be059e6331e2a1f026e5882fa1cee486c6af8f391aaa5a55e05a16688283cf73

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

437fdd669d3a023138dba98de7cfb238_JaffaCakes118.html
Size

86KB
MD5

437fdd669d3a023138dba98de7cfb238
SHA1

fe2b78b8336c6062f108666f1c9b2d49691e6b99
SHA256

be059e6331e2a1f026e5882fa1cee486c6af8f391aaa5a55e05a16688283cf73
SHA512

f702b994d41fd66c78346b05b85e604b4191e72b620c7fb372e1228135077cdcadefd1c84df3966df35843c0d022280e95719e3bf4814eccb58cbd3a58568d37
SSDEEP

1536:3OGyEkjpKB0N/E6NHNcNqD3g7SFodUh2tCgZH7nzak:3OGMpKBcLg6odUh2tCgl7d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5744	msedge.exe
5744	msedge.exe
3984	msedge.exe
3984	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3512	3984	msedge.exe	83
PID 3984 wrote to memory of 3512	3984	msedge.exe	83
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5400	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	85
PID 3984 wrote to memory of 5744	3984	msedge.exe	85
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86
PID 3984 wrote to memory of 4464	3984	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\437fdd669d3a023138dba98de7cfb238_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d51846f8,0x7ff8d5184708,0x7ff8d5184718
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9622855486912920525,18298093539712871719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
cd7819e2deecc45a51c236bdd8e7a17e

SHA1
013641cad9635fdfbdeb7200423e7f2123f62d83

SHA256
652dbf7a1129fc3eff74132e19d44a0ab54eb4363beda5503f75999869035347

SHA512
3a337b2b07e73531a6e331ca658c005065ef64b4fcbe1ce7805dc7f2ea07b4abc204ba5ea63840611578a1653b5e074b2917faf2e991c89b9b392218537b6b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5f7e4888733401a00ba3c12d3eab9e4d

SHA1
c33e7dd6f4021a633e72705f5b0ac8ba29ad4244

SHA256
a80f064f9b5bd13b3495fbb600506781100c30ffaeb9eb4580d3746799bba5f0

SHA512
4fe8be57310212410750b44dddb2e20006789a2794f75db4f82e0f3233dbc1432e0edbd7e452480c503a86d4d020241790a50b0935fa66d1752945d2f02c863e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
220996a8904d72acf82091cf30b98be8

SHA1
11ee52bd2f0ded9f0ffc5fb670bc6cd4dc0150ee

SHA256
71c9665f51b083a30dfb8df9508d48427bdd352e5efe7935ca820d7826885b23

SHA512
533ea93a0d289c1281545b3e80b597a167efa1a5d2d1fa1cef579639e852d0d2013b4a6fba1afadc814a12a2208b6596d89f80696586fab2c27f75e817eddf08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d0d3e9103b715bacfacfa510f5c89cd1

SHA1
b341566d71778c4a120919323d090c446e6045b5

SHA256
01bc85cd72e36de35ce7ada7cf712672a148ab812aeb843115fd21340ee93152

SHA512
897ea29d285b1356811dc862081eacf1547714bbd4e0934ab3ac80f4d84a365550d814bfb646ec94a9f70c5efeb08fb0bc9617749c9687c4490af986c7442ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e767713f87f5df7e9735b8d03401eac

SHA1
210a180ff1ec627977a0044876fbec8232b4dc5a

SHA256
fc10d52b16a293e3b5009850a5bb6ec42a5b5e9126ae7dbe1ef2a787c5a192b3

SHA512
83299c41987f17b742193b0914b8e7b4308d5064aa782e2f4c06f4380c581967838fa1921d5136689306e04b397c7f970661968416c9043fff2763f5a10839b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0261d1cb9278e4744da537197222204

SHA1
52a047cab67128c29468b233c8a77f7f923c359e

SHA256
56e21cadc57d0d6263b389c66be5ba65d6058d6c2d587dec864286f056afd796

SHA512
30fc35a65a65c6eaa58ed6c75bee28b532e5e2ee74fd79fac202c034063f0c8e414ff69597c7887351ee4057b2b45efe9e176794f919aab93293c98d612cc6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
3dadf3fdc4c147305a67ef8fd9ab18be

SHA1
aedff3bec23723a214c4fdf1bb6cebe8ce7cdbef

SHA256
5ec3bf8f113e34affaf895a119af14d6ff19f81da79678cf6e141f86e259eec2

SHA512
6d216db63180377d873da4ca61feeac9072a3797972fb2142256da4a48d918ed879e21e55a5847f5990825e1372a8527599002866cf99689549b9a724775998a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586acb.TMP

Filesize
203B

MD5
68a23cc938b4abd545fe5c41a5dc0c41

SHA1
23cf085444a6b86699cc08b3572ede4332f2d151

SHA256
353b8f94756d35f8d9101da41390c2f8c676cbcab9371f1fd0c29237c932b9c7

SHA512
72b0e81902c10ad04a37bc52f3e4c9f9340cf35afe84e81981d09f1b87cdc8b5551d66257be3c3bd50b67a7e736a0856b57c57451ea8f9ae97f1ae38aac66af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e98f33080bf9d16fa4cd728598e61df

SHA1
86e1a32e75531e2f04e46be6d9bac4f1fb30d693

SHA256
10c91c3d39a3fcdb5e7443177d4e3366b05d07a6f152b7b96d03d2bbae93bf3a

SHA512
9a218637b39d315a580cec6f1088dc6e4cc59fc6b253217d66605a9857724103e6a598dc18251d39b3c527aef05ab487f6ce33b707ce3690807d6f3bb9080ca3

Download Submit