9927252efb9f3165cc70c2aab6a5df025f5fd99b27d1b9dbfa5a005ec1f3e64a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d.html
Size

168KB
MD5

ea343e2a1a2f11dd1cea32c215d2a19d
SHA1

c2f185c065f9530d411057901553989a11cedd53
SHA256

9927252efb9f3165cc70c2aab6a5df025f5fd99b27d1b9dbfa5a005ec1f3e64a
SHA512

92bbb77d5bc57506a3a7fd34bf0571f10ace5e91c93a1b0a67d1f745645b54f354ce5a6a424f8999d374b164a4c6fb3a73e9933ab45b6d1869910422d514c101
SSDEEP

3072:drYGwB1eoPGGz7Np1C+4/aAXt8po4+/pdDTT+NbV9au4N2+FKMAABn2hWByGObuO:FPPoPbp1C+4/aAXt8gBdMV9u5AA8Yq

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
13	sites.google.com
24	sites.google.com
25	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
872	msedge.exe
872	msedge.exe
4268	identity_helper.exe
4268	identity_helper.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 3760	872	msedge.exe	85
PID 872 wrote to memory of 3760	872	msedge.exe	85
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 4180	872	msedge.exe	86
PID 872 wrote to memory of 3436	872	msedge.exe	87
PID 872 wrote to memory of 3436	872	msedge.exe	87
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88
PID 872 wrote to memory of 4204	872	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cde346f8,0x7ff8cde34708,0x7ff8cde34718
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
bcc399e92f620403b994bb915c166b2e

SHA1
40189a114353fed9c1d75917258ff2634e8b8805

SHA256
6ddc5f5d7fbcf51152b77bb6224c0a82d637032cd3e721707efb132f49b8afc6

SHA512
be3a06904f68eb7f705bccf82e35edcf645bff36464c416d2afe6aea777371bacf11d1df2754cb0bf41074777bd62fb02dff28f31270b82fdd30f8c397828316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
019716c953c2d4c7e741ec959a759506

SHA1
41b9ce1c685bdcaa6df3570653f832663ce9cf32

SHA256
77715def9ac59be63c7fa12c047775d7648364f625520837c2edaa4757032292

SHA512
a4464a4268af8c48dc8fc48d4410b1ec8fa87da3466588277eeb4424465893d1d6a84b32f98b2dc2563934898b72b7e4219307a8ec589ea6c1e7d27b00b878c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e514ac50a7607aa6f1f020d525216ae7

SHA1
8aa8c74dddaef4093ba3ec08137ba20fe59f2809

SHA256
f4263926ab67bbd28c7558ee6909c260fe170602c820d45b5e211252b5228f6a

SHA512
0ef838c921c91a6038fedd93a2a2116b85ce8e067f7767da99108c7250b821f34fb32b2e135b740c2252316f24804661281ed5b1178faa35ce80dda51a61f8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
651ae3d513714a59f1805c7fa48d3cbc

SHA1
14e13b9f8d1994cc9a2aa078320ba8b91e14bd44

SHA256
b93ccc9d9384f81f7b1f2d38121be24b7f94953a7e4a6a6ad90b947ca09b01aa

SHA512
eb3197217f3b7ca72ae570a4e3bc2620cf7e8137cf63f977b4633a2aadfa6a81883dcfaf582d9c948f5e2f09f05f2dd94e39eb2fc7e6245022c77fed70f9032a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
41f387c57ddf280e79ca514c24731089

SHA1
8205931ad25ff1132f141ae28a3f8c064f093b2d

SHA256
078dc3cb1bb510dcf44ad0e8e7861c4d5455268daba97ce11d826ce8639b552b

SHA512
2d98cb43518fc41664c0588aeeaaa3e70c58e3baabc40ef18b0a0982ea4219143b40ec549a23692a20517b3ee2b0259f579969e970c65a5ea9bac5a241146816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f76095a20fe42aebc1aea5a1f4d70b6a

SHA1
5d7444966c9b4e39699c038309d8b869c937942a

SHA256
683d6c18e51ff80026fbf2896c8c8a3d65acc3fc8cad9c568a060bc2a21a10c5

SHA512
b6712a4d664deda36a5448a1e977d980241fe6cf91ce6eabc2fa7da9e43aa499a5cad09bd54eefa5bad8ea40ca2e488b8c943deb869ad0ced74d74b68f20bbc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
697B

MD5
76b17faa5ff13ea67db92f0fe4a4a5b2

SHA1
722bd3e87c9f499e971fca7a66c30b10a2e58d56

SHA256
2f4fb6c40eaadc99a0571aae49bceaff44fafd72a2f1b7e60771935559a2c8d0

SHA512
b601c1a17cabf80c1e7fb749140adcb3684c7df510077ee8f0f950391e666f3e23bd1e2b4050f267ece533a73aec407fabc7dac205895d365b597ebfa89735c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
865B

MD5
fb132f8e14b9c6a47c698a931569f587

SHA1
b279de88d8410b40531b960c88452d0456958fcc

SHA256
4d8e128f00071fb2d18a569be5e3f9e12bb2f9ee4199e0c8992b48b5fd81f037

SHA512
7981dcbdde7efac1c55340d4528910486ba6cff532e4147cda5b62444d523357d2ec7608105c5b2cb74fc131efcbd52a90cd149d2406832692abcd4e885778d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a88.TMP

Filesize
367B

MD5
004eaea6f0f89dca440f63bb8e8e0e81

SHA1
4159e56480dc5f0251ae8efeadbc428032f3bb5a

SHA256
f50c1c740d61378646b9adc8e6a98992ee5f51e99c6c7fb923821e9369c4a78a

SHA512
61f5fee927a83252e2d8a675d813cf00db7a233b5d71a7bce92994ea88795e6613520503ffc6bf45ab3344ee9272a650b5a0e686be2cd17703d9ed112b5684b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b7a3f678-ea31-4486-82fc-ccf1c495a44e.tmp

Filesize
3KB

MD5
7f3235f4bae3750f0fa67af854ed87fd

SHA1
bf2b1cbbf33b7aff960a98848164ced9511c2102

SHA256
a763deb57e51577a46799ada2b36ccdaf83fce87410631b39f2d0e64a4aac970

SHA512
68c535e9e86086b0fea0161581940ab6bb96ff603a5a4dfa2d686533d79df2dfca6a9cfc1377a88995940c2fdbc8ba1b2511d2e0b27717c2a2366b4796f0b78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
be04eff493606ff6617aa53762609566

SHA1
21fa866b1f3b1e0494d28b0e0c73285614e126a2

SHA256
f4617c049a72e2b57dddacf6c052115f5738317cfaaea5b408085568bf7eae99

SHA512
7d4e52f7c106e956c07971d36e66a583c4155f3e093798dfe4a4a1ad06de8bd890992ccb41be1a770c8ad394e9bb0544c8f1541bba74f4e16662f91df589eabd

Download Submit