40433234ca08e2acf37b68d660426f9d6a0779a28ed2f4e575232507e58e505c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 17:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5cdd8b724e5fa2f4b55471891a5e7fdf_JaffaCakes118.html
Size

47KB
MD5

5cdd8b724e5fa2f4b55471891a5e7fdf
SHA1

248fde3453dd725b329b6d87433587cd25d9449c
SHA256

40433234ca08e2acf37b68d660426f9d6a0779a28ed2f4e575232507e58e505c
SHA512

9e5c73596885eb8fc423c92d37315b1fe58738525dda528309658478078b2af716a64c3c3bcda610435d8f680a9968b3ac2907872ee6149353326cf2328af40b
SSDEEP

768:zKpRlc5DYmJJ4TLoNSZwevNeOo68vlZrQd4W3SD0y:zKpRlc5DYmJJ4TcNnLrQdhO0y

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
632	msedge.exe
632	msedge.exe
1856	msedge.exe
1856	msedge.exe
228	identity_helper.exe
228	identity_helper.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1716	1856	msedge.exe	84
PID 1856 wrote to memory of 1716	1856	msedge.exe	84
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 4996	1856	msedge.exe	85
PID 1856 wrote to memory of 632	1856	msedge.exe	86
PID 1856 wrote to memory of 632	1856	msedge.exe	86
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87
PID 1856 wrote to memory of 872	1856	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5cdd8b724e5fa2f4b55471891a5e7fdf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff778b46f8,0x7fff778b4708,0x7fff778b4718
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4007644371675588369,8832236117330620253,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6c637e4e734e1eea66c9adc529d0e9a2

SHA1
93161ba6265eca0bdba8b58b8d49769298864942

SHA256
a0857f3b8f74957b4551e608dfa2039729970e7955d88e627d893e35ae8041c1

SHA512
d934121efdbb682a8108fe3a8cefa4500ab1838d547678185c177b6882b14272a63e731ba4838a53f2acf024507c2b0930a45a3d92bc5093703e4ea2453c04d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e0ee4b78015bfb2367fb75892015f687

SHA1
7381847e3cc420d414a5d2d0251818700398d29d

SHA256
35333520614d4b77efda811dec281b5d4a70af59dff5808f5f5f95c9edcb40cb

SHA512
df1a1a1f9c2111db8e011f30e3c8e71ba96fd04ef62e394a627f31d18c3823134730c41cbc7087ce66beba0b12cb6e5d3f945cec89c01568275d8e2b0ebaf48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
1e50c2c8d8464bbbffb48a1f6b9d17c2

SHA1
32e2bfec70dd4e9d4a27b4c7dc61bba5bc883c1b

SHA256
6e74265362a2e11a080cbafbad8a4b95e64008c5df64f4f408827ab722b3bfcc

SHA512
e0e2bbbfcaa9d5ddda12fb434a2b4d575d8934d3a30a70af6fa9fd97233136a99628e98ea3fe36f0226e8be1dcd53fc0b076999bfb168b682d85393b96e97d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
93673ba53f2a4bfa6ef279e3f611847d

SHA1
ead1975f4fd985714639e597abf6efc885918de8

SHA256
546adf4b1e39b27e6bdb94ac9f00219cb3a6b5c857ac7cc27e09b47d53c45631

SHA512
e17e9da5f627d65dcea250f69549eacaa7a9b57ab657f13c0667b0ce865ce94380b0fc0c4e53f75c7f019dea6f8272202552521e4e7ac83733c08af2a0dccf2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8cd93d08a82704d2a335d27774401c5e

SHA1
7fd9867452cf5743d209f38c62baf641711f46f4

SHA256
ecfef34bc7a83c4caac8decb10480f07905c665d420bde47ad47f55698634403

SHA512
ad84039037b6ae7ec8bc776f42b9baa0d43ae24d6b91024e7263ad02df7f930ae1564293b278562ea9cac052ef2cc4a4717c5277bd8a156b6b2ee9e080d3ff3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05dec717aedfb4b59dd49e7315b0dbb1

SHA1
d6151a317b7d5e96fcae5d67576b21d634537a98

SHA256
be6988e5f3bb40b19d15b2b5974bb0f048d522d16e9e7d584034443837e0ead5

SHA512
ddce7025778b64783c6afb2a5c03a1cc32d3ae7b746f766cb962fa18f2f004ba422c7048a29bc34aa936e3dfb141de1cac93f3b61a250df7584044429819ea0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bfe5d78a80c13e2c2bc925903aef5d7b

SHA1
e0415de2c653e235d12f38590921a3d4e4761525

SHA256
686e3c366f750577cf3d7b34472e7903036075e195737cbc461d883a1250559f

SHA512
d6903b6373331055a931b62ce9b0a81e636c5c165683d0394084ea758fe10b8fd4d223f77f494e342cdce5d39cde35a35dfb79c5e27b346fd945450048d9088f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cedc4a932fb721d280bd1e20787ecda3

SHA1
146297c0655e4235c534bd8e948be6968d2310f2

SHA256
642cb44f1c4ebee004629ce08cfec3b43d3a60cecaec0394ceb35dcc735599e6

SHA512
3a92aa5ffcd78c1c0a0666a1ee955d180d70c3d111648d7e3dbcd75909d02d640df32995b471e2bfa9b896bd616d0cffc7760b343286d160f72af0bdb363b3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b43477e6cb019abb24f460618defb61a

SHA1
f8b1630f7c0f61cddc03da00eeddcb90dceadd66

SHA256
21f24d6f3d9c0aaaf1228eb49f9b03e38664f542c3451e909985e61e8c492bde

SHA512
59e87057e638c71cb989c95c03a4877ad6fb22f390283d565dc3e54c186c2b9c587fbb204a3f0dcf0a4a76915720907b344c89c1ccdff6cb07c93efe516eb371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa6fedeafc51bd91a06b9feabe6fa719

SHA1
e1e39ab9d763b54a014d9528a7819aea07769498

SHA256
435c881d113049f83a1553216ebcd74edfd53c265afa5cb58f000503176b02d7

SHA512
c2d5a7029369084facb0c2547f6cd45022dc349af22297257bd5d3e2e2fca78411e1097d598867610bdfdf549109fd674a502da0087f323f67846aa652108714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd82f592e3e864cbc4e369ac85404933

SHA1
1074c258640f4921813f32aa20ff7a5529f1b858

SHA256
a2f26de73ab96166aebc435894f674067cd8e410c0e8571c3aff46909639e09e

SHA512
f13af79f065bacd00c639f2be35178dc1b4ba6dee00433bb752e010434d4ed9d86f8efed59b76a5cdc797f1830dcb938db8eb6c66634d07b1eb0f113723e1e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e436.TMP

Filesize
203B

MD5
636377869181e8935aa6708e9900e46d

SHA1
6608a67ab3b15e77a8599c940850c31b096df263

SHA256
11b50f8aed38f7c4e14af10a2488c8a1a8edba882dceb6a8f7abacf36b826efa

SHA512
42d3cb3a5633a5441574377da03add7d16d090376f34c83fcde12c3c0c60847cdb92ffc7000cb874903eef0da060bae1a14116e429c3aa6ecc854c176ebc2f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dadf2b562e7b82607402b639eb129960

SHA1
d420b5556c5917d3b8488af8c9fd6dfe2f081bfb

SHA256
93fdb593bdb53a84685857ecdc1f15db1dbd40f29c250f42b1362c333a3ef266

SHA512
43d010aa98c2c36b97451168f58b726989eb094e83670b674dbeebd100fdd4f8122291f0b4876c9a5e84320da89fa694f7dcf07395bda5076809dcc43b970281

Download Submit