e32405ff8ce41b033900962a1825002f2b1d57063648f2c26c707a8196f9f046

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2062ef9e8db8030d9cb632abb9dbdbef_JaffaCakes118.html
Size

11KB
MD5

2062ef9e8db8030d9cb632abb9dbdbef
SHA1

2aeedf59e18e450caeb7fbb779a00bf06332a708
SHA256

e32405ff8ce41b033900962a1825002f2b1d57063648f2c26c707a8196f9f046
SHA512

b35523a38c90fffdedb1184668c3f4be2449c8c630eafcf679fbe2bc6c7a7df3c3516c8ae4b2ca5a4518d20d216aba4235f663a4dcd5ec6a288eb53bbf754f9c
SSDEEP

192:j7rzYpSnvZ/B8/FO176SQ5JmtVpwd0Z3uLdeNdj:PYAvpC/FG6SQ5J8wdIuLkNN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
2648	msedge.exe
2648	msedge.exe
5068	identity_helper.exe
5068	identity_helper.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 1488	2648	msedge.exe	84
PID 2648 wrote to memory of 1488	2648	msedge.exe	84
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3700	2648	msedge.exe	85
PID 2648 wrote to memory of 3216	2648	msedge.exe	86
PID 2648 wrote to memory of 3216	2648	msedge.exe	86
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87
PID 2648 wrote to memory of 940	2648	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2062ef9e8db8030d9cb632abb9dbdbef_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde45246f8,0x7ffde4524708,0x7ffde4524718
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9301567058461559362,6415384041363820986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9dc60aef38e7832217e7fa02d6f0d9f6

SHA1
4f8539dc7d5739b36fe976a932338f459d066db6

SHA256
8a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32

SHA512
18371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ac03b15b68af2d5cb5c8063057cc83e

SHA1
9b2d4db737f57322ff5c4bbddd765b3177f930ab

SHA256
b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700

SHA512
a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
09034ff9842c64017a4a5598bc6b250e

SHA1
0b4a2e4b20b8b57f6fb1fd86da5d7138bad97ce8

SHA256
7f27599e6110b16caac4e159398631147e1c8bc2092034d748d68953e5d3d989

SHA512
a5e2850f9c73576f75de64a37b46b6932c2cd908a6aaf1023e4cf5acb6a2db81009fd599811ce44c29c518e5a7215e7768cf49d335c1c71cf83df5ad6dad250d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a820221c04f4e2719af8b4930c72bc6a

SHA1
a2eacc5aa5d344a1acbbc3b47a2ad97de699dafd

SHA256
fe6f33b4d17ceb9aaf0aa3b6a9059f0d6c7db0c5c7a720545f21218042cbdb97

SHA512
b15537ed1cf8a5bf8e4a939437e03b5686756e2ec6da4e6ed57a65c5dd69cf1144133ecdfd7c0558113880ff23b9181670d74286cd6f40be3d8d79373d5a3989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec6bd02a653fcce2e569c7417db0913e

SHA1
d5cdf79d41215d3431ae88e534ec223dcec6c32b

SHA256
29c9e580ee6a88be4b9f4035f647298421309cd6947f5d500a985b8c9429deb4

SHA512
8c104091df8c043793261fb5f5ec0d2a30518689a084c0c8232f50275a968fc102d2ad9ad02d7f1eb7ca150e26d52e5d2ca86750c174c3a816d7057c7478f17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18db7e46fa85d7b6dd964856f1619b5e

SHA1
f15af6ececd3b449d4c1b9873a17efc59a4540aa

SHA256
fced0c8241e9453f9737c264963301470b991926f9b0461ad817450d1f3a8f73

SHA512
1f64f7b3171b4334ef3f932c87e04b038478c6dbc20aa17925980a746e4b98ecd3872a006476d69a703d37f99af2175e9f12795ffa66c42da2a21f92bcabfba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f3881adda8d96bd316e45cd3a25ae5d

SHA1
1019b303a0e5b2211e974526ad5ca8140d4c421b

SHA256
f6b55bdc9f71a9da615a4a26c4ffe9d452e4db871bdadbbf267e31a02e755e1c

SHA512
96aa75994b0b37b471d9856b5523595d95627b6688d01091db05aee98c86ab760225f6b3a9cee2af87ccbf5e88d105d3e39bd5422b2096c88abac7e6e7df63c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49e2c62855a311a189b931d944923109

SHA1
fc6d4e66c654e26776d713f8d8db4187f4d05c32

SHA256
f78d9af7ebd8cbf2a5777d700831d24e8f0e9805da2219fddb8566fe61606c72

SHA512
666f7f1b44767992953af18863519583a6613da9e227e30257bb0264b4afb64c7bed02f9d1180216593f8adae6cc889a6f563f5569df0fc7d1b9312f33191f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3638447585611459f93ae578580b655f

SHA1
2ca84f1fbba148678d5c1c34c0cccfecbe9e932a

SHA256
dede41dbbd24e7b573b8405e52750e43a875573d1ad19450010e20753eb2717b

SHA512
e4f2d2f5355fa3728ef0312b5d46f27f2122a357b3712c43d91db302afe960184e2f89ee8f2aa76b1ae8bcda55d2ff10547f8e0e7218ca43caf460a0b87cc9fe

Download Submit