39a1da28b8c7d5dbad345385603020d069a74313337a5f4401c9c0fb7930d639

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78aa13a0c3f77fc614e196afa3cc556c_JaffaCakes118.html
Size

80KB
MD5

78aa13a0c3f77fc614e196afa3cc556c
SHA1

d62724065b4c8c9d12ac7dc418ed2c2ff1dde491
SHA256

39a1da28b8c7d5dbad345385603020d069a74313337a5f4401c9c0fb7930d639
SHA512

a3003eda3ccffed523fb16ed1279e05400ea731b779ab9064688bb60020fb92b4f591d9d707c2e938b484f3fdc9d1b45b3228ecea38df5ba7727654f152f5673
SSDEEP

1536:SR2GJHfyVLiggFOmaIlDCv5C+cYpM/jA4jyHt3+n+:SR5J/2LigtalDCv5C+zM/jA4jkt3m+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1644	msedge.exe
1644	msedge.exe
4604	identity_helper.exe
4604	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 64	1644	msedge.exe	82
PID 1644 wrote to memory of 64	1644	msedge.exe	82
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 4588	1644	msedge.exe	83
PID 1644 wrote to memory of 1836	1644	msedge.exe	84
PID 1644 wrote to memory of 1836	1644	msedge.exe	84
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85
PID 1644 wrote to memory of 3872	1644	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\78aa13a0c3f77fc614e196afa3cc556c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11034620976045955516,7587321182678987458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
53a9ae5cecaaa9e81998417fa81e8c39

SHA1
b550fd148c9088f93ddf2295ffe4d91d93a3e793

SHA256
f31aaf888115ddba07c98759bd09e08b4efbeb09d7d16956c3202b6fedc76bf0

SHA512
8f4b096307e635940ce3583ea4d8aff99e7df178dabd259f7842478a410d29a59b8048f7f9ea7f8ed51d5c32d208d26fa609708ce063cd63276574dc607b7bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
da5c895fa290601440bb1a46369c47c0

SHA1
4e5b60845fd6d0c068c20c380a46ec8f34c11946

SHA256
4fcdbe1979ad0841974406a54082a7a0f5ddec7bf6d2f112b4d1eb4b7c8e189f

SHA512
f85d44915105aec71528d75bef2ee22a4a6bd357a8b52d8070329973e21122ea3dcd0921ca78156d7bf34d343b4ed5b6c783ca3677fd6ac9305889949e110689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ce9af7cdeafeff16254f0cfa68a256e6

SHA1
494c5dd40f8e4f0a75211433f44580d9f5f0f6d4

SHA256
6b9dbd1037884d0e48a50520356be2b48d5fe0d2d564c23e4dc0d25e85c53570

SHA512
4577168d00908f6110363bc8b78eb029346bc3843c6389df385e5c60cf2c78856ec89bb80f3f4b05ac15944dcc2dd12664f07a617a23662f72ca24b4255f4d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a2c6827fbb5b9473adfc621e3ac3096

SHA1
38767afac4070af50608410090a14eb62f5dba5b

SHA256
17fcc8826e2771aef4c25a4eb7924deea29865f5816078142db17dbebfaf89f5

SHA512
e6c46952d53d9aa3b017798f14e941a91a178c7409e1b39ca44ac2428e8d490b3236197c42e3a0217148deb60176ba4696bb1dba35d78fe352ebe1adefc33641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c74f7afaaaadedf6e1b39871ec24a468

SHA1
b841a7430ee1bfd48c9173c888aad6dcd1bf12c6

SHA256
6fa459645d5f04d27c189943681c7a057b9a7ec829f75cb3da889a24fb3d3c15

SHA512
76d274a4f0d7aeed5e4cf03ca46986f88480d3601bc1427b47d91faeb6667bbd53d098d6666b7ddc7cb701964cbc7de748f2f7cc1a19de5a2f09fb1797a44a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03d9d669a9a2c8c29abb6cf351f3882d

SHA1
f4577b7a93b7b8d946c8e9200783e47cc6e0a409

SHA256
5e05f59e4a97491f34f8e54480fee9752398655fdf069703b8ee33aee136664f

SHA512
cd1107a0bd3b040c497144d88855e14ec29aa9165f5ebb456d8ffae396496eb112f4d1f5887e01c18c83330023daeeab07b69dff61542c900cf257141020fc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
80a61c84d2bc2849085cdfa54c5b14c9

SHA1
280357297792a93a15bdf96db0bac77f94f96610

SHA256
ce247bfee995d64498cb9a8be72b238ae96e72306cb6911ac82d75ee3417e1c3

SHA512
75c240782adcc264ff90e571f6384b78da258c2b3d8d2ce61cb55f220f36ad4d5f30bf67e3c9cb4152978c93a7bc2310c94995085a8954a7513f9dedf93b8cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
515f86984b632a8018686994fa5a5835

SHA1
23053f6ae7c6dc9cc6faf8cbf4450fe213231bf5

SHA256
2c174479d35ba59ecaa5839859da56bde7d76cb3b2ead683e7e2a1e50a9ce6b1

SHA512
afa59a3bd498437e534bfbb6434e696d494cda2c42850d22131e9d6afc70680c033756c05433b42427ecf843d88813c24d9af046a224d4136aa975acdc763541

Download Submit