4696e9ee8bab62dffd1906a58df595e675f3c81a28575863ce9d62b54b87010e

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d8befc68925961d4d1d35cc9c7bba5e_JaffaCakes118.html
Size

221KB
MD5

3d8befc68925961d4d1d35cc9c7bba5e
SHA1

f64acf115fc8bee7b6e42ddfaf8bad58a0170fbf
SHA256

4696e9ee8bab62dffd1906a58df595e675f3c81a28575863ce9d62b54b87010e
SHA512

599ee7747d174a6a1e0fa43efd27060984a82f7b983d8ab2a4ad2f6ffce7c2850a19f3b0e36e76fad3269ffff98bcf3a6a35cca8937ba1e87496e3f098d61226
SSDEEP

6144:+vP3G4k5QhL8atVgAVV17fNbYaaLStRHxWUu/v66sbsGon4G59t9Dxq/522wOoSY:UP3G4k5QhL8atJbYaaLSt5xWUu/v66sO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
636	msedge.exe
636	msedge.exe
5024	identity_helper.exe
5024	identity_helper.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 404	636	msedge.exe	81
PID 636 wrote to memory of 404	636	msedge.exe	81
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 3524	636	msedge.exe	82
PID 636 wrote to memory of 1476	636	msedge.exe	83
PID 636 wrote to memory of 1476	636	msedge.exe	83
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84
PID 636 wrote to memory of 1796	636	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3d8befc68925961d4d1d35cc9c7bba5e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf08346f8,0x7ffaf0834708,0x7ffaf0834718
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4280903101929524226,3582026335192720953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
240B

MD5
cff7bf9a33a4f7f00e1df583c087b175

SHA1
a9f4bbeaf78cc4056c643281c2b37d9819037db7

SHA256
75cf118aee2a2a05ade9ffe180fdd04db060224886671794f11a567d3a3cf5bd

SHA512
00e26b333220390edac6e8601c3e974af4b7bdfa49b017e504c251bfb3698b0edfa534b1d0bf3c732a5f0af4061aa4e5064f2bd81db030a223bb31409535346b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d077ded035f41a77481007eae163f1f9

SHA1
7ffccf250305be5ab2a3d92b2cd2d0a91de624af

SHA256
ac6ec001a27632ce89d165511671f53b8f550b5d451747bce749d72da1d9ccee

SHA512
b83c99585d852ba24b63fac90b0debf278a34c662ae5a21af5b0bdfb55bf666d56cc4c3f4509c0945b96eeb436991cdfc19a0d01b5176977e9a169fab1f4192e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0de7558c165ddfbaa990fe0fdffdfa60

SHA1
08e7c5c2c6fa843a6859755a25b879811bb71f23

SHA256
d3241408d15466144c7f86ca9629bbb52c06754fde82124c45cad9e0338ae5de

SHA512
609cb1a9c0d9045daf625143ce67ea954ffffc794b76bdc091c6d8d8fa827de5b70d8f6e27687794335fb3ee47ace2b349367f3411356b8e1846caa11158c91c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a95cb9e141acdf55b6dfeb26555f3346

SHA1
91dbd3bdf6cf4fb50b40038fd61f1465196acfbe

SHA256
655c6fda964abd7b733a616e41c7f12130c1610cbd2e5d14b24db8448c051504

SHA512
1a668dc45bf272c9914ea0d0c9dbfaa8b6c78270a4695b30dc2d88c7dab4e04e65780a666ba5f80ce49d0ff9220103b2e304964b7268b20d3215efb4c7172587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c3a7d25840c80ff729248bfe2c203dc7

SHA1
eb6787f60d415e10f8f8f59916664dac74e70dd7

SHA256
87638831a259a8670c088a3635174eb9d77277e0e9986048ddb52c5cf1bd32a4

SHA512
f0852cf0abd019fb1c91ecab51d3f755db46f1464d4a89f669ba78cb1789e8c2240b505d2f47fd6e9621f8bd927d7a241e3d12734c96172e04fa64c6bea0827d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b484f8d3e411b3bf70a3bc35cf7c4de

SHA1
e8c7acf491cb25a7293928c72dce28d806e028b3

SHA256
c013537966a9c602bca6541695c41e5da3833e000dc319d778760ef0aeac4a70

SHA512
f9d8c4dc8c0c455a80e7efbf656062d7903d4980555ae5f602f9096090fbab78bbcd5aab22788ddbe7e83cd326264fb7472a3b51db3c8795a0f10f2b08e06d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2782e5549e7fd1d5a67e1684ab5e7c3

SHA1
ec89d8677e696257eb34cd531e1ba7fbf4ec74d4

SHA256
597f3a2b97c958367a84886f6934c55fb6b1627a670b86391507c1f0610ed865

SHA512
58c0fa1ef5dbdef61078fd8cd9ffaca035049f68d10549e946c71eec91bb7e4fb192cd7c42e376d24cae4001b675711df6e5365f8e7dc5a4cd82a5b226af3813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77bc57b27cc1effda6be6ea94c7d8ff3

SHA1
5fe870f3cc0d9d9c7bad64e0e30a4f3d4631b324

SHA256
e647c6d3e771afcc587ae4293b59ef4b82b5b50cd569a079a03d2fdd7ebdb229

SHA512
5b6cf5482445a7587fb692c0b17fe5835fc471d5296d97e1043d9c61995c31b99dcc096655386d62d882f2ce514303c16856d7f89442522c0fe9c88efa032506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
319f606f935ebadada215850a71da639

SHA1
c664d7d934f61e57219ca61c0087987301894faa

SHA256
56e4166f78d5631918593150bbd5b0b61f6a785d0e4c3674956ddf099314127c

SHA512
f145f2d4b1995cbc5615b367a4bf264df2bffa7767908c5cf965d766d2c824d0e079fa2226f77d3da8772c17e519faf5203d943eeeacb1e3a74013334de55eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
415cbb62dee40d12d834914f80669dbd

SHA1
00482e2a08cc67898afd98fb2e0dbfdbbb4098aa

SHA256
de305426f6b2acf47e4abfae35646de7fd38f8b260da3684f61ed97559635404

SHA512
7f09442eb8d845d44992b2c9ac024666eb616674ebd0acb331786ff96139fdcd00faa964a391bfe423ca50155ae1bb5d224b2080d881d412903e8c097eaac96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823cf.TMP

Filesize
370B

MD5
10f108e2b08d0f5560d53bbda67d3da2

SHA1
c6dfc357d2a87f96f35adafdba721e6cbd8a2452

SHA256
ae7638d232f03f9b3ba4f193fe6974a1baa81e9683371fda85903e840be07de6

SHA512
b93a01685c3c51713f23b1eae5dcead7e2a6b662837ebba9af8f3a9b20b5d5245680f3f8ac0c4b8c831ff77ad104737e9d6b72eaaac6863dc00ce343c1869b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97be67e660d03619ce6396354e0c50d6

SHA1
41680d354d812b646d21337e928026bf6b720312

SHA256
c9f4d23f0166551263007537bfb1f478dac92c3843351851bf0e2c163fb4ea4f

SHA512
04809a5dfb05a4ac2b1b6d266d5876e4aa25587c8d70a610b783a34faf81cb6b62a6e40a0ca9f71585ff7fabddd92e7eadddaabed901ef14dc08108e33c740d7

Download Submit