7be6f91a8d5080e35ca7d2b0b4453d604c2cf171724653b1dfa8781aab4476d4

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 17:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

50941d7ecd3c6ef35c9cf651dd084e39_JaffaCakes118.html
Size

41KB
MD5

50941d7ecd3c6ef35c9cf651dd084e39
SHA1

c415a6921a1f35f211f97bbfbf09b5d5c45e7176
SHA256

7be6f91a8d5080e35ca7d2b0b4453d604c2cf171724653b1dfa8781aab4476d4
SHA512

b748d53d885b51f8caf79e10b7945264a746d1eb6e061da993705d702a33e49e0deb64fe1cf1e09b38a282e8cc26c6844cbbbc23477dbb5eb5b8c7ec96390a78
SSDEEP

768:SVdiOVsJsrwUIUwU3UlU+U6HGcj64gfupy9wZSSZNMlL:SVwOVbrnfnk+J6764bp9cS7MlL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
2392	msedge.exe
2392	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 3872	2392	msedge.exe	83
PID 2392 wrote to memory of 3872	2392	msedge.exe	83
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 3932	2392	msedge.exe	84
PID 2392 wrote to memory of 2784	2392	msedge.exe	85
PID 2392 wrote to memory of 2784	2392	msedge.exe	85
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86
PID 2392 wrote to memory of 2064	2392	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\50941d7ecd3c6ef35c9cf651dd084e39_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80fb846f8,0x7ff80fb84708,0x7ff80fb84718
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1436 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16745450205680970776,10452951949456435577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a03bcf7ca22a64674ff7e08119beea78

SHA1
8032d102d84d6e0325eea11ea854da0890384317

SHA256
7f3625d5df5de1e573a3ad0128f318b3b8974dec8e722310969c48245cd95c3a

SHA512
b39203b2b57c0f519c6e8bf3836319e8a25849d89de6ab7b689899a5f57cfe8b117dadbc96787c5a6da9e1a25aec8d596d52e3ab4342c8c56dc2a5419166b1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
885B

MD5
03e81c4c824985573e6e76666906c977

SHA1
36476009666f6238907a5187165d66760ad7805c

SHA256
41796100ee781d9edd1cbc0c6dc508ae6821b2507090de6ba19836e70596fbd2

SHA512
da15d3b1fa6043edadca66681bb1d88945d2b0ee99cc4b6ab6541de62d809edc36718b82afdb4de2517e04d201fed26a0281bfc582102f94f56c5381747b465e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
947B

MD5
a27f28c16dc4666a053fd617ac59eea9

SHA1
453f6c16fad1045442415b0285ccf1465e0b4db3

SHA256
bef4d8f1ce849df40d40e6ff5cf4ae792e4bba8532f0e82089fa43e24a1f1395

SHA512
1c91701eba6e86674d8220689a4debbfaf49afdc2a6d14d1964a62c52719b6b7c65045df3a76a61fd760a6c0866cb025a38b12ff92c793e21f5014339863e5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68ce6f148d4a19f4775647446981ae5a

SHA1
8fee33056fefcb4aa76c9ef3db07702ce15298ba

SHA256
e1711c6d37e0831248dbd8555a8a1c3638228ad8a37a91fa6420ea3147334c27

SHA512
b812e4f149fcfa0945504706c8be956e6d8419e5c22a5b136e391e03b462e783980e3b074df53c974a7772d00f0fdbde463b3c6c55d33cb19d753eafea86d84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e318f04bb108de971139fdd56e47e628

SHA1
1d35b405a9977d161c92c3e9aa88cd69459bc790

SHA256
04af28b36193fc31eb11383b0494ccb9a88023589a786447c68b4b1878ef8502

SHA512
01b18aaf27fdb4946d1ee0c3f04a0833bcbeffb826d1b786942acae97ecf64cdd68217e8d40ba9f7a6c98c3804e40594b17e7143f3d3f35d30e9bf6a0ddbc4a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b129d64cae223f365c4a814cdbbe9c99

SHA1
5ee29c9ac69d34ea32b2e9bf79b725d442f78ffc

SHA256
bdb30c93aef683cff392f108264f6ce8303a350f1b3291c6dfb7bee979961f02

SHA512
7811d8690f666d95eb51d144fb0330c1edcd8f7d974ea4bc6cb5170bdd60e41ff1c59e2a70868200a6e82b06e2745daf9593e0212548728a14782d31dee038f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9716d2e5e683a770a20948da85df5a86

SHA1
3026e45d033f5e57e09cc2554f6fa79bd5a62eb1

SHA256
e6cb597af8b80430b75bac909eaa9940f8cadd160acdbc58cf531607775d665a

SHA512
e5770b39c5b7dcfa09b3a4ada1be49105acd68c95d840554783e7706038dd0c944fcd18e8d5e01aa08a409628cf413d98ba4d0601f1bde9d374f1d7a8f3ebcd9

Download Submit