357ef577ddfa89fa6243701036b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ead52247a1aaa6593e7b534805a9bb09

SHA1
de9edda0262834f171540ca01343825b3aaf1fba

SHA256
bd46cb4ffa7c599df7f2ecce0a0d10d68fe66ffdfc2d9c86308b1afc0cb3cea1

SHA512
7aa6ddc88a2bc0b8348c93aaf9485c0bebf9d305e3c0edb08c77d7fe11459c64d4c3e612c395411c14b83092497da959e7cea4dba2370d34a25c7fd3248f57fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9745570559ac5b66ea843c3b2eea7bf4

SHA1
ddc78cd57098ab93b0d5db38d69ce874038ac05e

SHA256
8fc8e096c8ceba9c0c39426b07e9de8ac8c9d1a35c9fd4c12cb9f562cff53c40

SHA512
5ae41644a548f12970314e688e52757280fa044e85abf3fbb532cd92cc0796535fc80626adb8e72ab2301a5715b4fa8fb5dbb2b8fca7485a90ea36f7cf6e050a

Download Submit