7f430e2192d1141e9a3ee2d6c63155fb07e8cdcbc4802293588b485f6b993dcf

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cd70cd993078df2be2c1d9157e955fb_JaffaCakes118.html
Size

205KB
MD5

3cd70cd993078df2be2c1d9157e955fb
SHA1

44c49bf68095f6cfc5e817acbd9d075e64668dae
SHA256

7f430e2192d1141e9a3ee2d6c63155fb07e8cdcbc4802293588b485f6b993dcf
SHA512

3fccd6c31283c16d0aa5592a67473165754f7ac58104f3e9a21c675309f3a0754be7bdd298e567f758591981ace3d88a901adc3890996e99583b22c3e48a5102
SSDEEP

6144:b+w3cIIIW3G4k5QhL8atV7iVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4jO9mge/bE6zC:iicDd3G4k5QhL8attiwMIsuQyf5bTM+C

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
816	msedge.exe
816	msedge.exe
5112	identity_helper.exe
5112	identity_helper.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 5104	816	msedge.exe	84
PID 816 wrote to memory of 5104	816	msedge.exe	84
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 2028	816	msedge.exe	85
PID 816 wrote to memory of 1060	816	msedge.exe	86
PID 816 wrote to memory of 1060	816	msedge.exe	86
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87
PID 816 wrote to memory of 2096	816	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3cd70cd993078df2be2c1d9157e955fb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb31e746f8,0x7ffb31e74708,0x7ffb31e74718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1126417839847077405,13669079939824806155,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7940a82b-7abf-4568-a642-b929979c5d6a.tmp

Filesize
5KB

MD5
74f77021f69905a6ad9b8a271ec7bc09

SHA1
c8f02f1d86eb7888c474c94c6069f5fa848aea34

SHA256
b3afa2aa1ec5eb693db0551354a99dd4a4464905267ced00f971f41bff41c71b

SHA512
b4e7780e09971203691a5013f71c23712880484f104e329bf98a6c37449506e1830389b03d8ba31313d3a3bd4c827acbb42c1093d6fe4f1ced541ebff9153d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aa543c6c3cb3d6797a4cfb9dfe176dd6

SHA1
fa726e93eb63f32a9a1d8bc4ea9ee3a1fe546d0e

SHA256
aa9ecc6472ae457e0b1c86039a71e2ddd12d90aa953aada28088c8e70d5d4ad4

SHA512
d06442bad774e7a577e160c666a78462fbdd573f4fc06d51e8125cb0b2b3929ba678dc128174caedf6805a0e6d1d3ce4ea6cfaa3668446d0f2632c9927d3bcb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a4507c70b76c0cb6dc26bb7684719576

SHA1
a4a67b3254ef8c8cda31364e7d762e7176dc2a0a

SHA256
04cc091dd5541b869fe2de4f2366f688438ef88819c8248a287f1641a2d3f140

SHA512
ea948f5bcc23d94bf441616e3a9158c2e967fd29b86cc34d748c5d28db993415b61144cb59e046c26430480628d6a09867093cb97cfba24781f8adbf77c88c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
03e13e3bd49f7e5ce7ff13b50e2f3ad2

SHA1
43036ae9f6d9d4f9c0ac5365b8573532b5c80ae3

SHA256
affa7395eebc24c0b780b2076b06edd3f702794c4e653a46a8a0717be0dca99f

SHA512
3a592fd6e35b7f34868f229b234ed93cc356870e4c6edab45bb8c3bcedd9f32740f02dcbc684bc81dbf767a37ce8a11f9738e819997cf5594e372161ceca8add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
05c9fc293aa5a4d03d4928ea7847c47d

SHA1
3ac84c545af48930b325447815f6ae17fd7ddc46

SHA256
28f2d34f556104797490627ca33f6c6d09ce5ab2f8db7bcb63f3a79128a114ba

SHA512
436f8fdf28b68821c2946cab67dd1fb9c053993ba2535c64f962a8928cb7bb8109d31d2b3405dc65f43b82d2cc5be2e7cf5f9eec57b2e25f074b16edb91bc087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4ff22d7f127485860161ef84ca0a3f5c

SHA1
e00c94f3670b1f011e2cd794464f71c3c027fd7c

SHA256
0596f4f8873cc5e5fb310e1577a4c0a8c573d93b0e2d93297f1358bf88120ce8

SHA512
055c28aeb0b95c0c48d88a6d52fda5c4abb328c5ac49a8bd5694109f06da9ecb633a87b08f75e1f8b126e85c3ee73ec7a6e23d51310feaf7b5210dee4d32e50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6623bc8e99536633e52a8068ea123110

SHA1
c461391d528facc160742d22c7a3252e4f67cb67

SHA256
370aa709e79e802820f7a0384ef2a41481c1e35af66793bf2d0ceec2cf771a9a

SHA512
b84c8fbe02b61d3270dfb18e45ce3b9b888eb36fca2e1d18a3769515c7432460649e8f4444f5d59e3ae5007f8c8edbf2564b86429043f3290022dd6b4891419f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c95a9662c1a1974662478730393276c

SHA1
70827e581747c3c43b28e49e2f01b4657cf61198

SHA256
c12afcb53f6ad36e40c24862482063bfd139feb6b857f1c00fdec482cf482969

SHA512
854940c2c26ac73c82416d0fc468b762f62d2e53a9ee5e6dd275e4ee2a57e4660efb4405b6946db7e992a4f9fffc87fb6b9222e700112d24780ac881b5626885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a84d46fc388b0d536cc0bbbc65ac6db

SHA1
9c4798805287951c7c869a2b9b249343ebb4b97d

SHA256
8945d3244dd24e0c039941195bf83015f05bce261e9082c97b94c06bf063ccf0

SHA512
c2abf9fff27bc0faa6b98946f1f2e6829af7e47df57811bd8ac9c32602c031b6cc4f3fac0e747bd5d74440361eecedae8ba3124f69d47eed83050bb4f69f8639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3f70206cbe5b4b9f6c952f51110d0a9

SHA1
83998208a45daeef72b499ab178270cb30e6eeaf

SHA256
1f0c56d08d0f71104bf1d44451bd3124f0acb56c3a92180d97ca91a33ab99db7

SHA512
89c08c659cd05fecc10b3a4422f2c7c2d44adbf8bbd3f6e236d1681960107a824683006839e10c14c71933cf6a5e345f73b72af2ac00bc1818071a3179a0ac24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
788f80ade9af4b2e6e134a614355724a

SHA1
46372fb6d2f035dab1d4fd5876102af7736bd68d

SHA256
59369b2ff5d000f603bb697f6371a92f8a44c0ae3fb732bcbdaffe0023e19ba1

SHA512
0ba2320c99766e6508574e1dcb31918a4422f146c0abcfac2f75f45cd06745b6fdb1b811ce4bfe831591e298726934b066a2f3fa85a6123bb8b1950fb40821b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea31.TMP

Filesize
203B

MD5
265da6e02a3277c06d08c5c3d5d6692c

SHA1
f6a8a3b5c9ec177a04952c3286ca024cfb5c221b

SHA256
f568457217c70c71f9b2c86cb6ff7847b2ec2bb71a32912981637a3b6694bf50

SHA512
4fb5a41150bf46718231b488a7e9a1faf7149c45c3e328c61f3004eba9d325cc01ecceac4b653408dfae34a503a8ca41191d0400edfe736b8ea3cb36e42f2216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eaee15bdb6a78c3ff37c060fe058d8d2

SHA1
26df7eec7ebaf2cb2107894d41c868c22c7cb1a8

SHA256
8c82fef1bcfa06a5f9b3c445f5de3067fbe942f86725de01987f3cec72949382

SHA512
6c0cd855ab39ae1691fea9f93c3680d45abbf651611a69f2eef40497c5735b175834878347d534f8e474b639dc9d12fed7a3bd7bef1b303a9195afcbf7db0345

Download Submit