a827ae11eda78597e1e5191c9097e639cd1dc8c44bf811cef1ed1f6d983f3025

Analysis

max time kernel
147s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 06:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5c35462a1909e2bd52db2f9dd4ec152_JaffaCakes118.html
Size

91KB
MD5

d5c35462a1909e2bd52db2f9dd4ec152
SHA1

98b40de1a44e8c188c4c8c2227fb83b483e79b32
SHA256

a827ae11eda78597e1e5191c9097e639cd1dc8c44bf811cef1ed1f6d983f3025
SHA512

7f1bb2947fd367317430184fca7ec72b9b4ccf2fc39d82a162c8d8463e0027e78f6a7376307260885e2011c91cb96db79d4f82a0143ec74701a113f75bc54e74
SSDEEP

1536:lf/Uahcs6z8BJ3BDUAmUO6MqBOiX9uX5e1+DXn84RrW:lf/xhDO6fBOit05M+DX5RrW

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	sites.google.com
27	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
4888	msedge.exe
4888	msedge.exe
4380	identity_helper.exe
4380	identity_helper.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1656	4888	msedge.exe	83
PID 4888 wrote to memory of 1656	4888	msedge.exe	83
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 3204	4888	msedge.exe	84
PID 4888 wrote to memory of 2336	4888	msedge.exe	85
PID 4888 wrote to memory of 2336	4888	msedge.exe	85
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86
PID 4888 wrote to memory of 716	4888	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d5c35462a1909e2bd52db2f9dd4ec152_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc66c46f8,0x7ffcc66c4708,0x7ffcc66c4718
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17410823653052608272,11457948463384772719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\228fa818-d86f-42b7-b545-aa8bbcae1c40.tmp

Filesize
2KB

MD5
d00c5626303fd30d71e749ec4c56e8a1

SHA1
39bd6299d8495b7795eb92f04dad5a36ed36f299

SHA256
5dcde7e9be02f2f60883a2dca3c351fa6eebd8eb81e7879ab7e8a01aea233d6d

SHA512
a371be9d4c99b5f14d9b5be55a9f28b4bb44faed244cd0c9de503f8f1f4d0bbcb2a63ad1d8e11ca76f832f231dfac972e330177c8c25fd322c98025fc2e3b1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d528c67e0541af0e68a81486b1490fdd

SHA1
1ef20ea6288b4b8a9b57f8983f05e7fd9f73dc11

SHA256
4b686e02bfe05cfaccff1ab2ce7f2225ac120daa94c2ada4e0e45319b99cd098

SHA512
29cade3a7e0ecdf2503722b5bc98dc6cee3e98e52df0744da062636378f00aa020ccd8cf01f4818524d32fb87a12230f4a04327e023c862a34a1de6be67a035b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b16511f1c1a4434ae7be9b4da2ebb000

SHA1
17aa6d0c896c7122b9724e32fc47f7b626cf3e10

SHA256
af55266c7d81de4e2ebe8c9e37509a2a6eb45bbc3c6d72d2d25b666b4c60c823

SHA512
755b3b97b3b8345fe76d220a575ad84a1bb10924ecec4479c91fc5440a342d9a56b6f3297ea30b95c3221b91051f4080d2a35decf56e1bd0c61a51a23b112083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
0fc356f723586efde462cfb19c400dfb

SHA1
ea786c1a0bb998300e694d18019d530386b07bf9

SHA256
46931355cb31430b52fa14b062e172b869d56186cdc40f154897ad1cce3af422

SHA512
c4039f535ead9b3a146aea27246f2e835ca592e18cb5c392f8b292aae59a2a34753a2be87267d9b25ac294725ec22488e50e1adde619fcfb53c3b4bb4d1c071e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0a523ec671283789e0b9da4d2d2e567d

SHA1
527dd4285d51914eb0cfc3abeb388ad16350fcbb

SHA256
9071cec43ad55a37e1e59697a1df5fe41f904c4d5810e9de5e5992829bd44a49

SHA512
ed121a147e837e6a18ab726f962559cde44bf25eb20f45eb12205eaf49e1939e07cfae7eefe7914b88d0db39b0a092f30374afa37dacf1f7cb85935dfc2c8de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0f44b5ef6f7d64224cf98dcd29197bd

SHA1
5df8559285acebd1d580f70374584a802239fbe6

SHA256
6041a4b1c953080e54bba344609b3b1d88c2cd8d77b3894dae91ed9d090b6858

SHA512
94c392f4482a4f7f7316a012810071c45b4dc021fdeaac56aebcbee7edc6be2d5ea9bb9a61de87b22209f2af2eb01244cda04a044c096a518b792f7d171ed4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fb6e995223517b0ae9e9921d5efd1e6

SHA1
9b61382440b35af35805cb117bc90757799931c8

SHA256
5498822da85723975e1fa6b20f9fc483c1cf7ddff8cbacba7b9f0384fae8e537

SHA512
ba617045420562294420750048985e1927e7644c4769f69faf5d98b0e22759c7fab606b7cde0eeb0a1c40c4c59029f2affb08ac1f43298c4b32a65ca20096ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2f90803d6e580996c2576c84fbf1380

SHA1
aa5cba0cab8be532f18aefe6fc759d1e099bc105

SHA256
e42948298b9f5bcec95247952b6943124137a2090396e9138cb0873674ed9c8a

SHA512
332a7cb40ebcbb5ce112d8f4e6cd30fa5b2924bce9ccb17993416c17df85332d017afcf37f69b583a68a5643d18ffe99fb0e025352e6a92f6648ce69fa5343c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1988758b2feb72764b950725a55ad9b0

SHA1
72385fb11e93aa3e1f4bf6dc90ab9153137fcfba

SHA256
55b3c3835720b1b42a44d14d8b82bb82f07c5cab0717e0426d56c4e07a3c81ae

SHA512
8e8e780bb739a03195127323316daae901e873bfbda7aa1ff36a69270e74b3c15288d06b273b638f55d88215ab62409e379fa2f691362a564689c34467b61d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
2f8d39cb9166c5f99e660ea9ddca2437

SHA1
f0719474e5527e723f9359fb96566641743042f1

SHA256
063f1307a3d38109ab7dfba9d1ed3c9eb2d8ae7dfe0000f59c70067f526d969e

SHA512
dabcb85ca2397366447838f390362d9a806c0a8fdb3726024748e64ae1a682c341317dd0532a7d185257e0230742979ee578d9b411cf816fd12e7df62f50c13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586193.TMP

Filesize
370B

MD5
4f8eaa27a6d5b588a2fc8ee9408fd0fa

SHA1
34159e0155ed945eaee13d529a0ba0946ae857bd

SHA256
6980e9ac139695d8d4db5188b116c89f311bc06487f0e79fddb1d51d755e3cc6

SHA512
cffd16f117eb054c166e55b55a75acbf3abd94df7b42dbc5a53b61a48370dbcab784930e2cf9c2ab20d34c0171a8b1c12af98cc66cf24ebb2ae15fa883afc5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f6045a3afdb177a19f2d003b065383bb

SHA1
1e8a85eab543bd48976a04311dc1964b9cec0347

SHA256
d3bdb7a9c235fdce5b5098d5f40870151d1f55ad21a89e109d63f199a0835cca

SHA512
9d058585554b4258003ddb5d05fb3bcdcf0beca491dc4bcc237d7b6623851e48a3620282c28ae8b2cb088d1c9022b8285a62d16b99cc06bf844c443f5b24c40f

Download Submit