8b194914364dd3117f22abcb67af2259407d7e5038f1a950fcbe7a64c663f8ce

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 00:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a75e192773f46a8783f9772db8328cff_JaffaCakes118.html
Size

49KB
MD5

a75e192773f46a8783f9772db8328cff
SHA1

7c0bb91577d165c5ceb6233dc7299ff1d4702a65
SHA256

8b194914364dd3117f22abcb67af2259407d7e5038f1a950fcbe7a64c663f8ce
SHA512

1e6653c93b39875cfaa50c98dc4029b9d530921de5ca2b3e10bf811c4711e754853c3ca9b9a3d72ffe49831c27e7a82d69647da6261a8910c8ccd5729deab511
SSDEEP

1536:oPMm8NtcmUE0o2WfRPEg2zsHEfml+KmM/9KQhpjiAApv2:q8wmUEN6YHEfU+RM/9KQhpjll

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2192	msedge.exe
2192	msedge.exe
1180	msedge.exe
1180	msedge.exe
3616	identity_helper.exe
3616	identity_helper.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2144	1180	msedge.exe	81
PID 1180 wrote to memory of 2144	1180	msedge.exe	81
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 4996	1180	msedge.exe	82
PID 1180 wrote to memory of 2192	1180	msedge.exe	83
PID 1180 wrote to memory of 2192	1180	msedge.exe	83
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84
PID 1180 wrote to memory of 5080	1180	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a75e192773f46a8783f9772db8328cff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afd46f8,0x7ff80afd4708,0x7ff80afd4718
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17213927476463961164,14949882361344384108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1ba08aa16a6a6ff0d5b921f07a5fe65a

SHA1
1365e76f62c72eb0995c3e3d42eed50f4b17d4c5

SHA256
0690c74efa5eb95d88161499ebe5790325b4b6aafa2c7eaa45707904ff5950c1

SHA512
da321a86e9b860b016ab96d516736f64a4806feb5a222a036b6afe4e2e94eaafb9ffce39004729d1498f44e459b5dba3f6c8d1a14400a4e09843e53763fa1376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
82dde518638ad70cd14a5e19655dfba4

SHA1
43520b769f5e4ccad570084cbfaa9171403ca743

SHA256
54311df4bcf5564cec4cac1f56ea5b1a0294bdf5c7bd7f93fd9c3c72d8f5dd84

SHA512
c481b8e0d57d2e7f2108b2271ddd1f24e5ef8e78b7cf136c90187ff82723b5ed9fdffe42e090ec6b973d697a573c2aa5bba502bcd37c2d79a46147c7285afab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
07b257103228e937a03d8672a7b4870c

SHA1
0ab6fe0fec6f7a41a4d99f9e10e62d937d206995

SHA256
1574701010764ded0004ec894c323d80e35025e1e1f40ddfe8dbe4df284caff8

SHA512
15621e32e33d724c28cb7f6ed47106544023ee245317609b40a4aeece876272075302f4af1961da96a34e2e3de2bb92e3f9985c2613b529ffb345eea6eabf6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
48df93333eae04f5c2b3237b03bc812d

SHA1
a06a23810b6b5870b7e3733aaa272ca9268cea38

SHA256
a87f477509594d94a2ffcc62605f57ca819ee5410547ba5cb4476c2982d05c3e

SHA512
aaf524ade1c9814093810bcc90fdbe66efbb8c6d0ad89a0bc129346899b18b15fbb03a29736a6e73421fcaf5d66199e8faf425ece0b66f32ebf9c4011dbc0231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b7b49c71658dbb499a162d30b4a9d0c

SHA1
baa8e07e7bcfb0e450c6c4f0b278f351ec9cf02e

SHA256
936759d773bac6ac84f637b3c67d8e2992f04b8cac693b21d154867324683ad2

SHA512
f672599f07ede61fd0fba0d2bb837ac199d13f765ed1731894f75054d233ceed47abd49c648410969eace46043a9ebce7dcabab808fe1306146655dd0018be1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
489378db9cca339e68d471f69f10fe61

SHA1
8b49aa842350cfe12bb0060ae62459b464d7362e

SHA256
6edc8658d96159d70f651a81f4d37f42643e529ffc316c2c733f93403efec2dd

SHA512
e82d7094eaa5307618ac4fd51e8e4e8e11a4069f37fb8920823e3eb0a349d4cc13647b2338a7bd6168483b0bab1e312ce17192f35fd28bdb1e2d153e017521d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ecaa0bcc3f1275658c3b9888b461351a

SHA1
b48e0d236c59d9b086983c392034abefc269b2b8

SHA256
303eefe0ab6684c98bbdfd702c797ff2b45d9c921ea4841cd4513badf98781d8

SHA512
ff50870ca47ff811f3e42ea690fb2f4f0948163d7124ae4d8c6a426be27a58a665fa4d5dabb206734f2d41d149642e52ff3bd9126c092825a71d0a4d0cb9309a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
50e4c5a235ce7da7424e91b0060fc164

SHA1
d8deec9c6f087fc7efe917282f907bcb292dc824

SHA256
eb6e8ef6b74be642676ef0b02ee8e7e69e2a50a4a3bd776188fb9c3cce269f8f

SHA512
f84532da309780b966ac357f65bf5766ee0f488a8229a07d9a16dc780aa5f481b07c431e054af41e77a45762b65e124cd4f1b23f861130ca21b374ad266a0cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89674efcba157ec9b40696cabe25cf34

SHA1
18fa2a546ae815df44ff0ab544a51ab200fa0cd6

SHA256
3cb3dcd6ddce190f4191208781f4b686a2e8d5d24ad825322771a14545e196ee

SHA512
9c5f3563358f1bf22e67848b51e26919fd9b090328e74d78849bbc0f57aa1fcd14a56e8af715e600d4d5822f0bef34b2d5aab34badcca426beb660ada3a76e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cbac.TMP

Filesize
705B

MD5
e64b096377330b31d9ef3fecbbb15084

SHA1
0fff09d86b469a5c3e21b5faecd202e9e3a126bb

SHA256
8a6566fb40db178b439d4622508853e3813d9afb55329e1dc45676f8cec83b07

SHA512
5d9f15f9792b3af23fad3fa5ff82c88b266f38eca474987011576700d3830c3fa61ad81526f11a8fb71ea4b73de50a263f62f70f1b5b0efb331927f99e1d7fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a43898c1-07e7-4766-baa7-f6bdcf30bc21.tmp

Filesize
1KB

MD5
0275307399299eed92748f6145b581e8

SHA1
a59b7def8337fc69d55e110691baab0a68a87eba

SHA256
83c766e1aaf3e8b5cc7a076d49ec84fd83752aa9bb5160e4ddf455bfb493aade

SHA512
87cf1e40bfdf6b571198478c7c9a6621de7ecaa46316d611d89d5c1cacd2fb8f575225ec3d0793c4b7d04e041aa420b633e74159fc8c0e42dc67420b91db8e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
267b7350939cfa6637a802978ed1aca8

SHA1
5193c8509d78d3b5dc5d7116a00856d96719e414

SHA256
268fc635e01d202783f6e404aa8d8b888f75dee9e35cde99933d397a446efa7c

SHA512
5141849206fd09e74b6ff248d14a812650a63b057aafcfdc8fef72f5311608c76468e2d464dee25223d8eca3b5dd69345eb9139e3377f0a549361ee65dfa3658

Download Submit