5863b45f7b58df0022d1dcb82685aca268def140ef24007034c0b69626619fee

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4228c49c0aa889c39c63230318144da0_JaffaCakes118.html
Size

108KB
MD5

4228c49c0aa889c39c63230318144da0
SHA1

676daf77b1bb275fe13652c245db29510622d0e6
SHA256

5863b45f7b58df0022d1dcb82685aca268def140ef24007034c0b69626619fee
SHA512

08d0a793f444e92bf0ba6010c86f780918b4b5b594eff082c4abd7e101ddfdc5f1bfeb6b01aec1c911c79aad16f79c83b7e6d84b7f7080c4fd7949d9692387ff
SSDEEP

1536:OYFejHH2kY5NKx38kgf4ligfpcHsGJWDBW5rzATjMDtFp1HV5k8pj:OYFy2Kx3pgfQfGSki411HV28pj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4260	msedge.exe
4260	msedge.exe
4560	identity_helper.exe
4560	identity_helper.exe
5448	msedge.exe
5448	msedge.exe
5448	msedge.exe
5448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 224	4260	msedge.exe	83
PID 4260 wrote to memory of 224	4260	msedge.exe	83
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 2544	4260	msedge.exe	84
PID 4260 wrote to memory of 4004	4260	msedge.exe	85
PID 4260 wrote to memory of 4004	4260	msedge.exe	85
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86
PID 4260 wrote to memory of 1204	4260	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4228c49c0aa889c39c63230318144da0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff16cc46f8,0x7fff16cc4708,0x7fff16cc4718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,2446211730047977508,16916059818191204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
345d5f19b7e2a1a4162e003ad4a1311e

SHA1
a1e6e1eb50fbcd681f3ce80a018cbf1d3e7cb9ed

SHA256
ef701e90905a3059640702960071365b9d262fceee53e19cfba1c09b02de59a2

SHA512
6d13ef2584192b92b05e8a0de027f6d8fa4ae6bc82a808280c70deaa4a6c829c0fe292987e67889bb1edad49e8383c4d110ae5a92f5d85c98cc850d9b383463b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
5d066f5e146b6930c3fcf60b1e5fbaa7

SHA1
89364962ffc83cbc70b1372beeb3eacf1e66c098

SHA256
12e4ef2b50cbf23d386df5d9e4943aefd1b5931c03669f008be69cf3467d4e6a

SHA512
029d9bc6fe494cf680d39b4cfa07ebced22b6e12f3270ed43d671690b2e0d5fc3eff3385bdde56e827dd0ffa1b600623134b3fa116d0130aa6c869716f825294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6801687d250b253763ca6f69fe544599

SHA1
018a6dc7fc6529fa2d9f41fd40583587084b46a7

SHA256
729ed4c3ce4036324db9066c30bc5764b254d15a88a9527886bb58904b1f0bc6

SHA512
044e7481798e66191eced82f81954263937b8f04008550e8517c7a0aa17a2dd9b178b4f229c93a47a0ccdd50631d2772da5764295618b11160b7278fa36f00d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b019512f4df67809d9ef9bdb29b35015

SHA1
86cd821bce5c913e9de9ff2280f39ff17791cd06

SHA256
61fbc8c237520a441bf6887d200114e889542fa9fedd1e7ee790d6e452f96c3a

SHA512
d2eee84771f9ec7e86ddf199622b3de07f06df65526441d15938477cbfb665d63552d9fa3ce62fb9ef34788e57c83e829cbbeef31ee442ec65d3b4281106a74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62109bd518687efd460464aac5e6012d

SHA1
942f4641036232ec4940302adba6c9fcfb7f4703

SHA256
18bda9ecef631299224659b9d9a6bb7dd956e5e7885f042d83766ecfed07cdc1

SHA512
6c8f7c5b5821aa1b86e365948338f375dc64708ca9d64ff9de8167555c6e6e80c6a211ca60a31bd861bed77596cc447b27c4871f2e7f3a922fe8b2f64742510f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c8e9dee6c0b9f0a7f19887aff2853bb

SHA1
c3bfab6b208b44f803254a7107fe35febd51d5a7

SHA256
f8eeb1412a2ed7eb34c22f90dc520cb7981f6c63e245b64ffbe1667f0ea5dedc

SHA512
d8f79666f973961d136ea4f3b2531d0ef7448d6aca56c83f5e18b23c28baa723f068092a6689def56aebb7d965a2aa2337b93bc1a5319ff7d7fcd136888f37ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
828ed1fe252ef467b37d60906f2a0f61

SHA1
a210bc3b51328d7c7c6105be2fae227d4e92dfc9

SHA256
9f09d0a0d90369f160728774d312f88888cbc414fb5875471a5d8d2bd7815fd4

SHA512
ad287c7f87e720f694fc74c0e07d90283b88e196dfd755531a766b4b7092c2df1357ad5b5d25516323ead71b16be97311e8c9ff2a15f4fe3c6e1dd1d6c1a3a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e92d84cf04bb90c5df02807e9af267b7

SHA1
c526cc00a16e6beea8e75b21eff1ba521374a425

SHA256
af289c46c9f7354b9ede22d908b8beaa8d0f0a4c5d3c3942b562a7d275018653

SHA512
4ac5c2cc44b1fb18f29360b5ade9321ede144bf3970e2eab062b813fddc00a59667a8bd381bc84ab86f082b640d49bb806c19020a660c4f1485bc3222131c178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7f04579b195999f8be2cbdcfa07ddad1

SHA1
c217cdc5fa6467fc708b306cec2c57e10099e938

SHA256
763d414bb81df8ee901d8ff401fe08b9ea20f6ffcf62b3a84e825e957ce49293

SHA512
57edfff7488307b3574adb1f673481765e24b56cd54df0a826372dca7b34cf9e462bea6e51acd9aabe78afe2ad934a7ba761ac6be8e33bcc2df767572db98fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d1f6.TMP

Filesize
204B

MD5
75e35290ed9980f4c07257b6558b8c06

SHA1
3a0a0f7ddfdf5454b7307f4135ff5d2f798587b9

SHA256
8d45734c8098e04b8c340bc587870c0724a26e3df62179836fc4a4e36f1c2cb2

SHA512
a5941b200bd39c2f65cfe86293bdb1373fb8fbe7c496351a668fcdb286027861e4f140b97154dabf4a91165808e85ab3e3033c781df43d5a2c116b4a560337df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13a3e0b3743919523cef4a967907fc17

SHA1
b8b455db0c179c0b0d9e7459ee355b4a7cdaf119

SHA256
451622d716e25051b5b50d665452fbb81e130c473ef0e0a612a9c2f8022f13ef

SHA512
d8df1738a67f46bf2724fd394bef76381a3032e3fd11e999af46b50d423c8589b91243f74add63839000e2c022deecf6e75b967fcb12dc871ed8e256bdd39fcb

Download Submit