54d077447615c8f6e84f5ac66b318b1171297a8ea986ef70aa26fedeaea34a05

Analysis

max time kernel
147s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b8f21e172b0343ee89b5d2ca9be1448_JaffaCakes118.html
Size

221KB
MD5

6b8f21e172b0343ee89b5d2ca9be1448
SHA1

905bda77bdcdc089190263c78d29d5737160ce90
SHA256

54d077447615c8f6e84f5ac66b318b1171297a8ea986ef70aa26fedeaea34a05
SHA512

a4d74001476d3ee2653a34f6caa4fc5b4ae4e79247e334bb4329e4c070d722b6111e1655239f9454ccd6f554ad665e4e92f7809e3b958b43f9dfe4a0ab693ffe
SSDEEP

6144:2BHcIIIs3G4k5QhL8atVZiVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4RO9mge/bE6zbR:ocD73G4k5QhL8at3iwMIsuQyf5bTM+Mo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
2968	msedge.exe
2968	msedge.exe
784	identity_helper.exe
784	identity_helper.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 4696	2968	msedge.exe	82
PID 2968 wrote to memory of 4696	2968	msedge.exe	82
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 644	2968	msedge.exe	83
PID 2968 wrote to memory of 940	2968	msedge.exe	84
PID 2968 wrote to memory of 940	2968	msedge.exe	84
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85
PID 2968 wrote to memory of 5012	2968	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b8f21e172b0343ee89b5d2ca9be1448_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab54046f8,0x7ffab5404708,0x7ffab5404718
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10117128628620642901,6640521393495163459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
62da91cbccb7854b1f5a286e54df2477

SHA1
15f30ea89ffd9b06603f5339e626a3fd7a268813

SHA256
654b21e7d5bed79e54b5455b7fd5fbd91cf1c0174095968f3fd9562fb24b2c1e

SHA512
8950c116d2544bf3007fc6967c8ee76581371d7ea129f0273d71addf9fb229cce9c5fbe8e47b0c1a390f7c9cf2c3e096eab08fc947d4f3dd053643d6d0dac961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4f47aabba08773f928b9511034d01635

SHA1
1051d02b54891d22d9b3044857694a78c45aa674

SHA256
32aa4bd4363809484ccdcf6cf37d9e2b44770e0c5de1f199cd643cb8c0a26b0a

SHA512
fd87a8c7f94f7f9e1d7599457ccb9793f644d461e0ad5d6ae74220cf376110ff994ee62cb8c2a51f6950b8f320111d174437ac0913df7ed763ab9ffb61913c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c50b2b6075a8682c0c2396b64a50b78a

SHA1
40b4584939622a33ac76a0b713f2a79ba89cbc5f

SHA256
bf05f1c46ccce73168bdba31a1673c32650e7921a8969386fdbed2c8df027b86

SHA512
1d8929f28e134be22ff392b57e0018e540e0571eb229cd37e35b91068ff8f3721f9428167bc8302dddfaf57427aec8204701dabd869981ac635d0303d4666b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a161253922bb618320af914f3e319582

SHA1
ef74da218f164e76bf57d4b7a1f2a31e3646b4c3

SHA256
54a6bb42540395f66e686da2433912a32a637c47ee9e009684d8661ad5f3fc1f

SHA512
05047526afc5cf078514e9b67f157f722c07aacce32ca37d452c6aab52b8a0ed2628b65c4a5a20b880a2c8f967f95599e0081324e8e9d2775615d9e8dce622aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d09ca0d0c2fe29b49d081c7db72b821

SHA1
40442a41d5f678d69c74fba94faa635fccdbb4a1

SHA256
4c8b27b81141790702e60ae1d671dcdfa6f3adc5d09a4b6556fe85fbc670b860

SHA512
3397d009a53803cceee63ac8066bda7608e5b310e2c02d11aea971c5611fbe070c79fc7dc58a7383e9c017e626170446f414a42b4683dedb102ee83616082ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3ae5db849cf1c3f9deb867868f7f630

SHA1
8fa55499e3f97e31aa517d9d50f8bb66e867ac15

SHA256
497b13595be41bd441f8f00420cecc897bf73c90713943843f66e3cca6eeb24a

SHA512
7179148af3ea0d98fc621435087a006413bd1932cfbcaa66eeb307058188b03f8b1980d31715a8025e70a52793caabccb76e5c7698cc002c471c9f82d9bee1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aef266a35d1e3f8a29450ce04453a24a

SHA1
25ca88eaa3e285e75be7769b15f3a3f4fdc2f3c1

SHA256
81f40e02f6572288f6699068dbf9d0ac6010ca67fd01da391679367fca7afdd2

SHA512
834a200b9300f7ea55124afb8773f61b6262ab279566c2fb805f0525e5367ab0d28ed669d4e490be4e84f24ebc2db9e843878e392e86ca88794dd5e040f2c274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb4ec49bd995bec2733a9697c9dde851

SHA1
98d91ca65117545471d0b417d2be174f8be09348

SHA256
5791ca33eb51cbb9bda5e3fae5137491f1e6f4fb857831bbf98486ba387f1a22

SHA512
7f687c63e7e3dc3496c5c5b7722a7da349b7ea11db22215aa37e7215fb7602bcd33c892607f3c5f0a98ccde6eeed0d536d1ad602c1157e26444321897ffee8e9

Download Submit