aa1b326412b2a25a2fa5b8132c93ba5773fe54c688196e9b8d45db497b26c23f

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7f0e9b1a924935bbf8cdae0c90d26e7_JaffaCakes118.html
Size

61KB
MD5

b7f0e9b1a924935bbf8cdae0c90d26e7
SHA1

097ae1bf4481e0e73a8d8d1c34124d82407655ba
SHA256

aa1b326412b2a25a2fa5b8132c93ba5773fe54c688196e9b8d45db497b26c23f
SHA512

be202ac370cedf94dfdc7a3ee6856f2c641707b57b1b75d0b21d0ea84828df7878d217ec6b0b580bc6bb2b1cb876ee2ff15b1553cd15e6835fd80d6092a8cc59
SSDEEP

768:PFXT0EipBDPPYZRRVta6czFVqOPQNynvFu06dDlCcYlMEXH6QP76okr4BLD29XtR:1TupBDPPMVttO4NyvYztlCTHz6okyL0f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
4520	msedge.exe
4520	msedge.exe
3380	identity_helper.exe
3380	identity_helper.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 720	4520	msedge.exe	81
PID 4520 wrote to memory of 720	4520	msedge.exe	81
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 696	4520	msedge.exe	82
PID 4520 wrote to memory of 3640	4520	msedge.exe	83
PID 4520 wrote to memory of 3640	4520	msedge.exe	83
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84
PID 4520 wrote to memory of 2444	4520	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b7f0e9b1a924935bbf8cdae0c90d26e7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8072a46f8,0x7ff8072a4708,0x7ff8072a4718
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10697844749694285965,5046667332378388078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
b67178832fd579b088fe9485a7071acc

SHA1
6909c38c99417747315ad88538ba1eb97fda9a6a

SHA256
70667b1227941627d4ecbfb71cc529373e37b246ff4dcc3c7012007ba6aeada7

SHA512
056ce955608ba6f1dc131e38897069b573848f19d3db5c04ed4fbfd3d5b1f8e338e6ffc6649998b6c0b40e461d6651d3a909a938200a3738f4b65b45eeb987b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
23300b30fbe07432ac5ba812bbde67c9

SHA1
e8a90ac28b162c24804ff6104879c03a187e7851

SHA256
88551de57526dd30b4aeb49196589ec71c37491e92b9a40efdb0b7007f313722

SHA512
ecb3264b44c486299814b36b0142dfbcf89a309f41a461f58a90baef5a4382ed5f7ecc3a4273733bf0c6bd32d602c27b93d10174c75006a176e34885a7193a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fcc938d9b317490b7e228baebc89a0e5

SHA1
2c1bd1e9fde22dcd0990303821285b75a716f556

SHA256
3c0d2d72348be6a5b5a6e5233cd5a1de915329ba0bd9b11cb9f8ee8e4b713f5a

SHA512
bdec52c634da7bdf66c98dadefd00660229d3e6bfb077236e67c32e903a11154a902d6c87e627be1f8129bf5fe8fddeffcb0d09f863df1fd917abb6971446613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
473feff29dad471bf7e8cd484873eb0f

SHA1
c9f44793b992df6b42a6709f9bd83338b6e0ff97

SHA256
b4d30483023c184c58d5837dc088264a9b91e279c955b409d61f8cb7ff7ad399

SHA512
f213963bc319405ad7637ddb04c79afb66efeb91b0410a685c9188b6a74011528974e0967276e69961bb3c116ec7d2356a84ff4877b4a24a74fae32d844126d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55dc821a368975dd6273699a5b2c76a8

SHA1
5a81f253232efa9ab130f0958c6318bc3556e292

SHA256
0fe00ac0dc98485035a2429b40a317ba32906f8b66e3ca79a43d2194de18b15a

SHA512
8f1eb658f278ee5cd524f77de527c13ab16796fbdf07c57aab7a483ee2c9ef40c8ce3cf98022e411285b825a7ceccd787e21d2f5d1a92d317aff0753b2ba1cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ea39ff1bc6baf065d230d72cd1336a9d

SHA1
45729d90d8c9f63ffdf7b3d0b0b8b1e16e6356d2

SHA256
c6ca873f2225ebd5094a9a23ff005229d7ede1b3529400736bc77e0910dc2679

SHA512
5bc6c0803e873d35394a9da6cbd2e29bfe9512018256d8d93e2c4ac38960c74509b0efea366698fe2860212b00f7970af5f7fd3b9ffd4a4e1bba007bec2998b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
589962eacb316e034f29d763d43763d2

SHA1
c52c990e293524060c9ae6429086b5b4123ea702

SHA256
a155d264213dbddce80d320c9956e34a894b1a7749ee32bee838f6c9ca8ecfd2

SHA512
fd32f27de4b0496cebb64584ea4243dfb8e981df301f20ff65b02b9f11756e49c26bac30b87a6d2e60c567ca88e35eaf63a9689475fbfa18c0b56e9a75514bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8601f1cec13b26889d9b6fa08780125

SHA1
d3d750989bc4c2425a172b89907355b147d4b46e

SHA256
9900e1489fd1bf6df1ef0410d5bd1ac2682752b68d504e883f7cd77b8339d213

SHA512
dcfefb2bf6113dab1ecc404a8f13608478a341b6af2bf8d8430f2e2df4caf7aecd5237f696aa87facf97e2af292a4fae998d6d27549821cc4df8753b03c1216e

Download Submit