f56a8492ca905d7f67c59d42fd07ad7e7a27cf934b52824089d6aece46e975f6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f1b52070d29bb8f364fa89523694f75_JaffaCakes118.html
Size

170KB
MD5

3f1b52070d29bb8f364fa89523694f75
SHA1

56e5f39096de1d731d6c08f1bf80bec23a59ff7b
SHA256

f56a8492ca905d7f67c59d42fd07ad7e7a27cf934b52824089d6aece46e975f6
SHA512

556b7d315dfde8e9c1a1bb413f62477a6cf5c8af33729ab64e0448d05326868b786ddf9e89314d78c33ac160c6461faad664058daa3fbcb7f59f32f5450aab78
SSDEEP

3072:HqQRMZPgA8hGgs0Cd8q6Gq8z7ue/YmcHq6jokXyorxKHIjELGhmCmUeGyPrh55yx:bMZKKFq8zcokXyorrjejje

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
1148	msedge.exe
1148	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
4788	identity_helper.exe
4788	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 560	1148	msedge.exe	81
PID 1148 wrote to memory of 560	1148	msedge.exe	81
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2652	1148	msedge.exe	85
PID 1148 wrote to memory of 2616	1148	msedge.exe	86
PID 1148 wrote to memory of 2616	1148	msedge.exe	86
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87
PID 1148 wrote to memory of 3388	1148	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f1b52070d29bb8f364fa89523694f75_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cf4546f8,0x7ff8cf454708,0x7ff8cf454718
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2750679825269178426,15516040679198475844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4ea17a06af6c73dfa0403ded0d4321d0

SHA1
d69ef1f2459d8b6e0fcd714c688e25294a080b6f

SHA256
8629e3d58f215db41e7fd9bc4f21cf38db3a18363d6634df7365916305202a4c

SHA512
73ce2adc23ac96c1bb4d51ab7ad4b596e4db0ff24d8ee2ac6df2730ea0b83969101b8fffd8739d1605b78047ff008a86e9377bf123864428e052e645c648f834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
249c1a7bece4a663b5dda64fba4a6119

SHA1
ccfc58c9c4b0e3ad9e52675cb8fc3c9287fb3348

SHA256
b32353644b43b92cf00b5b22ab4e325382e89b96003b84426dfead81a42a8e4a

SHA512
73fd03f93f94b97680dc14b4fe835252b1c0bc9bc557aa71607286b95aaed66bd188b44f0033ca85264c38419e8c69c7eef3e3377b8f17f4c91ad05f7da14396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d7b09ad308542650235fed948d55c019

SHA1
e6c288111053f54b497100adbb04d8d09e2c7bf2

SHA256
d4e18758ec78a7bf9f7d01a2e301d47e3a47304b6effc145595ffdf759d3520f

SHA512
818d0304ce98e7328944a186a53488579febd4a8bab8a0efc76a19ae9b52915012607f93ea7ebaea54c79eb3a576ee5c5ee76c49ab0e329fad71d18ea9b377d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6eac4bd929fdf56c6f49c5728b831dec

SHA1
4dca40a224d641984350dd04c9863d2fb726cd22

SHA256
056b70b892c0d2a2933cf15a9b73cf58ae3b057f2b7800d4bcf5914385d419d5

SHA512
090fcd9162ac9ce66e9851aeced575c03278fdeb33f9b11164f2d5adfb74cf6b6cfa40fd4abbbef429ded3504ed2de9bb03f53e4ff89d68aa0aea2c25c0dffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49d711719a7eb2cf9ad97f1380560081

SHA1
bedf068aa92509da8fef26e5a9cf9daa585bc271

SHA256
653d3219ed61437da36fe287c439c861d45ed3f4ca20110628da9f853f0b5ef8

SHA512
415305df7b44f042c7c89ded3da057e1a90b34764d51c520cbd5c088f86bdbae8eb079d23433a8bd63b1acd2ea568cef7cfd47925ac517ca92679868ab1f2aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3be9333585849303664f27e35397d92a

SHA1
eeeb5aa744e4b40cb2cbe255f64b36e61858196b

SHA256
26ab888496d56ced17ddaaff81d9e23d6efa7b5547e9036bc9359c765fae4984

SHA512
11f096d81bce9c3142eebcabb50941d486f4f6e1b149657921665aa8ece294cec43f51a32ba6556a9194f14b233209997c4dc8bd326cf308a2d28d775df0db43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
690412204a332db9bb48e473eb5b331a

SHA1
65f9a811c1af9db76c976e8c521464d3feb9a7d0

SHA256
c07d940a46c5ff9a568eee334cfaba0bf83d91b5a306bb96fe29cdb8239c9415

SHA512
3a79c7a952139629b4f63808c5f2af602179febc199a0509d811e6eb40ec344aec9157913aca7794f12f5ab8fa7eddb0448121bf6d49a3d971113999637565b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
866B

MD5
3a675ce25bd7215b0ff82f7e32daf522

SHA1
ccb7dbd0ee29aaa43255a9fd14c1c9e1b7daefe3

SHA256
1b3ed5598483474d5cefbdf54eb44dd30618ddd38908035b0c8cff12cea222e6

SHA512
f7ae35b370095f27b5980c28cfa28271ec77594d524b971ede01811e1ee844fb8c445de5ceff6d4e0f750333d9d3effcb7014c3e3d90929d359b5593a42c0f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
5b48c3fad001ef260e458d6e67344a76

SHA1
2d98a5a937510e434c83dd710fd821e6439f370d

SHA256
ec34d13ae9110afc1480d4676ddf2e02927a170c4acc7d331da4f266e5f76e67

SHA512
a33f5c0172ffb6af24275c5071420ba7f75d169ca931e18474cd871ddd27bc1e6a79505803923a358a0b7f35a431a7de2233050037e13a1e77d44f618c3312cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58117f.TMP

Filesize
538B

MD5
cdf9cc235b53979eaf7dc5de54205fd9

SHA1
caaadb90b2c5f752a4a0f02dc703dd4776ba619f

SHA256
ca87462034afbca82d174bae87c1decbd9b63d0ba531366528095edfc0ef6b6a

SHA512
24454793e7de603df618afcfee0ba16a2b29459bb07ae405c0d7d1300eeb6b9c1af4603cceb15896aa7da1f061396b33d1f1f5f02c18253f5e0e73267678bf23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85e7c91839e17bbd016d7b974ff27777

SHA1
61c8382ee9af7da4e41a5f9c214927f4074cf9ea

SHA256
c44e37958e215acb5c1ab7702665a7265f49bcf1dbfaac637f3ee737426b6953

SHA512
caccfc9c733ae154b9e25dfd3d06cf0945e6582346a3a77af7ec42c49435395ae8170f599c75a6723ba498e72990477dd30b6c307362a4e57ff210a14286746b

Download Submit