d4cdc0ac429ebabd82fe03c98c7c076650a61f29d94ff0415a697897f38bfc94

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10f253213c9d3eec31ff65d1c6443834_JaffaCakes118.html
Size

101KB
MD5

10f253213c9d3eec31ff65d1c6443834
SHA1

3a5885a26391095048f61f9debab21fb576c3232
SHA256

d4cdc0ac429ebabd82fe03c98c7c076650a61f29d94ff0415a697897f38bfc94
SHA512

ae635a8b403416b8d98b2c4ba1af50ad3271022c7ef0104b6ed2b6b1f49d380e79efabafe89604e62370971aa8e9617f27ff01c1a907cee9500bb129327059fd
SSDEEP

1536:o8nGCpWHUK0bdWf23vZgqkcfU68AmZYTuq+mjmLo411exSF0:NGCpCUK1f23hgq7fxLmZYTuqpjmExSF0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
3344	msedge.exe
3344	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 2608	3344	msedge.exe	85
PID 3344 wrote to memory of 2608	3344	msedge.exe	85
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 5068	3344	msedge.exe	86
PID 3344 wrote to memory of 2008	3344	msedge.exe	87
PID 3344 wrote to memory of 2008	3344	msedge.exe	87
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88
PID 3344 wrote to memory of 1012	3344	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10f253213c9d3eec31ff65d1c6443834_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92e6e46f8,0x7ff92e6e4708,0x7ff92e6e4718
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,4224827490094718378,7798571302492238014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
542b6977ea75b4af9639228f19b89904

SHA1
26f4b2586c6153bb840fca33121c589bbb374967

SHA256
2d0fea2e50bfcb943ee7ee253820b2477f63e7a92c4b978c18c8427b7c41c6e7

SHA512
be92122d49c0cea68c4f9f5c237bc1c01b45359c9f1cf4f53c7a9bdd15faceb4429b3f263e95d333ea42ea935e248fe3e40ebcc32d1377af44fe1c7860370fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1acf802132d4d18ae97bc4ed967f720e

SHA1
46a981e288e8296ba75892b9bd199aead876fed0

SHA256
6c63562c57f65ec33627e4dc43e9a7b9b1a70880ca89234a6822e42813becd16

SHA512
0e6870b2feddeadf4420f98c46049ee4b7c15cf2e009001fe0971a75cc6b256eecbe05aa8f19910d60575647d902d04981869b90f340d8fe40dd2942c99db6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f1bf3d93cd51324ca50a72fdb4a52c8b

SHA1
541c872224efada47c4fac39d29d8204e09e388f

SHA256
49745bebdfef33d10451f248477226374956b22c4df4cc7f21eabdc40adfea86

SHA512
81a83178fbceadf22163df963ff20d1d98be392c21baea1590e8b3485cbd03821299223a482b4c37ba7509c808403f408f83d2e7395a14fc6aae1751279b5935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
23394eed50d05d9e764eb59657c9de43

SHA1
ea51663920024f3f0da529f21f9d0d8061b5f258

SHA256
211e6d81ac9b496d8ff4f04055e20b1047f902e8791a422763e76789b56e9fd0

SHA512
96c42b53192cdb6a95d1689d53aea4a99786955c2d860ded0c514a4476bf02f3c807b7bf1fe6217c47deb6a78c4940adcc88155b7cb15bc6c46887b4d7716d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
445c07832082674515e505e6922b3402

SHA1
d31e3ffa0bc488eecb818bda99042a245fcb1687

SHA256
40bd194a49f2806226c1cf0fef1a25658a5d764211980388eec1d0b2803fe7ae

SHA512
4f03ab288970e317e5859ad331acf9d6de82f64dced57d0a3a6c42662fa38f6eaa998dd499ca5153c17c37ab9ef764a1224ded6e44cf272f5f69f62934f7256e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46088065d524990cd1f0da6dba5aeb15

SHA1
732d99422186cf808c5aee8bf7925c3920e7df5d

SHA256
be800eae0d86350ec844cc5171e2d0db7333478e118e5d0210fbc28208c1b829

SHA512
eb5fb692bb23b60f040843cdedccc8af587e120c1a31de644a03b0ffe9d986f4f84b4f485c0b118ce77431a90bb0cb27af41e4dbaca65094984e022a546336b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
da989506673201dbebadecddd37f082a

SHA1
4a9d046da5d51fbf859da34b1918dfd7a5022c96

SHA256
058c5fb97ce2fe2c3cb3e0cf5f6f3a649d722178ab35fc89a59a8f0f4e0c1a7d

SHA512
20584951fb4b8a51439069bd5b577c2a99dac22adf32f1ee54bce5c819f00fd4d46bb39b2980122b38183c4c48a532690120c39dc138890a6a597c67bdc2b2de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b19d.TMP

Filesize
204B

MD5
f5efe0a2af905798aa2b4014db3a290d

SHA1
6e1599643e9afd7a578c918e6f05374808916f0d

SHA256
0f12355e8546e5a2f8a2ddad00545695b17c2c3270c14d62b63416a3456afeec

SHA512
17e2934cd62689b2a84e2318626d76fe80f7c2fb309f546273b493c4c2b72926819adac474f56351fc6642daa098ac45a532c11f3950571b9268a8b1a470da23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f10dfe1a0d1cb91d6ad86a21bb657308

SHA1
885c91210c8ecbe88014e604d562a4924bb0a53f

SHA256
7d6d4c96d583f2c8561ab06707a73fd1f5bab37338c563359369e8d37e693c57

SHA512
6f2d78ee1c0d2d7040fe31f5b00fa06a9659b2a6586d994535b5a8bc919eedc104212319b2d3e3b8d8a1e96f6e3ab13ae8e70df731a174d10d6163814863b7c9

Download Submit