85588dea3b4bbe168017c857a70e062dd16875c50994365982ff48a303e6bbc6

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

414dd673b43fd5d3f736c9d1462d6ec6_JaffaCakes118.html
Size

60KB
MD5

414dd673b43fd5d3f736c9d1462d6ec6
SHA1

d4c0e30e5699d545d5ff22a4a77da52a5c9c5ac7
SHA256

85588dea3b4bbe168017c857a70e062dd16875c50994365982ff48a303e6bbc6
SHA512

ce9428e3c344d7fc6ed194388d1d982639e113d3b90910521fa3a0b0eea7e45db2950cfd9b7d17f28db02f942dadc813c73fe33a92f4d77c0eac3961f9ea700e
SSDEEP

1536:Lz0wVKJ1Q94JQL10DyAWeUe/e2eqene+exexeceJAeje3eUWXdHRLzae5bqD2F1:Lz0wVKJ1Q941DrpaWNxLzdQD2F1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3996	msedge.exe
3996	msedge.exe
4356	identity_helper.exe
4356	identity_helper.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 3176	3996	msedge.exe	82
PID 3996 wrote to memory of 3176	3996	msedge.exe	82
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 1444	3996	msedge.exe	83
PID 3996 wrote to memory of 3172	3996	msedge.exe	84
PID 3996 wrote to memory of 3172	3996	msedge.exe	84
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85
PID 3996 wrote to memory of 2304	3996	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\414dd673b43fd5d3f736c9d1462d6ec6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12137403686445948341,6591503122868271427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
174ee0970702b57c8d23597fef68590d

SHA1
5ae318eb4f932fb25e692c4496f6bbfdf87d5926

SHA256
a03cafcc8d7b679b423c6f7a662ef12cc5c967805aa0b4b1e214e5ec3f699a01

SHA512
15ef97e1e2d898b93ff3ab9dcf2bb1f980825ed17bb0ecfd5064d1d10d164e19682aade6a241082f84ae3b474bff316a3c26dd417e9e9850b69768f8142de560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4f905c00f6634eb1fd8630245306c16d

SHA1
2694a225a3a2001669b688e1ea9a16e3f3679972

SHA256
b0c479fb60fbd83e2844071f6debb11c23c3be29e6263e4e78061925d2aedb36

SHA512
6c505cb458c0c0d7ce1799cd46d48a9e474fd72ea9aacbe5b28d146c20952214e76603cfb1e3e6c6a0d83196081be72ddc50bbf5846cda69092b899420589545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8bbee537dbf04efa360055cda7cac27c

SHA1
6ada7eeb3ad349876af51a675024361f5b7d5dbe

SHA256
8f85fef601f68ddfae5f9adb1693de65967f341ae1a430d2017595c04b611345

SHA512
1ee768d6d563348e88f091451f7b8125d7afbbaff7aed4858610385b1d52988fc7f409f809af9fc76a3ec5a13000c90b9decb08389f23ab4ed2ea42fddbaca67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c2b1c3dc09648ea15dd52feba2f4895b

SHA1
0ded9dff6290691e4ab94e1db7127538ea7abb9f

SHA256
1d5c483e4b9a91adf5c612826db4eebcb9fae6b8bda401ea23cfa0cfefa50f82

SHA512
eda261bb6e2968a4759a6b6ef5137b18352dc492ccb6f50d9d37bce8215ecda8326a959efb9d4b8eec193d3588eb0c1742f0f3432f368305be4206f3648fbfab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3fd1cbc0761c7e9b540b66138aa2d2a6

SHA1
6113e6a0ea520bf95c98a1178eddb1efe9272e1f

SHA256
f05acb5080f1a12f57136c0020672d95c77bca7188a7aaad7fe81f090958c3bb

SHA512
7de2420e227281bc5b2c92d435674ffe976fcf2cc9b63eb8d71ceabdeaa6e2f343cf2a3e85b37031a2fb78ceec4933bf96ea41e9ffc4b6abf23d1e97c6e9b60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8366f1f828fda277faace87744eb6326

SHA1
a2e79f85e6e354529cfdd2ccebd0c71874eaef31

SHA256
dd079decbe2e88830daa1c09f3e4ae5b62c69fd53e3652c3ad3de001e140c483

SHA512
20c1a50263eaad7c838aa4bbb5368cb3f1ea1970fa659c77a73f67e54ccfad541254bb926458fb727d4dc9e189c069a8318c3e8dd7fcd701857460778cb9fd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
57ed21487757dea46b41296aec33aec5

SHA1
11f1875772b98606ca11ca899591191ab26664b0

SHA256
48a508c08641dffc81393bf07f9013d4b8b4cb317f19c4b8d0a2c02feb54c800

SHA512
d3cff9ba476290d2cd8d047a3c284d8175526ecf41cfce187f38385f753c38f5f75b350f5cfbd356276af7b485f1f03278d785b1b44c8459b4a9662d34d8689e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c67d033446ed729c210eab7dc5970d67

SHA1
8854b85e2ccb14f4eba10115c523af77794a5a63

SHA256
bb705534c4d1448075d96f6a60c14d34ee9cd16e5525d043649ade16b5a4e362

SHA512
8203a767bccb95538d3f12fa221505559ce318e9f25b22063a1ce7140480a1e6e54b495b8dee830aefaad3cc4ea1944250d7baf517072ccf42a999c03c058880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
70ca3c78f69fbdb035a5ff57a9d4ea90

SHA1
ef7d688474b99272daf0bcfb990be20030e394a9

SHA256
b233781c1b274d7e202ffae65c3e288e1b411a69fedbccfbb02995b4fbad1552

SHA512
d663d0ad0d2ea0c90bf5af79c728565251c2a544b353acaf5ee9a379b9be945152b225ae2e2f741291e461345b060ac4ab1ba0ec15579967416b9fd37098b23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4eb5fd4868ab890a21d60af3fc77bf9a

SHA1
e9125b77c9e570ca81b48c64ce4a8e1d769c78aa

SHA256
a9a9d6022cd09e04f212e8a781d557540ee5cc2f518c38855e78b6340b698972

SHA512
e533dfdb673a496360261a2e83727e4584bfc86af6199d05dbedb03fbe5426a733ece5c177e5933dea2d939327b17ce1da4a0beb832e0b6a3fe84e1916710784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a177e0079f1c785e353ca4526d698a85

SHA1
abd1e485d4744fa97e135bd59b5b5d88924fa523

SHA256
693562d449433e11d1dd67a439e7fe351721a34edf859dffb9c9ff53a9384d8f

SHA512
c868e599013b8b0ce932af50cabae70fa85eca7fb6addf1978c9b5b5b3ef44ac849d2b309ee0a054b47d29c82ebe33ef427b1e78f7824597276ae3e456e26f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f4b0.TMP

Filesize
371B

MD5
efe93a2632febf4c03a11f55c6ba4d8f

SHA1
7dd9767a729d5669c431eb7fd86f70bcbc966f4b

SHA256
7c4e6f76073b93fd0b737b2c50626e9e53e57789d0775e70f60149c83209039c

SHA512
094248319c3312728c4ba9d9bf98eb9f76e756b5b34bf13730cbaf2832a5e77897d9a134c349f529ab0b47516accb8aad111155ee0b2f8b0822fbec4a1c4d453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1762e5bd85f460e8219513d916e5c28a

SHA1
c4a4e2e087a834e18ea7a4627803fa01ea40ea83

SHA256
2605aa71b1c6d96c413b8b6bf8d3a5f3ac23262216b320a11ea0db159f8ab9e3

SHA512
711f6f0d8161099659570c86146dd3c4d934cafdf006ea37c897000245d30c502987c54860ba0a9eb0aa6a541959960767bafeae889c9b7d6b0cd0ac8b728bb7

Download Submit