d4bd4d7a19382e440aec614a42bfa663519812df677ed879e3deafd7540a1c1d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f40a166e2fca564b558bbb69061cf1be.html
Size

220KB
MD5

f40a166e2fca564b558bbb69061cf1be
SHA1

4ccca132da4023f7ae79eb834309cb1d8cf7f3d1
SHA256

d4bd4d7a19382e440aec614a42bfa663519812df677ed879e3deafd7540a1c1d
SHA512

21e46937d48bf8e3c7171c7b2a8c0ca409336f32b72b348b0c716999e6658ac0cea3c879244b88e4fd1af89fa2354654749aa1464aa6698c21bf565091ca8f1e
SSDEEP

6144:7+RELVzhXkA3d8VZQvzwV2lms5JBpknvjXGXgcH2PGgKQU:SRELVzhXkAN8VZQLfh5JBpknvjXGXgcp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
4380	msedge.exe
4380	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 4712	4380	msedge.exe	83
PID 4380 wrote to memory of 4712	4380	msedge.exe	83
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 4156	4380	msedge.exe	84
PID 4380 wrote to memory of 5108	4380	msedge.exe	85
PID 4380 wrote to memory of 5108	4380	msedge.exe	85
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86
PID 4380 wrote to memory of 264	4380	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f40a166e2fca564b558bbb69061cf1be.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb596c46f8,0x7ffb596c4708,0x7ffb596c4718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13251259385021579852,5944274801405984732,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
773b1a6953cabddc7397e6179a06929d

SHA1
8e74f5c7d97cbcd835c30a899b53da7948322d32

SHA256
411a030190434f0639f562342e7c66961664cb7041c77a3b25877c6db7ae9b2b

SHA512
d043a14bd69357439986edefd1ab17f3c405414cb373deddb342c3a76f79808175cf86cb099420d99308d8901123ea6f6acca435d0739b07c8502b303711aa39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
42912c5e3f52a54dd1293f370a649d99

SHA1
993aef3368376ba1158220239ee99a0f86126a95

SHA256
9237b8096c30a050e9123ec84cfefe2310a9b450212b51c56d21908caa44161d

SHA512
281ad48cacd0423c564833694bf9cf2ee201fa342c87cda825c73647b0504ea087d857eb9be771c4b50433a3f398ab28002319369f389bccd78e21efb7501f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ce70d333e1230ecc624db57fe5355907

SHA1
1c674639bc78ebd32e70a58c50c75a698cd1873e

SHA256
708924195e3c558903f0945ca4880fbe7d4eceed8cff33921c0cabcfafb17518

SHA512
ec1513d3284bbbde77eeed134c0346b953753423c3a3a23f4b675e56f5d9129fd6bd9ec1d8588804da0f90c1615f43e22944857dc9ad6fb302314ee76cb4b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19315c3bf0ecd865c082edee36f7ffd2

SHA1
57139cedfbddf67a619b21b8ae88f6ff5743eacd

SHA256
fde6f9aa409f94e9c12845b13da0f79e95d552f48da09774e261c9c483614065

SHA512
352eb64bcc4c1297475e28b1a5459b53796ffb17566d1c46266c725f612ba6cbccf8b9d27702860b47b1629f512fac107f25dfae72a03a9dc72703be6ca3347e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b266c9e2cac858be009561c0b5e98eac

SHA1
8e18a81890f7e61d3690592977a78e3126e5923b

SHA256
e437c9ed263e6725ea1e6244a54bfb24cf9f442421f190ccf710e50c8141adc3

SHA512
d52f4985f405e5fcda6056698b0ca68fd43bb6a6e93f6c42f092a0ade7d951c8a83bd842786a8f74e59fd52eb3c19fca38c8d85d52a60d363be9481b5a0c8d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
047c6b579c7ec93fa1c1ccaeeabdda90

SHA1
88d853ffc1c9b7ee41ba81deb0eef88f884d1e8b

SHA256
6786d0e82d3a560931722f4bf9a711bb38529be2a262c42ff1225647fc8c1ba0

SHA512
46b583a4a0fe87cda610361932ec11045e097d7970525009a065efbe1b24464fe4c21ca657cf87ab6a9d52b541435a78c5aef583c080996b5cb0607ce136aeb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c4d94f08cf8c250cefc75ee71a078b0

SHA1
789158ea6d1ff4a072316b846bfcf54293734000

SHA256
412420e31120298a1e8c7f157d91180f26ced92e204c828a3ad086529ef48abe

SHA512
1082f65c1120374cc60497bcde0a417ea17d4612df8bb386c29ff4fb416f28525caa25bd5adf6f21207949ba2b7193b15b7e9c926e654c6e93cb9af28953ad73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
41f2af5015896fcc719d5c1dc835014e

SHA1
7ebe7571e5863fd8d39b5a623ad1a9f75a88d3cf

SHA256
7ce62606794a38cfa6311b15d5b8e8f986604c585f05c0296c6a0efc6513aaa5

SHA512
9e2cafe1e004c227155f1b0e8f16945c96b80f77d43c4e72ccf68b3f376a1384fab96d15af4dcd6da7320d077bb3daefe965b92f582b29d6a5856e416e1f17a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ea1.TMP

Filesize
203B

MD5
2c40c718a4cf1f297f5d53302fdd2c21

SHA1
61aeb574bd890ac58682f8556816608dead327f1

SHA256
76c31853fcf361f30e5f23a6714adc98e85cb53954b6b44dc2c36be854327a8b

SHA512
143d8fa43faeb5e5c05076c2d3320406e4d793f709c68632c718de8c73ab9fbeeffe4227a93f74aeb23f0c13bf2215bc5778d46503572b583cd04b267bc3c980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75fdd8a45ee049bcf46bf4ad1dbec670

SHA1
e22c5770038f445be255789975583bc3addab914

SHA256
6acd9985212b6d424ad73fd0922f700fbcd2995721d8da4e85cfdd5dd5b7b43e

SHA512
8dcdcc94e9288d54aba2f33b511eddc06cd35913dcc20a46c0680d7b97e8c21f2ad010c4e25e576235f6927a43d64cc6c7cd20533b49903cbacc71a28cee45af

Download Submit