45c9324f34351b7c56d14f07156eea855534c04853b6dfa78506ff9f5dad0d74

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27cbe734db87e90ca22b654f23f38e6d_JaffaCakes118.html
Size

20KB
MD5

27cbe734db87e90ca22b654f23f38e6d
SHA1

009148ad12232838f0308909745650218861d82e
SHA256

45c9324f34351b7c56d14f07156eea855534c04853b6dfa78506ff9f5dad0d74
SHA512

8178eb1c9df87ea1f040fe31714c1ce39a2a910deea27bd271c76151752fbccd12fda37754cb1bfa1893fa1e6d74a4c3fa9aec10d51cfbe3ea81caa1b1092f67
SSDEEP

384:Ou6mKmo0lAt3gBKEtSgwITH7tTfYxJI8L:dlNgTJL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
4812	msedge.exe
4812	msedge.exe
3844	identity_helper.exe
3844	identity_helper.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 4420	4812	msedge.exe	82
PID 4812 wrote to memory of 4420	4812	msedge.exe	82
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 5072	4812	msedge.exe	84
PID 4812 wrote to memory of 2904	4812	msedge.exe	85
PID 4812 wrote to memory of 2904	4812	msedge.exe	85
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86
PID 4812 wrote to memory of 1496	4812	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\27cbe734db87e90ca22b654f23f38e6d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ea2146f8,0x7ff8ea214708,0x7ff8ea214718
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4133360881946780406,1402192446093595416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
aed2de48d17d13294594b6ce209b506e

SHA1
febf0652ce7d8c106b18a30fe02d93ac13d9b89e

SHA256
e3c3bf7d1404e5fae69ae5a6f87a62d3271d9bfe2b562fe5ad63260beb3841d5

SHA512
9f6658bdb23a52cb29f05b63538b38fb6196c87b519cc47260943ffe3b4503956e2a7be57b4a3add80452de4f9e3e9dc87ccee4150255a835f1d08e5a79e667f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
37e96d64a4270eb0f4ce9e1a1ec83ab8

SHA1
8b384195c3c30fd0f93fd613887dbe75cdf42011

SHA256
3c53ba6f5b600c5d7225b54e4521ae9910c5097dd4b06b27547cd09777c40af1

SHA512
e25cfa4998288cfba2916fa0a24a0b2f03734e3b5fec2d618c7c8c1c9bd52750ef585ba6dcc8bfd9991e8912f0da8a964cd9f3f8b59e0a8bfee76d3f0f8dfa6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
612B

MD5
3522caf56ba652c0041a5371219b7287

SHA1
10707929386725dffb01c88b1817633468807fe2

SHA256
3352b463c1dac465e06ca36df71b913decdbd4bfc4cf2fef234b265a7c5dd282

SHA512
f084078ac3c69a0d2e37250fdff424e6ff19ccbfeef7283a6b2f8aa3cfa809e1b0b5643a0b3265b46f650ba2d4a4dfe7031ed5cac87b1faf337829b6860ac915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
643B

MD5
184972eec9a5ae659ba938eb5a12ad41

SHA1
db6be25c9cb4964afba37a49167f84d588997faa

SHA256
4adf40e58547675c082855803621df6552335ded433edd45f9593be07ea82ca8

SHA512
41967c1a15854b4a72023e0a1dbc30d6c23a67335c19eb82651382a3087fe711b2090fa119ca479fcb03f8fe4906434e6bc01e9c48f5323709d9c30b5441f774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5814e40f0a2012142f6e80b29ccf5e9

SHA1
704963d7270e6977f5ef86e500ee9c36540e77ce

SHA256
b56ac53332af420b5c6fad89e58c8134db45ac801ed089a77097a47a254c1c06

SHA512
ecd0043b46d42284d3cb45ad50ad5b549e21a9444a29011d19253faed99761efc2e8d828d0840b1aa646bb2821fcc966bc673897fa6fa91555b670360afaef8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7563bdff2d5afc10834684de9e0b4bb4

SHA1
f48deffbc9750cf4e5216f5647c72eaa9530a11b

SHA256
5409095c0db19e66cabbde296acde33cee1cc4b5371f82bfda01f7db331614be

SHA512
194bf770bd63f999656e51d17c7a5e2008135afdc71acfc7cdc08f2a1cc068204998752a1e9f4be553501d52a97d8877e2c851442b81c7b6a97c410557e1bac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac816518b55df7806cee40a4f4fe6656

SHA1
9eef433a280b123abb447c5a5211a00258d73c05

SHA256
b9701ce71a60c6d2f6cfaf291f61673caed21910e4cf6d82229611c277f1433b

SHA512
8e988c51539638e7da1f6eb27a6acfb7446cdf2b53e9bcbadb85fdd67c4b804b28833dc6f227c49a678ead1210e45dcb72934f50926e5c439c1bd3eb42d1f6c4

Download Submit