2b8a89526545e2433c819da8a27b0d09cd0ea87ac395b18a24318c9680585feb

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 04:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65f033f051659df995f4e6f91b812462_JaffaCakes118.html
Size

73KB
MD5

65f033f051659df995f4e6f91b812462
SHA1

e554720c573a9c21315d359b8c47905f3d23a67a
SHA256

2b8a89526545e2433c819da8a27b0d09cd0ea87ac395b18a24318c9680585feb
SHA512

989c550c0b108a412e7eedc3489a87589b5dc1e852033d996327f1bf9f4c46e2c012018e9f01a60d8efd2af004790df3879f911d5302ffe150cab788b35fb487
SSDEEP

1536:SLc7THGpQ5/X3AvAzEyx9pnRpzWu6A+ArF5jwvXnJCtPP9Zi5qEuWMAGO:SUTHGpQ5/XQ29ZiEEuWMA7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
1220	msedge.exe
1220	msedge.exe
2636	identity_helper.exe
2636	identity_helper.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 1376	1220	msedge.exe	83
PID 1220 wrote to memory of 1376	1220	msedge.exe	83
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 1228	1220	msedge.exe	84
PID 1220 wrote to memory of 756	1220	msedge.exe	85
PID 1220 wrote to memory of 756	1220	msedge.exe	85
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86
PID 1220 wrote to memory of 624	1220	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65f033f051659df995f4e6f91b812462_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e846f8,0x7ffea6e84708,0x7ffea6e84718
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3685025670206970578,10738598878495432225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a49b40d9fd14c3e3e933e736d0c15b23

SHA1
f07f3a530e5ba77734f5af0ce029a06283353671

SHA256
74b9b8fa45e58b859266c25f577f22c7fa8708da5b8013c9ed739abd9a5ba450

SHA512
3c6596bcea100f119ddcbdd0f3d4810badebb30280fc20fc179f8c648d2b0662665e2e724b30919b869422e287e82227c834a1855ba3fa3b5b7085243c0c7d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e22ed409959bdb2629bdd411105e4f5d

SHA1
35d48e5cc1e2e42b68d4ff38c645717d5903dd43

SHA256
d49e0c658c435c0d3a7f29b0710cad5042a23334d9ce42d8aecc36c664e1e3a7

SHA512
5d41c844bc7799ad0953923128fec5b04bd7ac189481372b8a302ef3896dd520589e93f7258ff3d117e3e0cf09a23a1192e7369a2600d19e8341807bd2160d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3e19a8210dc7bbbf84eeb66c3c84a26a

SHA1
b3fc3ddd745570e573d3a27e6437013f9930c303

SHA256
191328f44cb76844bc1acbeeb44cd16ef8020901e24a66c021a4e68cfb5f3137

SHA512
5765de2ed9edee0dd7c2f7281712b616d78cf6f871597becff78fdebf7aaec756598d5b181c3050c9fcdbca17a3ae1389b61278122637f79db82c372caa9d5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58e8c8398c553cc62d95116a395e29d1

SHA1
35629b426a33d60c89bddee4d5c528752374389e

SHA256
5e9fe8d06f5d12e58535d3f951e0a06eb2020505fd67c0acd1c95b10f2bf6894

SHA512
751b0171e50c6fb3ff2589dc829a119047980ce866eed93b8464c8c6dfda26e5a34f3a07e3548339907a1da5e52674bfdab00c93826e76753cd8cd827eedbf15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d6c06338337c7541a155dfb39a73281c

SHA1
565996602a00a0d368e6fab2f729aff0cf01dbe8

SHA256
3fe6c38d02d41d4fa5e7fe26b848de50c74c672b26428fe013e45f654acfaf9e

SHA512
5b901fc001353d4502542d8441eb125ad194ea69c49f25baa5c6f183b5891a529a11291ed36abf8552a0ee5f1d66108b26bd7d776f077c1350ead0633554d21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f01b1fee31dcee0481148d370367ca5

SHA1
7e77664a40520b7ebddeaa3c159979cd77b5fd34

SHA256
198369eb71c70c7bad1e40a36a3cf00de55668238a51ca28a12dfe620288f6f2

SHA512
ee0c56d2f29b82e8e19c959d32925b048b92bb176b76b6e4dd4bd0aa66231c4256cc969f0650729190ce856e4c0c2db63d10efa60a9818be7fbf6d32c681fcd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e30823875a8a578adc5c878189d019c7

SHA1
c3e9e04325e3154120829d75709a443b8209637a

SHA256
f6bd6fca8f4c6a127cfafb0ff30091b7bda8d06bef2595c2cb32a04dfa55c841

SHA512
7c55ff50eb954df1a9f2d351dd57c64a2b9ac5193afabd244d68dba71a64bc0372ef09fc81135635ee4cb95d5c1a24b14f31292c8c6994c6f536230701b04655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
239827b20d316ee2d0f5cb30d446422b

SHA1
db5bdad005c0c554f02d90f7bb1610ed66a7e71c

SHA256
c93ce08c182d49bd366214688b523b5a4e5bb454a03cd770da4f127dc78ee006

SHA512
ad63fbe96692e34c6ec07287403c8c94f62bbf8c965495ac17bb46f6b4b7af5d551ff1997e9f5f654c16ddaa3de594c5eb30a9916769c3560ebdaad942dec30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dd99.TMP

Filesize
539B

MD5
01cb2f38c4aba69adfeb5fb0e89eeb5c

SHA1
6df4d28a24c83f6adc35674c9816e05110c2de90

SHA256
ac4daa4e91ff8dcaf15d7fef68c2958246ea5b255e31d96fa0a3578b76df24df

SHA512
3bd84bac170daaa4acfddddaf67c15cb1820dfcfbad6525db977f5d0e3de4a7a03f508861e1e6cfef611c6a2a5f55b62ef1dd9559f19daa2a4799c15d40cc389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3070b30fe4d024ff7c355325cd0e267c

SHA1
665611b3b9827e096de1bab8496d7ad95eb8ecbf

SHA256
bde397af1e5886891dc3431e4b6ebf7a239ed1143fe9e49e8a63aca49b5280c8

SHA512
17eaa30074a2d91c12c19c43109a566b2b0eb1fd88e45e43064858093bd7c01b54a7effcd9927281ff26f5bec7e6c248f5cd14c5cd3b9183170a21133955786c

Download Submit