856612d51c4038a53434569991607acfb338db3596367fd91369a87d43b46b1d

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

337312b6599eea0b47ebc66c76686b78_JaffaCakes118.html
Size

37KB
MD5

337312b6599eea0b47ebc66c76686b78
SHA1

6d0498610b26bab82b56d30a3937a103ed1f11a0
SHA256

856612d51c4038a53434569991607acfb338db3596367fd91369a87d43b46b1d
SHA512

1a2157940643b75f3ed336514c62e61f1a3485b8b8aadf045172ed29071782ddbea60ca3286840868902fe33fb1aefa4db512075f018d231d58e62ad3058d4c5
SSDEEP

384:W6rc3Zd5m+eCS+16yLSbvKcIxVr+MxDg1Augh8Iaw+asXOn6oAk0jpPn29IH9Rde:Wd866yLSbvKFFzErgC/bXOs529IHrVW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
3716	msedge.exe
3716	msedge.exe
3512	identity_helper.exe
3512	identity_helper.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 4552	3716	msedge.exe	82
PID 3716 wrote to memory of 4552	3716	msedge.exe	82
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 2620	3716	msedge.exe	83
PID 3716 wrote to memory of 916	3716	msedge.exe	84
PID 3716 wrote to memory of 916	3716	msedge.exe	84
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85
PID 3716 wrote to memory of 1152	3716	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\337312b6599eea0b47ebc66c76686b78_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fe446f8,0x7fff1fe44708,0x7fff1fe44718
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,3267878542684118942,6896377562937633806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
cbb06411e9ac763c186d8416f378f389

SHA1
2fa096b37cb1db773f1420b9c3d71a422c90d917

SHA256
11267d4aa1eb8e09f0f769304d05d02225110a98c13a77525d114fdfb4aa5a31

SHA512
dcb4332f6f3f6e5f31d5baba3528a97a06e3d8e30ac229ea28ca679e93d88ebfb77b1a10c9a6b6ad95a232228e143d1c5497d37fb21d979c9302612326d6857b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f886281cc820c69916ab82833c4c2546

SHA1
1e763fe4b8afb2919bdf04865f4ddc26bafa1ca3

SHA256
04af2170beb6b16d219ee6c6e5577c2d803c08eb73abaa29d33fff27aa49a636

SHA512
15c2606fb3808df13d4d1b1eb90f702114661737875edce41dac3da2db22917ed885afeb8500d0e0b447db59c8df482aa070a8588dccf455e248d44c7680476d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
402626b7f6ece34077583643eb0afc94

SHA1
0b4800309dd8ce8487c67c86b51473c1e6635d0a

SHA256
73653d36405e622e394d87b8ffbfba6034ee6a4a2887c2e360db1f8651256804

SHA512
64cddab2a2ac7c35afac25789477eb7ff53c4a31111b98b7cdd9b18584069dda85451fc5402c81ea92342094a71dc663fd9ba67b6fc42240c831cbf561dc3bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00bc27faa97f639e57cc0fbc5b872d40

SHA1
fbc5a883dcce0e1afd94974681dd9c9189349d63

SHA256
e7d9811b36e9b460e474a9a4a6379b6913002f1a17a133d5fba394c258146d35

SHA512
dd0f86258bc7e6ea2d03ece389c420b5f9f4a1b17f01582b0407acba7be169022ea346b270f5ef10312ff155c0e54ec49628046786012da741334a708fa4eea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
faa74bfdd0aa283028a873f3b442c02a

SHA1
27d0612365038651d3664d4b6977d3c2890dd75c

SHA256
f8655a4af69441097be30e3fa618772ba67a6cd4c984a95f57dc87c51a684a77

SHA512
f7b2cee74e11bdce9963ee90430aa11f487061dcaafb6cd8f409c3f2b880a3806e1d68700957d9ad81bad80a80df793d5075cb26e4a5ae723a116dc11a4d403d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c639b2c84fb8992add1936158aa459f5

SHA1
86b2758fc22cf658363d28f65420d680a02219d8

SHA256
0e83cec517df1aec5f65d269fb6f87d3e29e41dc7594e5c93ee1c8cf39148e64

SHA512
9dfbfa64bd7cf812a5d74fae6d2f0ece018ecc025bae32ee7f60bee425b9159d552eecc2489bc761adf60f3252a46ac68f06034918e443e6e2c900495e2aef9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
704534d34f88831bb23cb8332c7da1d6

SHA1
52ac45ccf662e0d49f3d2dd10889d0748946af0a

SHA256
562e1f4401356a23b1e4983a95adb221d4c0216f8142e51a6b8c1621c7975096

SHA512
a53957a9fe9fbe91e3077980634701de72dfa500dc22c6961886ca90db34c5ec88153da3e628e7c06f4887df1f5c40859e390b01e21365c038c0fe9e318dd190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb8f33eae0f39aa14bf8a6c200845b8c

SHA1
30e6de5ca616fea30f60f476677550e31f5e6508

SHA256
b3e5cb535f4037370b4a6d1cda4532fe15300c99294903facccbb04e05164a89

SHA512
48f2b735653b57b3c8e9756301ea12ec8cb485ebe8d7a9a6f7995a64d9db129950b222fbb939c1670f7b03e7e904f344261900fc831ca30ca5d191fd270b6f12

Download Submit