b41e00a17b247a1c8d8af029decac811ecdb1f375d2d54a9b04d737bfe7db18a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10474bdbc32f07e233cfa0aa2789ab6a_JaffaCakes118.html
Size

282KB
MD5

10474bdbc32f07e233cfa0aa2789ab6a
SHA1

2cce7de4e9b51dd4aba8ff53ad371ba0b1c3b62e
SHA256

b41e00a17b247a1c8d8af029decac811ecdb1f375d2d54a9b04d737bfe7db18a
SHA512

ce6a429a7aa0a1d461be8fc10f001cfe0d75da8e92167059d942d580232d7022e27098cb782f65546fe0feec49106ad19e74504a5ea945213c19c75b8a75ad02
SSDEEP

3072:O1W6WCiqYxDNvG8rmgcXmNRSz7nLer71BMn3/1BmGg723VY7RJvfy3d/FpL:7DAXmNR8/j5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
1120	msedge.exe
1120	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
1724	identity_helper.exe
1724	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2476	1120	msedge.exe	82
PID 1120 wrote to memory of 2476	1120	msedge.exe	82
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4112	1120	msedge.exe	83
PID 1120 wrote to memory of 4120	1120	msedge.exe	84
PID 1120 wrote to memory of 4120	1120	msedge.exe	84
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85
PID 1120 wrote to memory of 4232	1120	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10474bdbc32f07e233cfa0aa2789ab6a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c8c046f8,0x7ff9c8c04708,0x7ff9c8c04718
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1783609329487311083,9935909914457992055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6062f571-2600-40f0-8d88-157b2e61c6fc.tmp

Filesize
1KB

MD5
975a31bd25e2888e9a64a34939ab1ead

SHA1
3cc576c698c70b66b16433e7c48584e3ab8b80c4

SHA256
b96881e73e83d5aa41478d9143499f3a19cf29419bef879b09e395ade176b2c5

SHA512
72b942245c4c7b2ba7439c6456e8e79e1d00aba4eaa3f990ca10cc8dc99468c5229340f0ac01a65f6d8b4b3551fd38ba4ddba064f804d0303ab06d35fd99a9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
ba16446d3d17a4f4aa3c0880fc626139

SHA1
dc8508bb58c7fd75a075be5b1948f482691d25c0

SHA256
83c4e32b4545e45bd3e673698c9c905a7f9ce02ac5c08642e5ccdf2624c7a35a

SHA512
4f9025d959fe3dfb874baa5765d9b46d8b042b6772a4f79e5d56ba4226b872fbca5eeb60ab93c3c247445e879194cd787de7eeb4cef8654ba0452a8601e05711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1eccc6bb91b9541fa0ad980fb83bc467

SHA1
da3782a5cf55dff9dee51853d05437d9c04e6d4e

SHA256
2cd7da0a504a28f2d88bd426eee5954248f7bf5823e00696ef334684ae18e6c9

SHA512
956f020124beb5d477bf076cee2b9aeeb85e5ade2e292718bbcd19a6cd93eb94d57b678a2125918304c4f12ca44f19e4a1de137a2fcdf4ad64a0f1ca80aa2558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
2f184f2758eacae35f57acb75b230aca

SHA1
b077574c5e03609af951660a580f8493817d1c08

SHA256
67b27f5c267f692d0d68eb3c4d4dea0c024ae657c643d20ac21446b7eb589df2

SHA512
67832d7c67c752ec4bab4b21ae307d87e59e4687ed0fdb046a4ffd83e844c592191eeb785f84778bdf2eabf6803db47f5d47106f77b203c64ec81ee6f9637523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69addf655315b4f3d11bd5450ca5100a

SHA1
50217e57f68352ca0de1af4f5d8344dcb9789d50

SHA256
ff3898f39c11758de4a6df95c2d335d1e8ef00ed0dd92265a8c7ef61dc26aa00

SHA512
a4b665ab61b5f5fb475d7184f5a4079163dbe02a400bd03916d7beac64b8fcebffe6f655a03580c88dfe755cf573ede2877a097ffe32493a905594c730ef97ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3804d02afccb95659d95d25b11bdfa8f

SHA1
49c198eadefdd71fc2ab69f1effbcd5c90a98a4c

SHA256
c8626ca7d48c7bd1ca63f92e6eae44d751e8808d81da4eecb31262f0fbea262d

SHA512
6374c7c6c07116c5e8837f1f9d66ee214db50d8be40efef64e121021e2eb6254e418c936a2d841cc793b9067e2034ce12d971546abffb92f7cc372ab164cc453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
49c1800f5d102ee73f8c572d3fce72af

SHA1
532ec9d6c00121100332204d304cdb46ed30890a

SHA256
3623210fb75b927e98050fd08f7ec5911b4b32f3e11fdb5f0b7d52eba45343bd

SHA512
2f8e1add437523343ee9589d59add7dcbd97cbac7e157ae516316904ae3c0c2755ef78dc014ba4b012b346eae39be82035dbe118b39c6425da62a0e22923fc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
5913183c8c9ad2c57308667b94985054

SHA1
efa84420dd4362993a3d289fe8dad4566e8c6b8d

SHA256
7b62d4f4888969c08b98fbffb67be67ac1abfd25afce80a78c83d3cc6f66a413

SHA512
9faec9f987a0c397cd35f198152d566ae52bc24823d8a9681b1001c6a575b93d972eeb41086a17cf336a69d473e8d11315a77a194d5b3e98c14899de32ec8e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
699B

MD5
e5d5fffeff33a03723dcc52d510df698

SHA1
ad26f1469f51cffcdead29507d8150fa3e3669c1

SHA256
784d33d58d8433fee007bfc20f61edd9cf43694cec3dee03327959e35cfb27bb

SHA512
fe19b478d9603455bd3966371a3b886590e277c39a5742f02f7ac581d1cf3e1e04e97c136c9d7021397abaf9b47a5c09df8d66b42982a9b473186f4c3b9ced4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
02ae129b6c99edb4d1d967b187b42229

SHA1
1c7a548398b66f923b69641e63f529e68a18131b

SHA256
74ca07bc986dddbcdf74660cf04f7a06207fa841018169ea1016dcb1db359244

SHA512
4eceee946a9045e2519713eba7c192d77858a889ae28c6eac77222b1f6a2bcdb76065d816f3223b4b4be977d92943a7bbbb808b387973827ddb35b6d9823f641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ffad.TMP

Filesize
203B

MD5
64f5b994a8c685c03dab82a97829dd9b

SHA1
dde1dfc3cb713bb190e8071c081088ca8f3499a5

SHA256
41178478e3a7b4b66bf028caa03390f0fba0c1bbaf76049dfeb0c8bbf37a4ea4

SHA512
ff6efd0e28c1264a2e0388ebccf7c69866a1926c31a36ae49197e12066533cc91c7c07b32b2558c1824120d89a1f4364c7c07863967bdd5532ab0fd5af2a8f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ae5db34329be6f8bffc516e30c20523

SHA1
d652de1be8b67f3e20f1e2729b838eba2e0ef798

SHA256
36d8b37ba800808ab5f6b4fcd62e21af2916b8ecc244a843a348913fbcd2cdcb

SHA512
d02e37e2a230e3d70afdab305df7c0b1b60eac1d2f66409b3664431b7fcd9e5b6fa72f5f53876878dfff87615e6783991a0c8debbcf68d72b362236bccc03dd4

Download Submit