a8bf5093b4e6c4713c95685a8d3f1760c57fc92dd7a75ffcc3e676415a52a823

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

509f800af6f5e52c79fa44504ee05b32_JaffaCakes118.html
Size

265KB
MD5

509f800af6f5e52c79fa44504ee05b32
SHA1

760f0e33da061cd8b822e8bd6730d3bafc8758d4
SHA256

a8bf5093b4e6c4713c95685a8d3f1760c57fc92dd7a75ffcc3e676415a52a823
SHA512

4c32bdccd8a6f634c1838421b5b08dabecf366ebc241bd0c36155a323be8a12856883dd9fa103984f8978253e263d52a90ca47ecaed539577e7e21bb7e68f420
SSDEEP

3072:b+Y2MYJ6rHfgaToXdYKOKmXqGZCzEY9tPwYm0owPUVU0FbN/tBs:bBoaTo2Igbs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
3576	msedge.exe
3576	msedge.exe
4980	identity_helper.exe
4980	identity_helper.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 4724	3576	msedge.exe	83
PID 3576 wrote to memory of 4724	3576	msedge.exe	83
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 4068	3576	msedge.exe	84
PID 3576 wrote to memory of 2980	3576	msedge.exe	85
PID 3576 wrote to memory of 2980	3576	msedge.exe	85
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86
PID 3576 wrote to memory of 436	3576	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\509f800af6f5e52c79fa44504ee05b32_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8030d46f8,0x7ff8030d4708,0x7ff8030d4718
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10416011120010203898,11188044784365462810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4dee2b7bfb443df3ee3e70e3bf2a2361

SHA1
fdd7adfc7b84de6a812d0f5153cbfa250873b987

SHA256
0f8c994d9ad7e56b4c981d4c4d3b40ff4d1f636f258dbfa7180f9c7c15d02324

SHA512
029ead8d684cd92869ddd08289b10d1dc3f5ac9e0e185bf24eabce339acf40dec59fa28d989762ac9141c8c98468d7ff8517e326db15bad246b9786e456d61c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0b74f7c9007c855ffcc6e98a20b8ce96

SHA1
e5c6797602c116924d58e1ad73dc4314c7d91fe5

SHA256
f7525603484e1a72b91411183636cf7dabe6c5218a7c017bbf78b0d19148ec50

SHA512
ea389ac2c097c3fcdfb61521057403128be8e5b2bef6f6ff9adc4801d0ae5a58184b31318d9b48356641e6525f840541d846c4cf566ec3fcd476cc9c26692314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7ce1a434c1df3d34f52e68753c91f45b

SHA1
bf6717164dd57c3d54bdca9749c446772c6350bf

SHA256
85ae84a436c35a41c6d37d6e9de6ab7e582980673baf97f1339f27fae7e52893

SHA512
6098aea2bc797700b5a676003b903a1afc48ebc9454763d6121d9252c18692e3d92e4dd006ca935a69f9f16a070f8763bc9e354f9e4cd30a0b56905d35779a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b365982af93ce7b2087c9a99d8853b03

SHA1
47be6b04b56d4dcdb71f0bdc41fac276a440bf28

SHA256
b334bedcea652e79c5a075758c81e29224cc04691c1f0a4d4cad8ab09065724f

SHA512
964c96f9536783e39640fef185ed38b9401aee1b868e8555adaa521c39f5c4c7433c588c9f472b2bdf008f7ad083a7900f0d828b0be6324c5991f1b24ae3a819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
315b8d5c6cf1a4d1889b66ef422d6f4f

SHA1
d440689c27dc1051c25b78dfaa6ebbd286414849

SHA256
fcdc55e4210c8b0ee61c4082b68ee4c6a7a625b8d0150c1cd6016bff302aab82

SHA512
10706f153062b87f7b1a57ffa953b929582978ac8ed7e87c40c1459a7d293e550c11dae9033dfbbc54ec0782ff3726895d2a041d19f94be3e3e0fa4417b29e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61acfb03a1f5b4b1255a1a7871eba49a

SHA1
da07d0b6a3adc1b7c1f49cdfaa19f3c3dec575a3

SHA256
f4e0ca75b4b02635d55d66660d5164d63d2cc0b2445fa137fdd3a4fc9e7fcdf1

SHA512
f428911f36601bd626466e137d8c712f07602c8eba2de71b592a6ea8caa53d7709fbac88a5384847a2eccb2466677a6a6c209abb0544980ce466e9926335a23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee4f88be8175424479de2376c2686cff

SHA1
c8d1780f2a60864ce6af6da693af4f2bd0f707f3

SHA256
2dd6d1846f2ab47a89ec9ef1824981f34c78df30975f3337f35f7c54e6db2f63

SHA512
29e8d9a913d8af75ac0b6c49cd975d33cc163455e455b00d415e963dd28bc5cff42d39f39c8453b3d33cd335207be4059c80e9c47ba1650dabe54b31f6c3b2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9531fbf078e587626891bafe711a8b02

SHA1
404777e17128e361547e76dd94922aa1089f22b4

SHA256
1f7803d108f3c5d817f52a2d5d33056577605f2412814b19003fafdb75053bbe

SHA512
1bc50f51509326c07ef6b7ead990deb13db1a92d44a4390faff1f9899949b592af6b6d0f05bb7973355567ac5b7445fde33f9e599497aa0b666b0b8d7b24283f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
8f2bdb6e7f8d3faf6b49373d63efc4ea

SHA1
47da9b55d550e34133fe826d5cbd2b7cd42592d1

SHA256
38016c4bcf99f92fd49215e6b4ba38d2a3c9637af68c44f73392f2f241255fab

SHA512
df642bfc60402c8538b1b7c053b4dd5913f00fdbcb225b4f212960bceb5207d73b48ab5490a3a01cd656054165bd46bac8b331b1c9468088d73148b568681384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c1a5.TMP

Filesize
370B

MD5
0047b76f76f5a5aff9a1a5a97044d56a

SHA1
495e2f2d46225aa6697007275580db89923e0aa4

SHA256
9788003719d368d1660f106fe45ccad5d3383c9ffed752f51643d816796afb00

SHA512
5a7a361cd389cba52f88972f831cd9d37e07e9ed02eddb5d3165020454c225136c2ab36b2d88e739e7213ab0cffa80f5da1209154122f0d9a094b6b4c1b9c35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0198812-84b5-4453-997c-17e3a1d05566.tmp

Filesize
7KB

MD5
f2339bdf6fdf3de46ceb7741398b9631

SHA1
23917881de8998ae3e012e39fb39c9008ba971ef

SHA256
2380dea8c31d3f9f7b51195478ffc0d67f270c860ba151389bd2845b099db18b

SHA512
c820e6e705c6f4fe615b289078729c007e6df0a652c3a0e72bd6cd78d19e721e1389fc35ad81aee905032b929852c35efcfbd122fa839d4fa5c60cec4f7ebffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a13667400dd665c10a8d3902e149222

SHA1
78acdcf3820744d2d89cf665d34ac2f73cc5748c

SHA256
e09dc69646b2f2b49a835365a8349578eb37627fd6be48f153549fe950be48c8

SHA512
92bf67525b85368b8da5ae52395b6bad7ca36d9ad3df3b2b2a3b971c6dc325f88ef07e9911d2da2efa77e5762b98d3683f81fefd247483d9643f3ce7d91846ce

Download Submit