674515135ac9d30e2dee0087e19adaaede6c8e0aefdad6854c3dfb9eb67d030d

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f3f38509a2b1693c29e793023ccc365_JaffaCakes118.html
Size

168KB
MD5

4f3f38509a2b1693c29e793023ccc365
SHA1

341575293d244ed54100ce32b844b20b21ef1b0c
SHA256

674515135ac9d30e2dee0087e19adaaede6c8e0aefdad6854c3dfb9eb67d030d
SHA512

2bbc20ded44ee3446a9580d1386bfdf089c680be975eeba8e05c1b89f727339475f59ad9fd0edaad9ff605ea74f1e5045b9da57869aea51f50b9b17a0b668c22
SSDEEP

3072:0fsUkSw1iRYmRB7asDpUDvfDeM/K9odThxPzodThvodTh6kXg6CnsdCp3u856a:0kUrw14ZFp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
3752	msedge.exe
3752	msedge.exe
800	identity_helper.exe
800	identity_helper.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 1692	3752	msedge.exe	84
PID 3752 wrote to memory of 1692	3752	msedge.exe	84
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 4736	3752	msedge.exe	85
PID 3752 wrote to memory of 2796	3752	msedge.exe	86
PID 3752 wrote to memory of 2796	3752	msedge.exe	86
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87
PID 3752 wrote to memory of 1796	3752	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4f3f38509a2b1693c29e793023ccc365_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eb5a46f8,0x7ff9eb5a4708,0x7ff9eb5a4718
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7272 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,916757429829525362,1808151946184645500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dff2f6b6a07994e5e9d9aa296c7be2c6

SHA1
b1afdefcbb06366e93e877d9de0a34e71e7f2a6f

SHA256
05d2fa92d3da0d55a9724d70b347a7de03323d11884779607b3cb5cff08419c1

SHA512
5bcc52c2c30cccc23239f5598b06ed16fd38dd8b2f6f93667bf20774640b1211b371416f11d1887c38ae9007b5c6a9c5250486172076126bce8a1413158c54a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c1740d8ed22b7df885ac475250da1be8

SHA1
cf4356bab87327ce99c5d8b8f4743fa172095c48

SHA256
84c298e1f961653b19fe9079d428969011a66823737fa6cee6e6ad5192da415a

SHA512
1ef9c104e0522955a91d13d166f1dd79964fae1ca245db9db1948f7b6f6b05be13309f28e8bf0b7753eb899b9691555cf95d7f7a4e176158bdf3fecc1c86edba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
952e7539f4fe6cc68b34d5d95a2834e7

SHA1
a3ffaf665eb783f576e61650988b502ca0a88eab

SHA256
81ed440dee180b6fd6f46feae8eeecee2ab339e1ef044426fd3294ac27c2ea23

SHA512
2677cd3592617f2e0782733ae159a98bfbe51b6c51866138a38c348b64e952678d82c4dacd5165820a3b1b45776ed6fc9311416081cc80a34d83fece444cf57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
706622bf588c0020f3659677d7b8ed79

SHA1
4b720e2b9a7d34e23364d89c4b6050923258b3cf

SHA256
a1178e22096dfb58862221493a37cf4ee13579776bc7acddcb07f7f93a1178e2

SHA512
82b72dcefc19179a0421221879c379483b8a81ce102b013a48e71f8dd3de54b8aedfa6fdffeb8d2b889ca1f885c4697ad3eb1c7513b2341008098a7805d6f16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
beac1e1c7f5dbfc8fef4b97e0197f52d

SHA1
f098c70308b3897772b5c9f017fc1543605a4e49

SHA256
c213fc30eccbca22068f3a7f68145b6f52f4b8ee283f58edb22111851c63b87f

SHA512
04a198ebb769246b9da43eeee9675998d7eabb33e3afe84a061da3e0335988bd0fce7a2bc3463bd8bd74aa763d08dde8e3b2646f306fc02f9b7e86592a429e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed8cd3df5f3473dca74cf958e6ec20d5

SHA1
ae60d851702ef335247e5e4a41033a6b2386bf71

SHA256
de74d0e2690002caaa210d9d0f0524bb434e218c15b323c2048c45d5be196f21

SHA512
0a867ef8069fa066a4bcaa9aefd09476884a141d29a9eebc7d497359e771c3331d7f459bd01a3421dedd8c67d8d299e9bd8fca91e1a05f0ace254177db983875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c6c3ae8dce08abf1159a5ed2c886ff9f

SHA1
ba4bbb93162057a09c9e503c8402b3399aa1084c

SHA256
bf19fdad44fb16927f25057dcc4357dc85b0d942b089e5d28de090faceb3b88b

SHA512
209693b3a0922a15b59dbae0ba13cf84a0a17d2f8ea41c85dab6aab1dd4262be6511ad45f55add704e78d383a6fc58f8d30de4875986de39a294d082f104e714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
001519ede788ab67ff19a8650542ff14

SHA1
aaad48d16b38e4ab75f1bdbfd87791aa117d8398

SHA256
1a9f3f034aaa78a4c707fc1eaed7fa749dd3d4abea1d2ce6a140de0ba91b3366

SHA512
22e9cdb6e5c07a28226c9c36d50eb9df2dcf6b1d70818b76b6ea1caa68b4c301c6db7047d49b708ec6b70ffe4029f651ff56f4848c7e37c4cd61591f59251a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
82da3aefce52635e5fd71b24d7c15c66

SHA1
1bf449db4804c57d58b405dd5650582283d57bbd

SHA256
2463c7f0c92be2d576a88bdcf0f1ceb5bd932034947f41aabb4dbbad00698cc7

SHA512
82a70f317b94843043e2ffbc5c5bc4e81181eb3c415ff30c9dffbf2a0e8ac5eaa9ac7abb5578adf3b4fde568153d9a29e15d6baf277d019aad0b8ae129079671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5832b3.TMP

Filesize
538B

MD5
cd115dfffa6eedd66f5c9df52c6bb549

SHA1
efd876ccdffddd48da95ae513623c0b4c31eef93

SHA256
c3eb567fd9b03a0f3f209994df1a4cab9ce8d352954666d8e9d9ae6297502b2d

SHA512
31836e80ffb8cb0fa62d77dea0b7e167e506c667e90e595150f3dd2afe1dc71aa7e721131be1fc8691701d8bbf99ac08929416c6732e3b1f8468f2ee5ae34ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
76ef69737152d7976b9fc37b094a5694

SHA1
90d7f07e275a80ee06a885a56019d92db18d90b6

SHA256
dec99e1e9b36afaebae3bfd5d3e191af29cffb6a0612b9395a50d62da56c5083

SHA512
7ef00fba638ab25ffd0986d75796f8fb18d698add1215ef4e906caa7c2f6d5214d2fe95b0ddb2240dad0296c6cb6508e55fe16e81bea3e6354934513f6775645

Download Submit