0aa35f769737079e8ee480218aaba88d2e8c23ed0ae1a60bbc8416c566375205

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ed64113dbc17ae0d737551f17dfd18f_JaffaCakes118.html
Size

59KB
MD5

3ed64113dbc17ae0d737551f17dfd18f
SHA1

af7ae11eccf0c7a163310c690434674d5ba2b11d
SHA256

0aa35f769737079e8ee480218aaba88d2e8c23ed0ae1a60bbc8416c566375205
SHA512

ce5b5625061e4ab6568ac453fbd5fbaf402f1ba907a63291b376f40c3a714ce6a4389f43a6adf28a3f4e0fd0a65fbb526b8203fb7836e4fd8fa29cf751cad7ff
SSDEEP

768:vVT0EipBhoieQWR93r/sutWhFx+hm74T+hUJbVcU0j:9TupBhoieQWR93r/ftWhH+cT2JS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
3632	msedge.exe
3632	msedge.exe
4236	identity_helper.exe
4236	identity_helper.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 2764	3632	msedge.exe	81
PID 3632 wrote to memory of 2764	3632	msedge.exe	81
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1888	3632	msedge.exe	82
PID 3632 wrote to memory of 1192	3632	msedge.exe	83
PID 3632 wrote to memory of 1192	3632	msedge.exe	83
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84
PID 3632 wrote to memory of 644	3632	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ed64113dbc17ae0d737551f17dfd18f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7054196405910019457,16203437472478894413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
66642ee6c49d168f1136e4150becbfb8

SHA1
4501eabc8fab4cf969cfbd203c2f8f23bea3e252

SHA256
8293318101563827a2fa21601fabf73cd06c7e868ab1dec0b0a3865190f0de48

SHA512
03fc66f1d115fd86dc71f847af9e1254e32a433aa816f656363f06231111ecfc97faa860d31268ef554d8ae3bc79589924d21571faab279855dac64fddfdf0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c8a7128410cc48507cdf70142514c75d

SHA1
429c3d52ace5a0ef8fbcf58893a65a77db24253c

SHA256
d18cb5db209bc505acebbf0e2ae0a5b02ce54894a03851aaa2425a949171e088

SHA512
31ef3dd5cf35217f7ade97055449e733ec951dd45dba18c13dbf9db4e47a1f2126b28ae49933d3132a80d44855aab5833f145cb304b9c1827cd97202fef27998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
350dad1e32a07c1a1b1403c2752aa299

SHA1
8fd4afd285eddc3c6a96e6b9e0222dda330138b3

SHA256
a1b8266c3dcf979541d38f0886ac468bb80411478ffc568c9e49f307bc871599

SHA512
4f38194498e029896291ba94f8d32af58c16bdd64a26a1c1446ab3ff34dbfa287c073cf9b8eae6c67917dc32a40fb96d17bce872a12d61d2c8036e65a47514ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc205afc2341ac34432f4fb7d11e7fce

SHA1
cfe91d5f1f8e004d612a2721ab843737a59d9ff0

SHA256
4a933722dd1c84527837c57483f038403ee033b4c4fd4c90c3e0273b92114f4c

SHA512
96d3e84b39807f3f9d027d33768c12d6b18ef32038ea647a9e11261c2f9ec7d845e1f651208d7abb0f7d2526d94e64a5ae3385413f9fd11f9339f5caa9b7ea1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e716859246515a6a22a1c2b9c961d0ee

SHA1
1b8d4cac540ad3660fa0a1bbdde9f06693b53480

SHA256
5e9eb7316c788dbc3862aecf7b55ed0bec55e0ed74cfbe52a2218e00b11e83e1

SHA512
5d429f16c31ef6e0829277b9570cb72817697cf77eba091b256b53f02c974351ade299b2881d7f303b0128ea1d427bef8dca59b489ab0d5e1c6139cb7192a799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb39c34ec760c2ffe0783f6b5f0ce792

SHA1
2e45b6058924359a7e56fe4b7c0a70a05e51fdb4

SHA256
6d7e758677e2523900ce3c6b7cc5f3ed34dde413f65f43d511ad396368efdd5b

SHA512
4df7d6c19267fdf441cdf003cfb959897f8b18f8bb57acb33308caa1d09f3389f218ae71bb0728bfbd12ca74cf681cf66c3117a0324f3d8c40c37e512b6f7413

Download Submit