53f39c8e7c57f5544de236b64146c96390d56fc908a8f827bca622b2fe24c22b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94d00fb382070b81e957d0997489ef03_JaffaCakes118.html
Size

302KB
MD5

94d00fb382070b81e957d0997489ef03
SHA1

fa2129deff58c8f23cbe8099557f0735a8365ca9
SHA256

53f39c8e7c57f5544de236b64146c96390d56fc908a8f827bca622b2fe24c22b
SHA512

50e752c40a58f4464a9c969739ecb81a1e9acb46869b75f30491e60e7075a8a5e1f5fddefc54d6c9399e3feab699125baaa2d18671f4221a0c25b2c7adb6cca1
SSDEEP

1536:UhE3+1ZO2uNzre71iRL0YWre6aB1PxCcaSu5BX3mRAh6d6Ts8RX:14Zgz10Y+WrPxtaSu5BXsAh6Cs8RX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
4600	msedge.exe
4600	msedge.exe
5016	identity_helper.exe
5016	identity_helper.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 2896	4600	msedge.exe	83
PID 4600 wrote to memory of 2896	4600	msedge.exe	83
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 552	4600	msedge.exe	84
PID 4600 wrote to memory of 3592	4600	msedge.exe	85
PID 4600 wrote to memory of 3592	4600	msedge.exe	85
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86
PID 4600 wrote to memory of 456	4600	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\94d00fb382070b81e957d0997489ef03_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc65f46f8,0x7ffdc65f4708,0x7ffdc65f4718
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8432789405924811575,6527915164973447332,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
e9591bd1c152086c27a25c064927ec61

SHA1
f5b8827f57d23ad7a9387e19f1b0da10b7fa0efe

SHA256
9606a086849259e8fb2836273d2c0d955b479ddf0183d417fb0f4fffdabc3182

SHA512
97d21ed7085f4017deee03b76d7ef83feacf667c278ef01f2611932d511a67c3d40c892165d63146f6c23b572363bbe510ce9c702c877ecca7030eb67d64babd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
d1d71de58c1f63af70b07ffb4993e5e0

SHA1
819577e55d7faeac5265a48947b26c8bb0e47ac3

SHA256
a6b4c4648429046c075472c39c32246f6aba375614925f0b1bf429034f850c89

SHA512
237e8441c4a90a9c2126fae5dc0c2c36b45014fb3738ab05a81f8f6ea4d7cd063fedc554fecb3ebd643a0b884a51f0a990f554f27e674a4b8dd9ca36f4bcac71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fffa67e72676c011d411e96e57feb218

SHA1
9d66850ff329148ba106fdf3bf159f419764a5f6

SHA256
d174d0ecf5578be6b65f0fe3d26479a407c091d36e24f447e80452013be83c57

SHA512
3925e11472345816f6ab626c41eb073033aab3d1e7bc9eb003d05e2229b275012b6aacbac257ac73bd3592fe08dbbd4788f19c21a493c7c4e2efb32bc114738b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8826c73e366558d1f620ab935c43d6a

SHA1
4f5e070dc71ad391e1bd7c7cfbe7b3cb477f3829

SHA256
7d9b64d8c3a94cfdebd8f1aee3aa10fdf3f83910f70cfe8778e4468a5114c4d8

SHA512
f26dd229ae5c0f246ec184a96752f6def81b99f632064ad69283efb11bb175eb5082a7b479358130716b2b2404f619291deec080e206100817aae3e7dc2457c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
631b9136ee0d44fb8c5da9e4ae45e80e

SHA1
b1bdd276b2bdbeb48186ebd4b3c24018581b538c

SHA256
ec662ceaf235fc5cd6fbccb8cfc61b15511c35cd8a5379922cb9d3bd8e8ac9a3

SHA512
fcb29f4d14730fbda6107797e6f9d6feee27cf70094201da3307af711664345ea3d764a310f89f39f871f54e071f9b617a640377d0cba33be379dade1fdff4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15a1a084be2ebdce8081227c8047cb47

SHA1
63203cad6dbf59b40257d47c89d27447f32c90a3

SHA256
19fe44e8740ecf73b8b90226b19dce927bfacaa80f9ac7a44ed9d85538346257

SHA512
14a60c8c3f018314e3f0806f18f8368985dc49f606930f112414c33008a81bb0ee0b4bbd3b7475873a41e184b8ec4b05e62f45692de48547f89db35be29b1e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2baa20086db325ca8efa78538bca3fd

SHA1
2e2fcff12dc546efae10bb271282cdf974fb4fa9

SHA256
4e6609571ebd58367f378b1a44fdb4c8276d216329e3adda10c4da89eeeeefc8

SHA512
ce764871a819f2db7b77a4a092b3f63088702d5f4543ae5697b276cf6dc76f8aa1e16022737daebc42f5cf1fc292c989dc1f299cd3335649e659c57d3d2817d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
1103f569ae8910cb94ffb5c83e26c198

SHA1
63053644a90ab36f803c28c16684c43ac892c52b

SHA256
5d4ab9a4a82b0a17ed96e1591858af946211246932c2b99de64f5ef055ea6d2e

SHA512
0b8c8ba21232f6517fc34daff1ffd1874d771d21f7dd070b33aa0846afe7787f175111e8a678722ca0442a9988c12a0de81476a24429176dd88e59bd8e26179e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e3e1d81f77c4051108b8c602e907c30f

SHA1
3efdfb6b8798ec07b9d0ad70e71a4981b01470dc

SHA256
24234ca3852d95375e291dc7864c007d8ed9517d3ef88811ec0ef9c28be2903a

SHA512
d5961d33525f52f3dc954b124d35dac134f80a8c9d51812266aa86b8be9320822ccd0b42fc9f3e50889572c5c8bfca75c911e72692dacc948e9330515a25e9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5819cc.TMP

Filesize
538B

MD5
d68b689983f792fcdfeeb6f9c4436fc6

SHA1
2448b757512adc3a11c451055518e1147b3419d8

SHA256
9567108c51a4639251f70d3ac2374ef4995236f10ce8cd828dcaddeefc46493d

SHA512
d6d29d17bf161a5afa1ad32806c2ef74d231fabc98db815493e9b8fc43e1f93910ac2755b2451d1b37a2eecc5e62c4172c64fa4683cbc301df8b02f29a73174e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4375c6a1ed1a5288fdadc3490d40a0ef

SHA1
619f0a447f188570d2ff01c01816cd1d3be3ba6b

SHA256
3c5d5cfc941629b4f89f8c18af97022d4ad33bdc9cd12c632859f8ee26f61898

SHA512
42626aaf3902d1dea238d1c65d60c167166e7c1a835468a7a176cd8b0ad3c6c81285ce3e1aa0c90ba9638eba60817d969ede3e45788b9099b9ae66dcbec5fa79

Download Submit