179332a939bbd296b1ed712ccea7e646a22cf3cdf44052f584d089dda6709e99

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4664e03eeee026a12ec219704dcea4bc_JaffaCakes118.html
Size

74KB
MD5

4664e03eeee026a12ec219704dcea4bc
SHA1

e397948ef08c9611b2c8cb9f13112e47d82d9532
SHA256

179332a939bbd296b1ed712ccea7e646a22cf3cdf44052f584d089dda6709e99
SHA512

d41be950754f9e0f2774c7ee34b91fb3178b25a56372e96e8ac32d54805abb7e3abd553ddffefa8b9ccf81dd8bf581a025b6040bc2b9fe8d3358452f7ecaeff9
SSDEEP

1536:jMN1I/2MKUVHNiWSGQJGp5u8uWueeQVl+x:gN1IOMKUVHNiWSGQJGp5u8SnQVsx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
1756	msedge.exe
1756	msedge.exe
1976	identity_helper.exe
1976	identity_helper.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 4392	1756	msedge.exe	83
PID 1756 wrote to memory of 4392	1756	msedge.exe	83
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4256	1756	msedge.exe	84
PID 1756 wrote to memory of 4660	1756	msedge.exe	85
PID 1756 wrote to memory of 4660	1756	msedge.exe	85
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86
PID 1756 wrote to memory of 748	1756	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4664e03eeee026a12ec219704dcea4bc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff371246f8,0x7fff37124708,0x7fff37124718
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13215585136015032068,4639697162915184165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
20a614b8628d6df8a925d79998e23c2f

SHA1
0461edd0ca2e1b1d7c2259c1f2bea1660afec408

SHA256
bc5ecc2072ada13e0e5a7ab4db346c831ca8b299c24151572839d6c14aac57e1

SHA512
8eb3f41f57640b54e1652daca48b75a79e61b6d1fe48919ba1e87a338efca54a78cee14d33bfa8df32bba9a5a67fd47861949e0b937efc4abbcb884a6e40bed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4f168469c227bc06f609795f465cfb11

SHA1
8765d75646e2c69caf03a1ef03dd5af4822b3cec

SHA256
3b07a4debbed94b1fac7d72dd476334193e2478774790c6f52da33547a6badd8

SHA512
65b47335b62db6da932c71f2f88ec86f641515ddfb4616e235d0d5bd4730d59ceedcf7e102c9e364a664e81418cce7242821fa323414287bf8f1e1c5f5aabc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5d9e9b538a33d0de2d1b361d6709334e

SHA1
ee912970732a1168a2a66b027f5ac593e8f6391f

SHA256
ce1b2c4730e83da99ad2949abcdd16318326e3f75ef30d90927d1cf0656a2c77

SHA512
858d7dba4b2a44b789f6426dce7c4da64695e4dcd178b24d30c4633077afa5203ac45dcd8095434c99404c1f08bc8f46362241d064b0db21a911d09d646329bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
283d4c2ae404b98faee39c7b5214b68b

SHA1
8d8a2ec5eaf48603e4b3b5a326c893e8227931c6

SHA256
2da6cfe238355f18e429b262602f304fbf8573e016755258f783bc57989238e6

SHA512
f253d04ca6a5106f3a668a7a28af5928ef42cd1ece5514a9dfa3c1fe52d285c358cb11706d9472ae83b998d4c870c811581805b05a9cae3a05a799432e7b9bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
28778e8da980a8633c9f8dc0f038a8e6

SHA1
2c2fcf7aa5fd9f77188b7adb7033969e0e3b4171

SHA256
f693003aaa903aae0d57ff942634f690c681204ea405dea5e86ac09bc252deae

SHA512
88e16277570d43870254998119751a2b2f97c52f7a599606c1c758fab06b492602bbc9be14d3cdb729d64ece1ecd95cb9662cd88d00fefc4d1f757247d50644a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
198e7cd80e16d2b1acf7a8dda9412aa0

SHA1
48330b35e7e29b1d978347b6474411e9055817c1

SHA256
e8b544a4bf4a15a2ce72c13b345b12bbd230640f339313e3ae1aadd6e5e45f18

SHA512
14525ec1630e8c66772dcabdc802be9182811de4603093db6d9ba6b0eb31b490b159a366a3b9460d55968420505ce2c3d7876b4071c5e474a2f249731d962836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
954a98ad8926211bbe3394491f0865f1

SHA1
8912910491a62b1ffedc337052d7c5ab5a33e15b

SHA256
c480747f9b42ecb7f23075f208ec002c58d9769788f4c2fccfc9b4ba7d73b571

SHA512
f3141d24ee63e89e69fbe8871b44c3a32e17355557a796801c56e461f28a464ca7484cb8f36ebb8a6b967a9bfbb79bc0f2d9a8d10625741900165383dc373763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a48c50abc1e5b1251a39076d6d43f22c

SHA1
52d9346e50534fdfe32c483fc8fb283850578dd7

SHA256
d28c2f82c7ce08ee793c4be951b706140660b03fdae65275ad09cc644569c19c

SHA512
bc0d00a832a6d6d2c0981c81799db3e1169d05051547e38d5c0229af9dcfe739f45549ab1ac28b6559c743968219ed443b81141b705d634a929af1f014b23618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c59a5f66221b30b5969463736d09998f

SHA1
fd1eb5bd6ff70ffb072eb6bb64525bbc81441ef8

SHA256
ca4138f657d167c0c0588cd587edc9086d327756fb2af26e4e22e99e6a08cf24

SHA512
94372d577784f65ce778d27e39b623e6d1c0f2fd068d49c97d959c116bf6a3f61541a91e29a8348c0d39a101ed8fd89c909fa72484189d156b8674b6985d9c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d32e.TMP

Filesize
371B

MD5
11d03eac8f20262efdd0fbc2d2f74106

SHA1
e886c2d33484f06f0505080faa0dab476bc37f24

SHA256
8ea1c08c819255132487cea97111bb8d8ec9a6aa98ca3b0dd0bd103a167a9d95

SHA512
27f99e4088b5f81112277fc558ba4c3684ea4e0dfada7ec27a9e14f358bc7e0ad4859f601b78d40f4ad572d2e9a63cc19cd6c12dc319a6703b7a45ca3876d283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3a5d9dc14acdd2e722f4ca879a3849b

SHA1
26bf584c39e032d18ccfedcbbe7f4a846e514a17

SHA256
9bd01261dd08fe769e578ef645398807a3de9f88f79f7449139417f4afbe20c8

SHA512
84f7a4d7bfd2df24758cd11d1ff8939d8550f7dc172b3d621f2f4644a205fb9e3dd42debed4498938da4251d62b4d8487938e4b284164e46f1301ef9117a1c7d

Download Submit