081775bb6938bfce095cabec132a8af785b943921bbb1722374554844c6082e4

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 18:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c7e4bb128225f41ff7bc266a43e39db_JaffaCakes118.html
Size

187KB
MD5

4c7e4bb128225f41ff7bc266a43e39db
SHA1

19e289375f134b6817ad1f3511f0045be5c2847f
SHA256

081775bb6938bfce095cabec132a8af785b943921bbb1722374554844c6082e4
SHA512

4a39933cd0c91b0425b03e427af672597e5ffa3dd87a46844d5f193a5e7da9d113dd51a0eb25e1839b51bbe62803684c33be1189215225995a0cb1dbcc8cf03d
SSDEEP

3072:+FiSF3D2UP13G4k5QhLpOatV74pXxis/fNbYaaLStRBcxWUu/v66sbsGon4G59ti:qL73G4k5QhL8atVDWfNbYaaLStRmxWUN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
1588	msedge.exe
1588	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1816	1588	msedge.exe	84
PID 1588 wrote to memory of 1816	1588	msedge.exe	84
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4600	1588	msedge.exe	85
PID 1588 wrote to memory of 4752	1588	msedge.exe	86
PID 1588 wrote to memory of 4752	1588	msedge.exe	86
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87
PID 1588 wrote to memory of 472	1588	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c7e4bb128225f41ff7bc266a43e39db_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12609709197584837984,16727310170920715511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7bc291a4859b0ee1d6b2791b231f1760

SHA1
32d2446aebe9333f44f74c3c127163bf40bd2fcd

SHA256
2bdc9425db0c9294e424855d0eada3ecded2179b5d034deb3151b3d114d72189

SHA512
f28544c528c4c7662ac3741ddc25faa664d40484b27d42bc5076af8100ebdef1a52c752e617fe2f99ea1ff3dabf6ca79c5ebf07b9bfbb68973f55b1dea4266cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a28d320a899803880790fc178c6ada00

SHA1
6270e9c56ce7dc0f1d8ba3afbf9314fa971b2a51

SHA256
130f030f369f24100670e59b08f9251e352695be5c7dce1f56c0d5586effd815

SHA512
57f6db8fa6e033e66ca2ebf4d93c462bc2b3623e5c109854fd490076e85bcf67d9a7fe70b44defb883405b4e2ece0b73ac1e356bf7ed2eeaeaadd5572e18f1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d51657ad30e3dcf7a6aeb7c0f53ff8e5

SHA1
156909c106b7ec0a71e4cdc8e25663414486caf9

SHA256
e09f8f1fce44d188386bcba7d90ac6097255032e6494425472431026629d3582

SHA512
da5fe2a594ad008d9b74cc5aed470de724dc241ad1b5cfc0a1da60ce73e763110b48c522d9127758992d5eaba552494a58eed250bbf491bc7b527fb80640b6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b3b1da709f512761f43ef60d8e223a9e

SHA1
7b99262cf0e67346e2b22e17ff3dcfe66a5eb794

SHA256
d98b2bf7160f06781c3ab5155c09c0b290d26172173ebb5212281edbe895ea89

SHA512
f46f4fb104e6da27fe1e56d4813a362ce1a3b34cddf59a1f87b3f80edd58ed9ac3bb74fccf46d738128ad6568ef4b83422423bf39b68e6638ee4b34aa7e7b9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
081eb4d546d4da7313bac768d3e1956f

SHA1
30a3cac08d1e742836da62949358f9b0a1b8844c

SHA256
dd5fe9032eca5652db85ee657d2edbef04d006aa8cbec310973f02ed2a042c53

SHA512
170bbd1aaae0b31983ec4ee0da8fd0e54b794f1a3334fbce2fc9dce22d74aeaf109327d7198068dad75f52b85890d25da720a2d52c38ce6cab33cd827a9518eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7582dbbb08481a7053e5eeef2ef8ff9f

SHA1
42d64b0bd2729f6d6ad73d42a055ccfe7706982b

SHA256
cad4e92d9e00d32091e4c721c53e8c21aef77afc3054eda37e77b66467ce181b

SHA512
d3528de292675f0ec111af2156b3481caf36e442355b3c5cb6e815194993f0b6682093d7571a3e0ca2e02ed4b019e05c881ebd5cd0672efc50856a0eff2c5878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fb0d1a2b2c72040f4fd8f17b9062a0d6

SHA1
6b368de7b4714e5a666501bf9c68fd8755eec4a1

SHA256
4ccbbd3f587ae06916ca3cab47957b77eddfc36037228472f1d9b8cd4492d06a

SHA512
deaafd71bd19fe9e01feddda67eb814d4cf691d78737ea2ad5e665101f1cba6c50ebde68610e378374ba87b13e4cce3442ee415171742cf3f7fc41f839c63f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6b135e0273cacd2556d92e1d446a439

SHA1
44181cf05e8eb134c9f4a719d80c92f957dffddc

SHA256
de158809539a0f15020571a71cad2c4c49a2fae125ab52257411c6a16cfdcb76

SHA512
5a67dbf3f805bbfbc3f30cb2aba0ac90ebcb7ac86fe825fdf3be203748cc7c7a07662b096fde2cec53988c8481c62f03902f6e0e15fce289d00b5c2ed21fbb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea127429adfd1664c5477ebbf8192356

SHA1
9c755d1e7956013f1b19ab1c78505f4ae34b64fd

SHA256
939585bd8f34215dea8e4a8f60cc655564b372032127ce0644630913995db75b

SHA512
5ab9ed4f4cdba85d931c8da58775b6c4c6bed974373c170b58ebd07a8a561b6160d8ee9abf705f43acdee1930370d4e2f6fd1021d276cb00750c3cca667ba899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
f8793f5a51bf1dc480f2a41f15e5e027

SHA1
357a39de00182e02795d479540df44fd65893972

SHA256
8f105a90e74e4e642459d616f6c481a040a260fec3b7a95e7608b62a8bb02ccd

SHA512
8842e7c307a34d57d6979f2765ca5df2c5f56e7443cfb2cd7f8740b160e788051449a74ca0612567955c0a1ba3c822f15fccaa6ad4ae3339f598c3fed6005aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce0e.TMP

Filesize
370B

MD5
cbd78f86fbf5a6cefa266077a0019a64

SHA1
c55d2f1e8ac0f54c8c295e9a4b3f7ed7667848b4

SHA256
b04e5a98729b645438ec603789676e4c9ed02f26b0f6d1061f7870312f6e5ef2

SHA512
d8102c03403db7115de4466b84dbe62a7f28d70154c4fce86fd6851731360643b6881fa8bbd72a5cc97cb161fc4a754dc585be679523d5a686722b68f57d89b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d01d0e58b8166ffc3737c0d7455b13ef

SHA1
639fe3fe31603cab1c8835637d08335a68ffe40a

SHA256
adbb1d1780a72bad43bdcd37e0eb1f652d7451eb10cd2b9199c1d5494e89109e

SHA512
cef6bbec7df8f9154228f1975d1a8762287f0f298a219a8c2cab753a0c60de25afad621f76b2738144b3ad10c762d9c0631860379a67ba80cce18d92c40da7a6

Download Submit