e12ad0723ed2f88b766e724287a361457328343543054f40c56a280af94a5b3c

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f204a2d2aad2aadb246bc8beee73aeca_JaffaCakes118.html
Size

71KB
MD5

f204a2d2aad2aadb246bc8beee73aeca
SHA1

c5800caa0f1966a078148d24f84a2cc8851c92cc
SHA256

e12ad0723ed2f88b766e724287a361457328343543054f40c56a280af94a5b3c
SHA512

65dfb0cf77e2d03bb9292512ef87ec1d98901b7ea08289f80f8de8e768aaa533bc020671daa8eabccc9494ad78883b54beeb384f06041e40b845f0fa57edceeb
SSDEEP

384:2u6+KOo0lBH3ggKp4g+oITHE7/Glu7EiWKz4dinaG8LahugmFKU44aSExuV1Dnwi:NlGJBaGCzrfwNuCUDiS7UinL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
5068	msedge.exe
5068	msedge.exe
2168	identity_helper.exe
2168	identity_helper.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 1008	5068	msedge.exe	84
PID 5068 wrote to memory of 1008	5068	msedge.exe	84
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 368	5068	msedge.exe	85
PID 5068 wrote to memory of 2772	5068	msedge.exe	86
PID 5068 wrote to memory of 2772	5068	msedge.exe	86
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87
PID 5068 wrote to memory of 2012	5068	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f204a2d2aad2aadb246bc8beee73aeca_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde1ca46f8,0x7ffde1ca4708,0x7ffde1ca4718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14407307277594491816,9985725636456732285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3d1b0769bb953df3bd23e5b8ebf4e3ae

SHA1
644ac0e2ae4447b2ddb88717bf922106ad472795

SHA256
aa5ff2d35c42a04d5a18c87071b8190a88827cb105894f56a63884676fc8298e

SHA512
f55a6a21ee75ec334b1db588924fe76dfc6857c8c410f4f0486f5cc907bf9f00943f634d4b4e23233e2c12f9b3e7b4c92b6b56048229c96dd50614d76e36fc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ffee72b4748c595eb21b3c6b412f8d9d

SHA1
0e5edb346f9ddf643ac198f55623fa99cbf9391d

SHA256
232c8bb85f871c95c56cc10ea9cc29e812790854bf1729c603aa7b615373febe

SHA512
cd2fb1cb44095c6ad2967f8a00abbcb4352a7a4b4e743ee1cd1510997beeafc8be8371385927807a709d5e2207ca2592216383056f033e69e71834db937a2317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
615B

MD5
557afa33f998c9917b7d1f0dfaee06ac

SHA1
030d85f485379b456c979de8dfd8cf5e400450c1

SHA256
34c919b0fc892593eb387146c923d70dbf90d651716459ce36be5b638be07967

SHA512
f92260a01b91466e03d1f629561e2beacc896216594616a61633c326271c20d0c80a48e726a7447fb3c002b10f5db5930d011c983a9f24f90499f0729e40479d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
be42ff8f81fa4b9f255a4b80cc76ae0b

SHA1
8bb8a47ff852020b6952b8210020acae6187dab9

SHA256
249188a4b106baab780931ea770e873c96bc39b11cfa623cd7309e831ce74c15

SHA512
4ced4eb8c8a23af83481ffdbb363e61467702350ae8baa0afbf811da249b8f937f7e74a3cbc0c9a959c25efd93bfd94430bc4e3184ed1cc871ce4d8c2517e2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
615B

MD5
979f3af50e444aadd4ceff28c0ebf6b4

SHA1
aa64629923925e2695cb9cb8c5dc1bdc6ad4bcdb

SHA256
620cb5ed4b8bd692002d07b28551b040e084c37b9234dd5895540eb871ccbe35

SHA512
d0ff22aeb48e88ab383dfde67b134b5fb9edc828c4c0c7dbd0272e6758a3736f4d7508656547daf3dc4530aac75944adfb5935d43f8ea7936cd11f62cecf2fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2553606a3d79f4830061fa2d8baf3c1d

SHA1
3f83f456a9f3ee67586bff413c20743516ebdb20

SHA256
4fdb5c2a76f9891cb5dada7f6e06c6a9d5fec93e12279e914cbe5af053f8bed9

SHA512
77c13eddc43578c4b865d53fce708f301fddbbe5d46ac5a396697ba349198717b02d57ec362afbc691a6dd4e0b604f3cd9abbfbc1e38d70200ef6b5d66d7aebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5836c84d10afe1028637c41d1251498e

SHA1
bc0afaf26783403daf7103107c445d463b95b834

SHA256
195b8fcfdb9c2cfb475f0f738ce44f0b3fcbfe1cb84d59d6cb86b38ee9453357

SHA512
68ef5beea9161d5bf964d67d004455c42d76448d8d0e48d972400b211574dc824ed001f9c151593fd227462c3b94152673446ad2969848ab9ce0bf73f860b62d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2f4bee86dfa3605b319cf906b29f767a

SHA1
7e758584397293daa2e26fa33a60c63866168515

SHA256
2467472e617e312d61c1cb3fca9e1f67800d27cc064e96c1dfa1f56ceb716719

SHA512
ad2cb3da89f36ed9090fdce10b02d251eb66cec2ca8d3e025d9f6c1f5a3236fd4ed76e7a9b8b064c9d083744774464a8ef57c6392c4e8abee9e7cb2e40a92be8

Download Submit