b746b73b7634486e555239e7c1c77b3dfbcb62b4bf06590e648303850b244186

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 05:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1fa1530790cb44d27071d0609495d2ed_JaffaCakes118.html
Size

54KB
MD5

1fa1530790cb44d27071d0609495d2ed
SHA1

c7a1ef0e7a7e172273871a1be7c71f1b4455c8ee
SHA256

b746b73b7634486e555239e7c1c77b3dfbcb62b4bf06590e648303850b244186
SHA512

1f0cd43760a33d9df35ad51b8e0a84ad00bc894f762b894463f96b394bc57e7697a8a50e458c90ddc298144c56962258ece1201ab73f8e1dd287265c12e1c353
SSDEEP

768:vPo6zq1oK/dnmQzJ53e3p7dg4Q6CelX1gLNR6EOJDvRPY3Yh:vA6O1d/dmsL3e3p7dHbCeHRDvRga

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
2816	msedge.exe
2816	msedge.exe
1056	identity_helper.exe
1056	identity_helper.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 4564	2816	msedge.exe	83
PID 2816 wrote to memory of 4564	2816	msedge.exe	83
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 2976	2816	msedge.exe	84
PID 2816 wrote to memory of 924	2816	msedge.exe	85
PID 2816 wrote to memory of 924	2816	msedge.exe	85
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86
PID 2816 wrote to memory of 432	2816	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1fa1530790cb44d27071d0609495d2ed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff44ee46f8,0x7fff44ee4708,0x7fff44ee4718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14450753828541433935,1375817651408417964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d7f78075f15b1ada3223c5ae8766660e

SHA1
0ca205a9456947d667135066aee480adb9ae04e6

SHA256
b7c09efc860c7c6591f8515b22ee8c91b37021c9c64d95aecc0495dd02a7889e

SHA512
5bfff2b78aae8d7949be9a3ed17153c472e5f5b80f26e48811ab17b06aa805423b6b344eb7fd04cb16b051ec9e652b4ea61a0b7e25927c745bece0cf8c3249f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c6568d7c81c0b5d344536a555a274e75

SHA1
70e949984f0b04d4b26d9150e66e6a3fdd75b567

SHA256
a5fe4e8225e27050b4bf61a4a6244ad9edb6a670125e4e77ac05193c94a296f0

SHA512
3d2d2bc536f7ea4294ecf491d3a94913fe0d904a25e282ecba9a31a9bebba5e0d487d9a7f88ac0dd33f10c69ca3f5d4cfbaad64dfed3e3442cac139a9db4350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3370a3c3b70634b985ba6bde8a784285

SHA1
d2f52a44e14569c4192f087944e5f66aab989c42

SHA256
d38f38fbe81304075bb3680bfca7dd484c42287223ac1ae7dbe2472c6706ef52

SHA512
be1908d76490a3c5507dd404bdfe3708af170bbe31db09ef77f5ddc85690706f104781927aba53b981f1c92fccb8fe01f919452210f275ee310f4b566f39e7fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a08dd184a5c4ac6824e04fa05dd35e59

SHA1
26339679fa280eca1c1a4bb66c45bbfd72cbf873

SHA256
6288170779cc611af1f7d2544833cf5a91460ca69d5f48a72dcf13271fa94bc7

SHA512
ebb0efc19a0fe7ee5effc30e3b24c3a717a84e0e1512411a8a4c134b31083c2f29488a55215db32932406a9f6da89c73d1213327019da79f93ab74f072f05e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02e69479fbd87f24e6adf057efdecc23

SHA1
c5afdb0abb3137f0a6f31084283fefa221872498

SHA256
9e77037c7654c82f84121790a494386c1835df8e7451e53565d5b7753f8f1049

SHA512
932063a5eb654c5dcefd0962ce6497e82b584649738cfbcc0d9e6a54c46287058788e91bde08ae50ed7ed0262d99cc3ed37e26bfbfe861c0be5b35f81e851914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bce55c13b660aec2196427e1bd07a929

SHA1
c9af289c6b0cd7f00b31c79765d3c8038305cc88

SHA256
ed0bdf006595983c41ce5397e04d5162daa3e486265833c2880d847bf6b8a4b4

SHA512
d17746afcf82d3f5b80acd183aead84271c625cf335e4c3ff1df5cc1ee516eefae2d8ce980a247c05c455ab3c450815a00bdb2e2191a76253983376ffb3b025f

Download Submit