da087db56e6c885026140efeb04b61e52c01952ae6894b270d160a85225022d2

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4a87a9dec2791d5cb0717999b0cea03b.html
Size

200KB
MD5

4a87a9dec2791d5cb0717999b0cea03b
SHA1

eb76361d8d747ba0a3a9e7918898c6dbe1fc47ce
SHA256

da087db56e6c885026140efeb04b61e52c01952ae6894b270d160a85225022d2
SHA512

18458cc133a4b62c910d965e695ca7bc3d7c0bc4756861be88297c300379a335a2e65fe0c602cc9eeb70b5b23042ffa36a14f0962eadf4afd147f2fc9f4be439
SSDEEP

3072:mJzF5qbXt+zSJmFslTw7pHkgT9dEyUF8lnls:mJimCmY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
2068	msedge.exe
2068	msedge.exe
2648	identity_helper.exe
2648	identity_helper.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 4988	2068	msedge.exe	83
PID 2068 wrote to memory of 4988	2068	msedge.exe	83
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1152	2068	msedge.exe	84
PID 2068 wrote to memory of 1136	2068	msedge.exe	85
PID 2068 wrote to memory of 1136	2068	msedge.exe	85
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86
PID 2068 wrote to memory of 2316	2068	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a87a9dec2791d5cb0717999b0cea03b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f81e46f8,0x7ff8f81e4708,0x7ff8f81e4718
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11081059913125361985,8604807267784784519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
52KB

MD5
f9ad6fffe23fad04422671cf2fa4a661

SHA1
b8366163961f1689411636988a73dbc16d13ff3c

SHA256
f0ca592df98944df58f4c281890809d30fd2117e471b8021ff138314efef5dab

SHA512
e9d95f4f0eeed04413a1d798161d1c20d876f5ea4440c13e9fa356a562e931f98d84b3f6a907d6541cf6bbbd7e84f0e106b48fe2f5fcce77d66f70e114834aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
528B

MD5
ae94044ca80ecf8f0ade9dc6ebe1092a

SHA1
f20fe17b6e91ac42740ef14458a3356138609047

SHA256
71cd4986d32b4ac6a8c11e73f55e9f26aa9b7a0a7bbb5f23f7901401415d637b

SHA512
b81eaaa3f4ac800e4f268677ce50919509a7d1372459e18e5a6c529fbd083cbeb2b5f861e9cf2b8195803283b9e0179abbe4f85fa9013c21ce9fb8ee5fc35c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
74d7a40b1ccaa3845ea5f09c4314ecab

SHA1
d4e718d72e8a3ae742f0bf853d00f8de02ce7c82

SHA256
4748c2b7ff989b49dc07058b11791cae9486481ac98edae24da29ca7fe14fe6a

SHA512
f7a39b75c2d6d62c5dc3404e62f33e25542ed599c34d59620546064da933b95c58bb939e91ace667a31dc68a5afc9cb0704353f3f87e22c99a518f4fef915f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1ca38b2cfde19c1c108aa0c7139792de

SHA1
6fd7b98a1ff9e7a8fb1a89a3e46ab3278a1df7e0

SHA256
29a259179e5faed880bff4d2bd7e1c7ff2f5b0f07a04349022dfa3c6acf19c87

SHA512
93e940c02d45755e30646fea066bb31925acd374b2ae4398fdda8737a9b021b64708f607074244089fce9a5d0da8db7733eb0088dcdec883626d8831918e4a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d3025cedb35cc78d93962956c0cab43b

SHA1
101b9933b6fafe33275b5918b876d657cc2be5ec

SHA256
db35ee7595326ab3608d34f7ae7cd5d280fe735eea49b8ccec612c2ad9495bb3

SHA512
7b11e757e1f2cde348848593964e76851529414b0d0b91522da2f591b8fa4615c8ec836aa3cf394591507e98db2fa68746f50ac7a9ec9c9886921fe03319fd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30da30aa3d58dec0b5cd2c540a141058

SHA1
bce9066a44d6551fa6a302e3f38b82fea2df30c6

SHA256
cf6761f7bb18beee29f852d456e54e3c7564b6a60bcb8facc6da02ed30801185

SHA512
9e1db97d21faa3925d20ba328fa1375fb407c09e469ee0c2f2454bc5177c28c94dccdba10dbd5b0d0b0f822624bcb65733e8c74cec549b2d28f7dd995da99b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
33c6604cf0cf50c1bb5bcc82b9b29b87

SHA1
3aea78f724b31207ad0e8223262d2bd794db6991

SHA256
121054fe75cff4e8777c2478d85342ec7e373bb0da9f04d7c190a3b0a2f1e9d3

SHA512
570332fd5ed5be2c0f3819aca2ecb3f4d5ff47678b2126d683b7e06900974b936fd5e7041c910a4aa770f5fc4bab99c226bcb825abe8d6d72a6e24177a15d4f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d89dabfd-64f3-4a4f-b116-fdb1871b2921.tmp

Filesize
2KB

MD5
83fc102080ea4c2e823e878c6a42f77c

SHA1
4b72edce4f2554234193ef9374675d674d8d50e5

SHA256
a0de880101699b4b9eaa33acd7f75535799805677fe94c9e0df6fbb73504de9f

SHA512
c5efe807d84a7e343597b70c391408627b0e36ea51c426607ca7577e77646d6a7eb8b27a2df5f9f679c754e98161e84a4e0d2f220cc2d5dfeb86c0beeb12fa20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3d9d17d874adda5b3f89c55c19028919

SHA1
e581435b1023cabe640da2e37b8ff272ffc00032

SHA256
bf3b411cdbac6c439f707119993b8efdde6b7eddb2fc5ed4bf484777eed6d495

SHA512
6b87e0ac481a97ed2cae5c6aca14be8c104a498ac265db80efc2b061327999cb2d0656443f34fc67ad7179d67aea565b5242238157fb1a6ab1ce4b22486d0d3f

Download Submit