699c2fed7b5ad31c563c039ee0cc94c8e4d6dd87e52dcb418186264a420091a7

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44e68956285d505e38878693ddbf1c89_JaffaCakes118.html
Size

222KB
MD5

44e68956285d505e38878693ddbf1c89
SHA1

2d344f617e51e64491839c1b425b14e3ce96b05c
SHA256

699c2fed7b5ad31c563c039ee0cc94c8e4d6dd87e52dcb418186264a420091a7
SHA512

0a0f1212ccd5d7063f0518e78731ad30b420fd755722fe6b3b1a060e0a81e25691e06552c321d336b86c3f2e7049eed7398b1167a859b48e370c29fab0cae68a
SSDEEP

1536:/tj/YRfaHH25bUpS9X/y2n2y6LPfELQSqGRFuvtWbFFrSrErJorxrrrrrrrrrcin:/tj/YIHWGprrL0LYtWAHY1HpVm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
3140	msedge.exe
3140	msedge.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 5100	3140	msedge.exe	84
PID 3140 wrote to memory of 5100	3140	msedge.exe	84
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 1724	3140	msedge.exe	85
PID 3140 wrote to memory of 228	3140	msedge.exe	86
PID 3140 wrote to memory of 228	3140	msedge.exe	86
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87
PID 3140 wrote to memory of 5000	3140	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\44e68956285d505e38878693ddbf1c89_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e3646f8,0x7ffd8e364708,0x7ffd8e364718
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1992 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7158687145878624525,15375002967174722379,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
32KB

MD5
574b412678877da62c68048e452f7808

SHA1
79b064d03b1d70cffab75559138baea385f5efd1

SHA256
00be94a8193aae2f38c48ae1af55ce3b7d242cbad68d3309aeffda8f426268df

SHA512
4626fd1debe6dd5db06693fb7e0783dd2bb06d433fa48dcca2a6c134550aff8554dc40254a6cc50b3dba2bb02c566ec6185a4eee3daf79aa9f32fb3687fe8b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
23KB

MD5
c6ee151c95d5bd2339c67eca774449fe

SHA1
c2de7e4a87b91ddd246fee53b8274b35fc55603a

SHA256
65edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09

SHA512
eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
5362821975978b58cd4c75c4d99f0397

SHA1
ac824797d452fdc54748f9bfe175d19d45eb55dd

SHA256
a760eb809b6273708cff3403e53189a7ea21baec2db8fc30c3b8182970be59eb

SHA512
03305cac1a70259a1a23739a5f7d3fdf95cb0637e9a0b065fb50895ba17231fd5f302c7cf5fd4331d04084a90b6f0bad8f598903d853c4c7608305361aa563b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
d5e96aa1514cfc25e01ec80e4411b424

SHA1
8f05b4939311acee1f58f2ef19a61232b69de2d2

SHA256
6ea8c207019de086d687f55e5c1e91320e1cbaa26c74f6487520a74a435aba06

SHA512
4e76fec580e2da4528a5e095e43404ec175613c4e31bf6cbb57e55f6544d0ccd10b105b7b1647a473a540b803795b74e94fa2d852c04d5f4fb8b1866b10223e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0f54ba35a37302d22c5ab31f90f1c555

SHA1
3fd46e851814458b091b4cd7306fc3c66f1d350d

SHA256
bf0bd98c7b9ff578305df22e13466176a1f55bee09e0d7f9bd7ee85f34cdb625

SHA512
1eb28217d873d38bff96568ac12b9852f7efef0de316ae3e9781c04012b3e4fafb3c59bf0cdfe6c81157e3184de3a33758e971d5e3d61028cd18886cdd7f28dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
296d16eea2d9d6dcad072caa7ff5c812

SHA1
d0a2ffe123fb3b52028f4e300cc0420d68846974

SHA256
c8d4331919c276b65b873a7e1aea77640d0f95fefd57995b2f1f90e5d79e12b6

SHA512
1e41ddd95b81ccc282a7db824d4052d33fc3fed7e59c6a2ac4eb692a8a5686e64ca58f3736a61f3fa6d3f4ddf7b58b2d14747d81d1d12afa23881fdbf6a02062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b5f414ac35939ed5a5367437def5af2

SHA1
e3742812a331f419ee1d9eb3536dcf59a37c026e

SHA256
13706dd7308e42c698e739c6f465af1a531ef17ee11bee1a74c7d64f1e2e8145

SHA512
32384e2f8f7305cd104e75c47fba3f98e47cb9cd97e0f9b7128121fc45a9aa66ad9a3aac6e2d24adc55af2cdb6db36b9f5992d821553d50ec99c2aba11567bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9896f5adac79e9d02d93ff96fdc0ba21

SHA1
bf421209e16a33fd72cc308e3f9bfe30d108ba2c

SHA256
aaf4e2e9263314c9417bf3e0727cd44a5c7515f7eff5e0402a1c67644693c8f6

SHA512
d0cc455a17cc5394864c3def06885d43e515d61edb8b6cfadc81675ce00db6611e4d91e10f721863ef01024224b72f8da47442515078908d1893d54f51231d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6d6054bf475cd3168660f095e9a0d1c7

SHA1
e5dd5e12d3ffe5685a80c4f7d3ef84ddb8b0646b

SHA256
028350c87bfa5bcb078ae9bdf65168bbf0c10c53b37d5daf054381fc568e4362

SHA512
3255b29059efbfea725eb52745a84121382ed8f834465472f9ddbd2aebbba859b5e1874e6b0acb682584477026c66f1f298fb1594140e8839d089b037409399f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
167826615f2d95c8d34f56f3aaac0d67

SHA1
6c87a2e40ae2ad2cd20818738b868e59518c4cbb

SHA256
252c9fea89d553b4dd3e7fde41dd7ca4e64d65f19ff04d6adf3ba465ac169541

SHA512
8f6a26bf6ca75d241bacfaaae3cf3d2736e756723e91d3232f6b53c26dc50565931f87d4adac30b898e948eb88c8d323725817960e03ac3f5a80e3d0c96c3c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a63e.TMP

Filesize
705B

MD5
52713b9d8b1c670c5f5e7349538b62ba

SHA1
9b822885446be2af693ea0a8b3df1c3e53807965

SHA256
887a6128c4b9f59a6c1e0cec051a8ee6a2484835069539cc216ae2ae4f889ed8

SHA512
2b2eba51dcf58daf12ba3bd7132bded1f061b60d94f39cf30c47ceb359910d97b41555044c77a16155f3fc64292a4c87c2e935786e5605318c22781b805a5334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4a963a5ac7a24225f2541719c34abf9

SHA1
475dff155c82b29395bf6e7962324e180dfe6c42

SHA256
49c1176bbd9b7897fb0b2c1a5f0a7acce1cfdfe68e150f93e7eeac6d1f0302c5

SHA512
62fa7000c4d4dae54f6b2add1e5454203f4abfef818a8d641744ae7ed4b35125e31090ee92ca751f70cee1cfc9ef68940d3dbd6d8397080e8811c064cf329591

Download Submit