26653a698c24f7285348ba5253ec6dd5abeed67968a250f568b38ab15fc59d16

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ee483601341669d3340b2614832e80b_JaffaCakes118.html
Size

236KB
MD5

3ee483601341669d3340b2614832e80b
SHA1

246e46acca6637c4706cf9d3c1d4c783f45840ce
SHA256

26653a698c24f7285348ba5253ec6dd5abeed67968a250f568b38ab15fc59d16
SHA512

4f0da559c25f2979e2aeb4d36dddd870b623293e4ff8396cf9449ce6242d752994180aa10fa02d1f18da5e75466166d1395fd0e610949443e3228d21c2948343
SSDEEP

6144:WNk71hKL+5P2wY180jBuaikBbFZZtf/mIhsIgCd14AJN4ih7Y6A55umazTHkmC6u:WNk71hKL+J2wYVBuaikBbFZZtf/mIhsZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3388	msedge.exe
3388	msedge.exe
4356	identity_helper.exe
4356	identity_helper.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 4552	3388	msedge.exe	82
PID 3388 wrote to memory of 4552	3388	msedge.exe	82
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 4072	3388	msedge.exe	83
PID 3388 wrote to memory of 3248	3388	msedge.exe	84
PID 3388 wrote to memory of 3248	3388	msedge.exe	84
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85
PID 3388 wrote to memory of 3356	3388	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ee483601341669d3340b2614832e80b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd952e46f8,0x7ffd952e4708,0x7ffd952e4718
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7173570249015447541,531343617466279872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
4626dd2198e3a8d724fa9160d0e60062

SHA1
bb5c31745f3898b9fc6f41e730c95cb8b5eaece9

SHA256
b1316a6807a2d403909c179a51324a0d31cb8b3d808eaf991c685c34b6889693

SHA512
474567b529ade6a83363617fa94f81244a7dbd9ca07fa05616848fafe8e449c5313d59f0183054cab7f4323bf55663f7f6182c0b5c6c921b9454d762db492182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
750ac1afc9ee7dd557768978d15fba50

SHA1
133e9d996f8168881eb07ba83a018f738f5c35d8

SHA256
e1210625fe8a5279775627c004cc39fa045940ed57229f39d3d472c53d306fa0

SHA512
1b1dec12c116459a70bc7dcd657aee3c1616e75c26cb02db4775177cc2a76d616e3156c3c12914b8fa826b9009e2715a7a1215c8ba317737d01129418717ae50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
95KB

MD5
3dfe21a99e36122cd7546f3715bea195

SHA1
cf14a670e3173a6a2228c2a18f814500ab40fc8b

SHA256
14fd31b8f71e6608c396c2016fc1679e154c31e83321cd66d4240bac07a7afdb

SHA512
8ff358eace7ff2b9561998755e47a8e85321fdf560788daa14ea0305183e8d6b999639775de37b1fa631c74ef05d9ce553c99190192ff1b5bc229d1c70ad2e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
46KB

MD5
ac83857f0497a4a0e7669329827cf228

SHA1
18ea483c966969e43a654fcadea9719a8aca370c

SHA256
43337a1354f376890cdb73f3dbaf95a8027761c574c30cdecb321096be485d3e

SHA512
6a35c50764d31d4bac07ddbec2329238cd04f2c58c00629e523ae7fc2a7d6be5d1226f8fb6c3c1043b215c38c47951a66fa8a9d4f4d6ddce7664bd1d011db2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
32KB

MD5
803e5c41b9fcf6f3a121e4d273de89d5

SHA1
b763ee2f37610ad8f5c04e3e6609cd0335093576

SHA256
992584bedcc075da716dfb9f12ec53ec2693e0036dc90dd2829ddb04556425a7

SHA512
c7c36fc779446620fb8140f3cb60caa8bb3c6464e0311d5e590461c797678f4810b8b438cd7d38023a299bf04b4a31612dfe2a7df9e5c03c3b285998bec835d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
32KB

MD5
21fa9f94e6db3dc9d82763e327051778

SHA1
474d7a655ce663bf5fb8c38bcd2e1858a02716da

SHA256
b2af0c5afbb5e3506142f095fcffa34cbdb966531c3ba26c90e6967768f15223

SHA512
f96574ec8edb333b194b3cfdbbc6c07f10202da9c8b5d1de928ee894b24f2bc33d3edce14b1e21e9e9cdce3b684e0dcd675e4bb2cbed9b0d5d2d25bc6b253ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
b1158c4f98ae7243e83c098b85379788

SHA1
dc5fd62c94afb1da964e90535ba93c34628d96cc

SHA256
1e9229df26cd45926551ca60cc483176465031f6e03a1cb38cc01bcf679ab956

SHA512
1c006f8b33ae63017baee3a65cc4ed36cfbe29cde99c72dfcb2394353c72a472a60f16451d344a416547f25c326fc3c76c01cd15ec2825860a8973fb906d457e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6742e58cc58bb216651ce9652a43ad00

SHA1
c4a5f9a4fa7e69218323379b3b911f67af3405aa

SHA256
46235705c0803682c46f3168a3a33340a09f405c8eef5c1371efec2b66859c92

SHA512
c2f57f044cb2cab00c836f19d275080be08e3ae947c280a5a20cc8e681cbed6b250da560eb479d22d3372ef6a8006814ee1b8ceb217c9ad776b88f456b562686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c1ebf3f655d1c787c5806558473a79f3

SHA1
6b7977c8526b374fcf37275e778e07fc633a89a9

SHA256
7eb833d79a1f5269fe8cd0bc2b0502f6cae76cf0eaeadd977bb9248e15316cf8

SHA512
a55ff3439492999fb297158ae6cc4e2942c654adf30cf64cfbbefa589a6609e06b1ec921607c12e77250c1ae17691c7474ffa8cf39651a9b582ce650f95d79f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23fad3775e6ea16228ee0d7b42f3b106

SHA1
506db83b20e171251d683b26d55c7b6e3748bb5f

SHA256
0048dd4bf3820f1b8678841c778ee1b4d4aedc773a665ba6f48bcdbaac0743e2

SHA512
ca05f5a9c888f7cc4c81316b07e1750db3b2387ded249a8e9d1f0cdba59c08646c4255d21f19ef849452b4115bd8b01b534cecff65d7c5da8ef4cd87e513ee46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
155acb2f961e527f484478222a4e2dac

SHA1
b73858b85aadec37d74d509459a3c906c969b6a4

SHA256
9befa9ffd9edd7e047699ef17cf9662ea9ba818f5a7e334c8f65e118a4a2f9cb

SHA512
11d1056f57c5c921d307efee94bdf8a8cf62ddf02cb05f4ef490d82f400c978d17029c5b90788add7a8fb48c066ab2dde4c0981e2feef0abc2b7673aee2672df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
672f5ffeb0e8f8fcaf85d2dcb20fc8d7

SHA1
ef6f312ec288a0d5637d06aa0ab09a83f9b34370

SHA256
f2d606cab6f0543c6eb105524a7f9bf9221e9c1a690a217725f5d61c37f54e69

SHA512
9aaa6b6c171f92c7c2400e565e26f7af4d9cd9ff2613ffec83a3bb539eccf3c0c82c2d7fd349c752b26f959a5a3f319d18be192bd5b9445020ee9113667bdab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
efa8eeeb1ec7dab284c40ebc50350616

SHA1
f990a70b25c858675a66251253d567f470431397

SHA256
94acbd338113dd29ba72d7bc1af19a134e3a799da0ad4c9df64ab90c744cb174

SHA512
eda552398cc87e2558746ee4f6d591a65cde2a5cde34bd9f7c7efab9cd9e7a383cca7563263f80e6c18876a201d079a456ad8f7a9a3311183a6eee067c3d3d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583217.TMP

Filesize
372B

MD5
9e51ecdb706e3bc85ddb40a6fda920f0

SHA1
546bcb18c969bd341dde5fba9b12d3594677247f

SHA256
775a672b600f661cbe191f1520e3c0008c5510faef5081a1953bca74dba1c4f4

SHA512
6242629d45c965a15c7ea532e08a17d0066a61654f1c1dc1b4f67ac91fc5fc99c477a452a7b8c65cee187cc36ed74182a45788981fe5e1464475ff95d8d88e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3163ee73e4872da756628f0ae4078c51

SHA1
59a17c6679ca5e954dbccb245e984901dfb41148

SHA256
b1d427b0380a9bba574cfb330e8a5897bc5db3fb6804210aabb08d1040e40087

SHA512
64a4314d8ea15ceba0ad98061c84493c2d7ec7c00073b48cb0957679758561d1c42d5c3a775d45b499348ef846ea1b6d8ad6af2ed0db3aa44e3d3903ed4da227

Download Submit