b5dff7368b0459198613cf04c013c0dc52cdfee0a6d7291e8af4a895c0a9799b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85afde67c666613b740d3100926011d3_JaffaCakes118.html
Size

30KB
MD5

85afde67c666613b740d3100926011d3
SHA1

cd72bcb237689900afb43cfbd5fd3cb4d97b7f71
SHA256

b5dff7368b0459198613cf04c013c0dc52cdfee0a6d7291e8af4a895c0a9799b
SHA512

28abae21d37a107ebd65e56de69ce091624e9e3cbda6665244c4a35851451f9ff84f95e501bce36f9f96086e1762c87c8b6142769cc8ee6754b6ee513e09d3b2
SSDEEP

384:08YL4HweurKNyLFN6cQsQuIfEoQWa37tT7GK3X:lYL4HweaNLmcQsQffe7tT7dX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{3FB8A480-3EA9-43CE-9F11-9E11890DAF1A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
3256	msedge.exe
3256	msedge.exe
4368	msedge.exe
4956	msedge.exe
4956	msedge.exe
940	identity_helper.exe
940	identity_helper.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 4248	3256	msedge.exe	81
PID 3256 wrote to memory of 4248	3256	msedge.exe	81
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 3964	3256	msedge.exe	82
PID 3256 wrote to memory of 4372	3256	msedge.exe	83
PID 3256 wrote to memory of 4372	3256	msedge.exe	83
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84
PID 3256 wrote to memory of 1580	3256	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85afde67c666613b740d3100926011d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a06c46f8,0x7ff9a06c4708,0x7ff9a06c4718
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,6499014352036090415,12978016894610827603,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c12b5f2-7979-4d30-977a-e44164323dad.tmp

Filesize
1KB

MD5
b58844cb63d997572ab4cae5e85f4f36

SHA1
4404482f886f83c74ef518227bc07fca98d76591

SHA256
859cf9c5e790d8ea215b23ccef59071b960e1b5a0c9d59a39f893f63e138a0c7

SHA512
4855f9308faae54c71b73bfa6f5b094282213749b1f94f7b6917391547ee55ff1c31b39bc40bdf4f33cee9e77fe9eccab583cc036aec3753d4c6c3abac66d766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1bdb7dbdf48bac958bb8f0e271308000

SHA1
b920474dc75386967e28d4167dc62f271fd77526

SHA256
c93166500283c68fb620eb0f316cf7ca99f1bae45931076e76c1b8b2e1a65e51

SHA512
257b00723559337107d78e902bafb829333ae254d8b7827f031414f3a5635d8c3e5b4c5d26bb2645af41bfcc1bcb3915c9bc3f260c93bf1d4a88c011e3ccdfc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0ccb0e583297e55244927952aa42bac5

SHA1
f82d48346abfef064ccd5631f1453eff5dd4a440

SHA256
f8be6189682804061dee25b9af46bb6ab167aa8748a12a9cad39020403da40ec

SHA512
1279dc871bf44f3849bf2b383fa04d6ea7d07ef95c96d9d1457ce65a37e0a17628749a40a5725a1391d1fd24a07007b352e6e8097bd50c7c71b34f1b4e913d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bd1471251e04872f0826091675ade6d4

SHA1
492d29bffde0099c5cea391054550430d0e1a3c6

SHA256
32e968e4f55984fec5ca69fb547c74d2f6c2d890031cdd7f09ce66193ee0e709

SHA512
07cb911abd5966b7d5e5bf6c42a7b14436ccacddf4406f25190b0c404bb9a333e3eba7e7f03953ddc661f6d6821f2d51809a1fdabb52a636d598ae87ee201b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b9540c869da4214544f13696bdeed20

SHA1
ce46ba55d9ddc4a759275bc8fc346f0eac78525d

SHA256
b89c008e71ae8e08c97d283892ef72da3ffc4aef16c2b7de05d445b0a3d09ff6

SHA512
94e3076cdd49159e40a88710205b5443a2f190b20465e2a53c05c3f4835baf9941b12aa8d59c6976325517aa8288fe8c871255385c3998c985704887c459f5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b5f9082f122cf02667a10b00c55a35e

SHA1
032630593ef580a0ccf0cb9d24d8f0a8d712d397

SHA256
099bf50788c8c1a04fd79f8372d95cfe449e8460218ad054dbfd77f7664b0bbc

SHA512
8d6133f3700824dd3f0de69fb5cf6b2b662a878e3e1aee30c982c7f1650873c4b82c864ef5a034ec2fe456dcd7db91eb241698f2545f2dc7807d4b67bdcab7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3db2a107be93d4d01851ea6e8e74e0f6

SHA1
cf4027056765e15a4bbd3885a559a724f67f54b0

SHA256
542d8b7db65f832c54d4d0282076cc3e2210033443441120fb3898a7a4811e33

SHA512
bf91c12cc3251dd4b26e12206890a25ff141676c8c24ae0782bdf7b700b6c3da582a2543088d213dad72ef18af48fe934a8071dad7162811796d641795c32d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7450ac1716e79c4d8b8f7026e123fa5e

SHA1
969cec5aa17df7296591f63f88f21da6c779db43

SHA256
0bb7050dcf4cdc9d1ce2748dbf992964194c2e3ba0eed50ab33a748761c7d2ad

SHA512
6ef9dab4a67c093f0c418db76642a4f23f9b7405923885104481ab426dd10cc1fd0345d8317c455d74724aeaffd72119c0f30f14d7e8411447adab0ad147979a

Download Submit