52ae244bd5cc317b55094ec3854fc1331c99c1a5d3401def0522b883775aec92

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1ed51b25c01802631536a8f9cf26c78_JaffaCakes118.html
Size

128KB
MD5

e1ed51b25c01802631536a8f9cf26c78
SHA1

1c6f9adbde3d1d3ae5bfc681c0cde3360d4969f7
SHA256

52ae244bd5cc317b55094ec3854fc1331c99c1a5d3401def0522b883775aec92
SHA512

dac2a5a5ffbbfa931cb4e521fa2abe065071b3e13283c13b280a7e5616322b779bdc4d4c79dda83627eff2ff8439b43311fe220e8b1f0af5877a641e86b7ee1e
SSDEEP

3072:2rKdWVFPIclH4o6qZ1UfsaNn0+qPQKn4zV4DEGNuVC8lY2n7TEHg:2rqqZ1Uf8iV46VCc9

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
16	sites.google.com
23	sites.google.com
24	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
1176	msedge.exe
1176	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 4472	1176	msedge.exe	83
PID 1176 wrote to memory of 4472	1176	msedge.exe	83
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 4860	1176	msedge.exe	84
PID 1176 wrote to memory of 2344	1176	msedge.exe	85
PID 1176 wrote to memory of 2344	1176	msedge.exe	85
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86
PID 1176 wrote to memory of 1916	1176	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e1ed51b25c01802631536a8f9cf26c78_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9542046f8,0x7ff954204708,0x7ff954204718
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5928239909060325252,4376647426451103016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2c67b7a402a7e8c350b92b36c2836cbd

SHA1
d69855efb5672828451509cdfd8341b39c49bb78

SHA256
43776200f81d1bb6502e9e292413b48d5770f78260a9dbf2a66c8ee90f39f58a

SHA512
386af661d31b4e30201386a554b5a06f000e8716baefd81a5ab5dd0fb4591c3f305f47c75a3cba5ffe09757395488e412d494c8588752c6a16a5dda07bc201c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4ad9f66fab62acb8a244ac00942df8a0

SHA1
fd1172a2a8b8aa363f31f0251ccadd4232d214bd

SHA256
e63b6303d2784f122dabf7afe6d2d40ca39cbfab21768ee9b190fc820cad27d7

SHA512
2d869139dd6300543e1c0413afe5e83e0cd712c4483d416f8c2cb52d91fa695d065fb579155917301fb409ceaff3f7e8f23bb6113e634cb77c2732c251e6b0b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7dddf1a8372f2940a2ba71c6d0d9ccd9

SHA1
232ab60e2a5cd57c18852baac1081c3138d510a5

SHA256
4db21668d280437b4f9125f2852513a4e9aeaf5829877b8fb3f135c50ce7ee6d

SHA512
f786b6a1398af2c1ccb3ece70428affa72f7771792cd81eb8d02988fe2ee963da5badfa6557921eaea3489db704a4a1582293a5cefab9545c7e6a74c4b3b757a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
01abbd6e5276122eba99bf5dc1c1f3b4

SHA1
aee3353fe04ec2eebd023a2ba062118782d99f83

SHA256
89981fca564b6ac97847d801405ae9bedcce1cb1a9ae4ee96b44e7255e501f65

SHA512
b57322f2661fad3e06e0bc337dc1fe48c41d3f276c822ca665bb91d6eeb712841abbbbdae330a74536ea328afd2d311ec355f968d214981d4decf8e0828a0623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce982553724975923603d085b9ff84d0

SHA1
4777eefc00e94272c678569a10bf3eaca131dd14

SHA256
529e13a96bf9a828cb7456dc1bac0dd04b4b37137e74aa1987111e63a963693f

SHA512
7729b76b5f22f8ba6e993964a4790e47d006f9a64ec63422bb978d6ef408c76b6c58d2c83c89e53651c23f60f3731ed7ed58f89197af8344653bca4e15953875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62f0a963e75c4b73816ddad5cea9723e

SHA1
004afa6c5bc68a1c343236a96095dc41a7fac684

SHA256
2d6a367fc7d1398ae64e8560210391411f2650984280622c6dd4a65dc000ff22

SHA512
db9f44bbe4236ed8883cde0ab5484416a43191ca9971ce0360722e1757ae26aa26f1367840b67f893a7ed5a94934dc6617bedecab5e41c8c92289d98cf402bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a91cdeb59db0dceeae38dc75044e71d

SHA1
c90a3b311bfc36f0e8a866fadcd740b39da63a05

SHA256
195cc9d73006c8574e40467cb663b7ecfddf901b3b2b0fb485c1a6479965877f

SHA512
2049b8b7ae54c156bfabf5f06797adc21c7219be6246da0382c98ea6b95cf190dc68cdb7d949a60a1b0d3b2bcf101dbc17ed392d98e96696c20fdf7d05499297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
899bd3377ca7c7553738f781b00dae66

SHA1
cf640127994b415a1d7f111fac5a4756b98dff85

SHA256
1732753be1593b94525d7f18d50809a262c9880c3e47a04a05a7d143a3e00fa3

SHA512
46d6590ac6242816cc58e7b1a5aa1c3e586852d053c9d93756812db49829660c8f80f54d3b965a6ae8cea57c74788b2c2cbf2bbe407f252a2d7adc21983df306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
d816a2af10f1739b0e078f5f8733560f

SHA1
1d64457a747db98f7d506251f7bf91c710986c3a

SHA256
dc8528ba41ee72ec954e0d3b35d177aa6f6842a01289c46ae739dbf14927ab07

SHA512
d925625d1334c135f6afed86bb457e1d9592b5584100d61416027ae6640dec0fc630db7974cd702ffec385164ad08df9c771014cf4d7fe4bd3b7d8eaea707af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
fab86d2c03c8ac3526bd8e64558b3b8e

SHA1
0906c9f3e6c9e07ff7cd19f4a63d105598df024c

SHA256
7ea0f996ea9d20aede77473b4ce6c0307c6b45e7e33d1a416a4b88aaaabb61ae

SHA512
39f983b0121a41cff8b6397ead833d2a63ea813fde55a5b8870b5023a2ef7e98aa8d78d8456eff624a80fc807e2d23970f97bb67a4080a414b7bd5deca89d054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581400.TMP

Filesize
370B

MD5
b40a1782bf1cdb76b5fbafb50626af9e

SHA1
0c3feed5feced7bdede9a8b4fdc168727fff6569

SHA256
aa9e821ac6fa42071b7446341d1fd6c7ce9d8b1dfc2344658a850f0d92492d0a

SHA512
34b5bcbd9680958cca743d9d9ee7ad94d87e871aa662e056a1b3f7a6b99ba180108d4ebfdf4f233c0badfcb8e9871b3e62e353cb874990929810bfacf93c90ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39d46ed9a02210f1d1174f8c39b65ef7

SHA1
91bf5be21dd5cb516dd103602a6fd9652d33c4ad

SHA256
d92fda6752fea62e22cfabc00a753a5ab225b0c03d849291475f58a70452d9a0

SHA512
6d68b98c7f4baf61ecc3a286a26fe2ca8c47b8e98db1ef894d4ee760082dc843ddf007698a0fe84446d3a8be913cb81a1ef14ce3c772539d7db3a6b75fe9b4ea

Download Submit