b398e91dbdcf28aa63228810ee60c06c6e951b3aac2f21b11efb3ee3f6d1b286

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

953a795a974070eea98072fa3a5a0ded_JaffaCakes118.html
Size

65KB
MD5

953a795a974070eea98072fa3a5a0ded
SHA1

6ec9f15615e1e96374ebc79999f03f5963125a24
SHA256

b398e91dbdcf28aa63228810ee60c06c6e951b3aac2f21b11efb3ee3f6d1b286
SHA512

3381f5ca9fb3a5c373eb771eb650aebce3a5cabfafe5f1f3f6ec200e2e8e6e66c70eca199fe1a9eb96f4b5c2f5cbc408fdc76a0defafc1b31546f72821c24919
SSDEEP

1536:Q1JEjf3/pdIAUH4WX0hLcqVUDDkNfCJrR8fjbS/shqIHTurk1NP+lN:iJEjf3/p/sX0hxfCJrqbeshqIHTuQ1No

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	sites.google.com
23	sites.google.com
24	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1648	msedge.exe
1648	msedge.exe
208	msedge.exe
208	msedge.exe
1212	identity_helper.exe
1212	identity_helper.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 4076	208	msedge.exe	83
PID 208 wrote to memory of 4076	208	msedge.exe	83
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 2772	208	msedge.exe	84
PID 208 wrote to memory of 1648	208	msedge.exe	85
PID 208 wrote to memory of 1648	208	msedge.exe	85
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86
PID 208 wrote to memory of 4880	208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\953a795a974070eea98072fa3a5a0ded_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba57446f8,0x7ffba5744708,0x7ffba5744718
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1492 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12959711254022428439,319419368351107140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\924df2d2-2fa0-4a7d-a7e9-e48f7e133723.tmp

Filesize
8KB

MD5
411aefc66712d3fc7a2d502500665f5f

SHA1
e0838474fb53cc334e7aec5ba7a65d20bb33775f

SHA256
cb50617bdb3d8c6035d2dfc85ecee6e30550d97eaf29f78cd2e627b75565121c

SHA512
a51a7a11ab11738687d29262f743f7cfc30497848fba9dab9748905835437c6988d4c598404f0b2a7e3519dc0da6824b1d0cf1bacfbc0f94a5be29d8637bf7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
9a8e538524054f86eb73eeb00e31424a

SHA1
35ab0fff51a81aec3f1c1ca6406dd521c09893f7

SHA256
28a27c07cccf1a8e37658352320891fc286dd15482331d2012cdf5422b5dcd82

SHA512
d8bc2dec1323bf759fc4c3e2a77b64b56d3d80676aa38c7386ffc650a762ebe1633d5a802c5d71c9b485348415ae6c22951b3a5e141a2f203f7faed1620d4136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
fcd33e2d585125cafaafe79d6f7bf4c9

SHA1
0e39cc9e2519b9597268cf06ee7d805c77e2e4a2

SHA256
d95f4721eac72fac80b2fccbfa5d4531c51c384d4093e7394f534f6cb8951f3d

SHA512
12e83ad183fcca6af427c64dfcdc1e7e4c81f9ca5625a4479da77cf6bc487f726117d082347a01fe7c038e24b58cc0273d8646a8f958522c118a0a5440daea7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
4bb72c4f6d37b6c462957d2bb84aa224

SHA1
4ac333d9d3e9b0cb0086e7fd635f1c43ef83d048

SHA256
906bb5bda632145cfbe4196ac52553ea7aec5224705ba0b36dae81f9df90fe63

SHA512
dfc3c89e427279cd8c33543651ff778b925c2e2307169858f83c1df02ec5acbfad095dfab4232084a6583a28b8c33bd740c16109cf70a4e1dd5eabdd05b381d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a61c1d9932c5a2fe91688ab17b2eee4e

SHA1
22ca93a3bb219e9ff273ec3a6fe455966baf3f1c

SHA256
f0a972b80684fc67e1746e16cac250e4969610d1a79c279c5b061570551717c5

SHA512
1455abe85f15e28abf54c53b8f09c0607cbe4333de307ebda4ad90e83bf0c18fba9d27d5b238c71ef864510a345f34c850f00cc2f174e5973fa630dbe3e3344a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f9f30d0b49c23a4de86b6bfe0f8413c

SHA1
dddba811b03bcd632e309d64990cd71adb7f88d4

SHA256
d638edb83946b719ab6d6b1e7d194403f01256a6848f6236e5a8303656866be0

SHA512
d8cf6c00dbc49b1291b7d4158938887abe1839a08234199426989e7f6196e8f9c65d738ec3b5510b6438b5729800b4576ae50d379957536e99b2d7d7c640d4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5e4b4b72f6b6d69363d3d0767ceebc8

SHA1
e2ea64b89cb84b2dfbf1f95d1d3dcb782a548cd7

SHA256
16459650a832ee85e21d5fac6cdf4d24d8c0fbe6d8a7c5d30c80277bec3cf7cd

SHA512
b5679ba861667ef5cb1c4f9ce48b01ec6b5990e3cadb42e06aef1763b705306ac21a40b8965c92211753d3fdef5c7d53e7970b856a273704ebf4209883393306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2f22c6b-d1c6-4b0d-95e9-57610c87a88b.tmp

Filesize
4KB

MD5
c2e68b3b9af88d6229d47ec5bd724ccb

SHA1
69122b2574586a6610837d55b1dbe4fddbe0bf17

SHA256
0223e8e3e8ddb13d37732eedb16a03e71cea2f58af584bb8c410d0c6fdadd658

SHA512
bc6ac238f2c09d89323fb7743f2964bd1df2b09ef75bdd8034f2dbbe75a34b1ef4bb61e4b1cc3d977a46da1e34250c6e477151c097336246c51533d01087df09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f37f10c53966838b1ee47263335c6d48

SHA1
2a5f9ce338625f9f99a832b3b898c36d7a6a95d5

SHA256
81a7732e5f0090bc3d25be43c4e10944c53fa1e2ce400ee622450334d477312e

SHA512
2cf4d64f8c6fbf103d901bf08f9cb274b547574a96dd0666cba5ced2dc9c104fc24ada66799ce389ecf8d8ae99b9708036fdf7e066c665b066ac65d61e2c669a

Download Submit