e40df2d55484b825ec7dfcf39cc9eaf9968113c2c2d49d1cb868a9ca9c95c5fc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8575da77842121cbe7b48b61cab68961_JaffaCakes118.html
Size

115KB
MD5

8575da77842121cbe7b48b61cab68961
SHA1

f24d78728ba5fd2334b990c2a374acedee03267b
SHA256

e40df2d55484b825ec7dfcf39cc9eaf9968113c2c2d49d1cb868a9ca9c95c5fc
SHA512

2173ce5dc726512830deb306ca8fe9b61c9c95d14dd4e51b019d554580036e55ecf7351d9f662f4f8a83de0608cb3d8bd4c74479d738e52d505f9d7d8693d1cb
SSDEEP

3072:VUcjvG8rMdcXmNRS+ttwSf03ky2dOannhf9Nt91/hXYnjqpX6NFs:frXmNRK8F

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
4144	msedge.exe
4144	msedge.exe
4728	identity_helper.exe
4728	identity_helper.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4416	4144	msedge.exe	81
PID 4144 wrote to memory of 4416	4144	msedge.exe	81
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 2704	4144	msedge.exe	82
PID 4144 wrote to memory of 972	4144	msedge.exe	83
PID 4144 wrote to memory of 972	4144	msedge.exe	83
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84
PID 4144 wrote to memory of 2012	4144	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8575da77842121cbe7b48b61cab68961_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,167006055801330244,4385806159526326372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
9a8e538524054f86eb73eeb00e31424a

SHA1
35ab0fff51a81aec3f1c1ca6406dd521c09893f7

SHA256
28a27c07cccf1a8e37658352320891fc286dd15482331d2012cdf5422b5dcd82

SHA512
d8bc2dec1323bf759fc4c3e2a77b64b56d3d80676aa38c7386ffc650a762ebe1633d5a802c5d71c9b485348415ae6c22951b3a5e141a2f203f7faed1620d4136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
5f469e4d13d8575456d39d747a2b378e

SHA1
779fe22e61787a2824b8ca32e7b776d2de6d7675

SHA256
589e0e3e2d5b115bc05976716ff5a5de80f8c71e6887e598bec396a331b1bb2e

SHA512
f726bf51d6e7fc04770ee7e3eab50025adf338c52c7a4b55a799905bb010abccc94c8a091f9ddb155eb44c2ca44b09b11a39223c5fa9ad8ed081c4aa7638539b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1ba1f67aa0a5bdaaac97dfc36d8506f5

SHA1
75c2eb15e59de84333e53a25b805812d769ac79a

SHA256
e1a7d4aaed3e968d4e5a77100544ccd28e53f036cfdc4eb0665142ada099bebd

SHA512
f05a7420ae2eb7b2dbb7ff3b0998bf5e0897480d3e84f4c68b47c3d5533ca0209c0288a07ff3bc36e427937d3d3d8f82e389d84460ed29dbb9b7ce6594984a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
22006f2f6737ba2995ab02e8ef2d97c8

SHA1
3f67575a23333d48db5916acdb39d4df4bae0773

SHA256
63f7144b5ab9e21f0af7c23f857e8948ff1e33f546cc4d6325abc3fa996d4517

SHA512
b91b54894d348e0a45e09be100ad188beedce0f95d900016cf796381384e4385068e32001ec7c4a1d9ba56351eeb2de8736ee54dc91cbfb531a70fbb9331dc2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f1eb0ad65593613ee6f61d48ad0b055

SHA1
c4765df66c58488490c3f74099ab583eaf1d6825

SHA256
ad0b51b2165f59d5e67f74888a268a2d17d126f2565f5e95c623b5b1cea117d6

SHA512
ddcc485d0c7054c37757fe0d77bab9c501e14a28de15ff20b20779feb65f6994094a4e99435019fc397c7f847eef2ed731400df936b00f8df50c7178dd710141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf2ea4b371a561bce127a72217cde7df

SHA1
c98c26a45a6992e0f3c9cb5ec8fd84b93f645773

SHA256
051551433c086cfa6c75014f93ea7fcc18d1b8518845607f8bbfa88097801464

SHA512
be38905ab5f8fd9d90eaf78278bff78722c82e47af9aff7642c0102583093e2f41a41185ffa95d54543734aa1f2d9034d03617c46b5fbd3fadb9926e2af88870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
163db36ac622bea0ab07281fc1c79526

SHA1
18bc937bbba372b6c9c24e75edbacf67063c42d4

SHA256
d3fbd9ba1fa7bd072152540e51620fbd6e1b9a2574b09abf681574e681f0132f

SHA512
d23524dc673f35d57774bd876cedcfe19043eb6ec57e6a8734d423c5b7899fe5df0d41c7c8c652239ca475e1733702f36aa9f34630924da7fca250cab8282d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26a4b5fe1583ca7e1dc2539925bd273c

SHA1
63b661c4464acf5b879b59935278ab42620fb506

SHA256
cd372d19703031f22686aca5c5ee1c23971d486657942a0fd4bafe8d422cddd1

SHA512
2a2d4010cabe793d10dff00c64db1e79f87cbbdf6fd9148d340f3ba4645a06d33cf411895b839fb67f71d5eab932cda3caee2ac3cb73504b5612d7a1fbdee34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
e5853f2c7e96cecac7e8de25868e877f

SHA1
bdda0367aae40a58f4c87cf7ec59cab6e8c52b35

SHA256
d7a7d2ea79f06ee3448684de20295b64eec63fdd99b3cf666278df7b46e4f280

SHA512
59e7322f49606e78297d9846b7675a3b3405736e126089b4f04321d19e8a9095738e4ccce2cf148b812aee2f01747698391db39b3e824cf5c159267a21ec4323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b6cd.TMP

Filesize
537B

MD5
7d25c9badeb081be7950b97504d2b9b6

SHA1
d5d487566898062289ba1b54571ca81d78852b6b

SHA256
4209948fe053a7dc8051e7244f7572ae08a174f660dcd9213b16c3e3cba089c5

SHA512
723bfad9d858d8f4351da24359568690cf02c486c1bcdbe37ed014715cc94e3ff672c4d34967fc816edf4129b0e7b0c00250d949e29080363bdcd91d11a8d469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
271c0e73b3b6b2b20924f40e7ef1640b

SHA1
67c2f5fc936e37c70bb9cd28aa2316504bbce4a5

SHA256
80f140692f4f97ec356ca3d32c69e675aa793c23d4d04c9fc0437cbac0a8d7d4

SHA512
4e3570d679b3ddf94ded52e5f9703ac5ffd2abff13f9b878eb840578b24c768a7b64b0f0bcfb8dd3773456ad1598ec1d72078755dab96cd686df5208d17c0794

Download Submit