4932430b1483899d505d40699e79a69a5cca3afb41a1a7936117d85416a29688

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

480daf74137761af2cefd94b2eaa838c_JaffaCakes118.html
Size

61KB
MD5

480daf74137761af2cefd94b2eaa838c
SHA1

304e21d15a9376f92816c2b19a08161a479d809b
SHA256

4932430b1483899d505d40699e79a69a5cca3afb41a1a7936117d85416a29688
SHA512

ae96a5ae98198360127cd239035af8d4c6278ad952ec607a1c67300af8cdf695b29ea2288b53ddb0bda535cd3fb2d667c081014de91cb2ff783efc81220fcfe5
SSDEEP

1536:Oty1zlrU5EQo/TDiQjIkyskNwW7BrrQmR/0cuveMu/Bb/XJ8xsUn:OS9QcTDZSlkdSBTXJ8xBn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
2336	msedge.exe
2336	msedge.exe
5148	identity_helper.exe
5148	identity_helper.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 5016	2336	msedge.exe	82
PID 2336 wrote to memory of 5016	2336	msedge.exe	82
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 2440	2336	msedge.exe	83
PID 2336 wrote to memory of 1392	2336	msedge.exe	84
PID 2336 wrote to memory of 1392	2336	msedge.exe	84
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85
PID 2336 wrote to memory of 3156	2336	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\480daf74137761af2cefd94b2eaa838c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae23946f8,0x7ffae2394708,0x7ffae2394718
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1222381198724080655,15122626342549755417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ee2811e10c96a1841f01ac4d0aea3972

SHA1
2eaab49f1da0d647d27cbc7e0ce47e11e5c71b6f

SHA256
71bcf4543e7513aa454699a9800c1e20703832b047e5106c48a771158dcc4eed

SHA512
787390e12d2160d2c2fee6b199a8806f25063a7efa154764428f12753a0b561711709d306df80c2d2f8c1915984b4679efcd325c56c7f545795d53bd68d76488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c5ef9974a9905c431e4a39dc79eb593e

SHA1
686788148aa03da02684d3f3988d866248e08d0c

SHA256
ca231a3aa68d3fe2709eace455e5a0d2b541ba8d4ac5db42cd927b0697a8f103

SHA512
e061d341298ca2ae30e963a0b1066b373c67697ff6bdd76d6515ba9aae12aae943d973dd002a478d5c62da22c9a1bec3e035c1862d799c7ad844dc5eb19a09ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e9c4b050fe258057dd2ba961c1776380

SHA1
f002ded7576fd711b9a38869e6f637c08b32155f

SHA256
664f6737aabcb21533078d060bbe3bf25965f850f22c122ae07fd9a6fa719e0f

SHA512
ef4443c545287bc8968ecc4b62bc85487179bf303a3f2f937e6ce9fd9b5e06664bafae58567a9919698b7d21b30c32357bb15ef46d27ba74601915d35cb4e2d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ec92a19c1d8a89773069bbce842e06bd

SHA1
e22c4808ac5065198c52f99455528ba6ce1657d4

SHA256
50220027bf81921674c3a914f9ec428b083a8362a57c7d90eb8ff0d78da8d3ce

SHA512
2fef504cfbc2cdf970566ad4e87817be4325a0003ba30bb1675919bb8728193d94519cac21819dbc5065b30bbae41577bb9af020a57f68dbbd0b6d0ce337ffaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b304f1220fcf5ff269b84ffa5ee46a16

SHA1
78c8f1f30e67fca1df4e47d34873196e05effb72

SHA256
8e19e8763f46fa62eb18e28f8199b47cb72333138ce8f71048e7d8e5ba1adc18

SHA512
c238801304f7c2d38855105050ee75b21ea99a57da1c5c2e8025469f3137965af6fc0b2cf0cda7120e88561f920e30d2f4d172b91098e1320bdcdd794c27838e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
51bd950a564610001bb4c7a8dbdbdbcd

SHA1
83e770fe20825d5c6c88b7081ade7284b6107955

SHA256
e365f2dc72759ba0fe61aa70129d54b25b8f5614ea6df01b0efb8c95f4af43da

SHA512
34a8999fbfecadf8ad19e9d5888219f311c341c1d1122946811f2a5ad5a753447b580e84fb04514c88d7465a0ab3d9a8d0ac69e86cca106f20818baf677417de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86e8eb31c69fa9bd4df1653d31544b23

SHA1
2125b9f60abe338929ec623cc838d16cc1abcb74

SHA256
aec74cf29b73c6c5664f646f0b250f01f1e7ef025d6375a84057c668ee923c15

SHA512
caaadc5eeddc76ad8963b27107a209aa2a3665ea64dad226d15ec945568df32ceab35696b27e2803f7a05441b01458ef35c7e6ce9c35604383a792c251e994f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c009bc4301d2c8b962ee99b097bf3f75

SHA1
b1348db3e61b2f45f69b307b671e8a2741f81ce7

SHA256
c53cdd103951dda24ea256e299ca4c9ac0d9e0b4311891abf18b06c32228a68a

SHA512
fd5043df9eaaaf280c47c66110f10cce46b617d718f8116cdbd07c13c041793d889d5586d557bec829bf2ae3f15a8a03c1f6c5aa2074946d4dc7a3b3f304ab2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
6621569721f5371559c7a831e9228ccc

SHA1
8200b710084275fd85c6bbb36f321b5246f8761f

SHA256
20e2b2b7cda6eafb5dfdd86ab499f8a120d66810769056026646bab3a067e922

SHA512
a11d6facfe179f4c6f17049db2b44fc1c92d3e07db46ee2a9bd4eb66ce9c1ba3e284a0d8375f8da3a0a2c0f5645db8e5b9ee0f370fd47d502839e502699e973d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
a073f9f8405df21966626ddb9eeb355e

SHA1
0d60a0b6f7a3edbf65de26c88272691c0213936d

SHA256
b439ea9644b10e9c9a9e05cd6432985b6a7b3f708bc2da7a536ae7010ccb2cb2

SHA512
ec2bbd4b90ff2f6ca95010f6453dfab5ebfbcefa98f935418f857ceab453a8931ac9c1e0acebf957a427d084b101bfbc28b4349d806f8fb8a83ecaf99a8a5e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b882.TMP

Filesize
372B

MD5
a7398759c9ea6b761bd282b0a0de198c

SHA1
056a3d54bcc897a980540dbb502d0f6af2831699

SHA256
555c7cf23f12f7f08d010b5898dcfe63baa1f2268daac7d36dbf17857027a197

SHA512
262eb79e372aacb4409fb6e8e9a96f997ed95abc04fbc207697b9237b5d97e39fcf3d04be524182fc47a9b2cb30fb6b61639614299ebfea2a636c0b11a204d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2ec59e1113de797ea359b7bb71ad2ec

SHA1
e7eda8c813e083498c3119d910ac04ae6e267c7a

SHA256
9ee7683f0d51fb06fef22e4a65690e963a5a7fe3410594458945f9a91d9a2950

SHA512
66060c61177e8a2122635030ee27bd82fdc6015193cbebc34474f10ce5a469d647f22452505b67b92827c14acbb0f55e7957eb2b39ecb87e0bc426907ed5dc40

Download Submit