58a1b56da3e6cf9667a81730994866e431ced416a4f8fbcfdc713df27e3f8e97

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 16:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5fff69ce7fbcf6a692bbd40328cceab7_JaffaCakes118.html
Size

78KB
MD5

5fff69ce7fbcf6a692bbd40328cceab7
SHA1

b9575ca395f0a5bff9b65ecf794b15f40d7d65e1
SHA256

58a1b56da3e6cf9667a81730994866e431ced416a4f8fbcfdc713df27e3f8e97
SHA512

d95a72956e9b41a386546d46becc22edc4e2b3ebedc374b178c998bb0730c6899057664d94ab14046ad9c27313cfbbf9c307f0e10e725e7afc7f3a0a7191e5cd
SSDEEP

1536:1UaY1Kefg/+1dteyOMsbhY3MS/hBuq1FBEhWrFoziZFYSdvvQwZ4RjVUDDxZt5Vl:cRg/+1dteybduq1iWB4iZFYSRvQItrAe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
2656	msedge.exe
2656	msedge.exe
2728	identity_helper.exe
2728	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 4848	2656	msedge.exe	83
PID 2656 wrote to memory of 4848	2656	msedge.exe	83
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 2912	2656	msedge.exe	84
PID 2656 wrote to memory of 4100	2656	msedge.exe	85
PID 2656 wrote to memory of 4100	2656	msedge.exe	85
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86
PID 2656 wrote to memory of 4884	2656	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5fff69ce7fbcf6a692bbd40328cceab7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968ca46f8,0x7ff968ca4708,0x7ff968ca4718
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2362884465530725486,1356391710169732540,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
6fd8a194ddd9a0b0d4cbad4300a39ddd

SHA1
d072520f43e7b206bd02cccd909a3bbd999eb672

SHA256
ff7e753282f93aa00641984b48e843654b5939840499f8a3ee45937c2a6ffaf2

SHA512
490a807ffcf4832c97640413f91d6f1a47808e257cfd5d90786804d1b3164772544d734e391f2ce17000c905898a791d366d6ee692f711324dee02d57c89c707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
7207e91f80e00cbf43739c8959b883d9

SHA1
3287a52c0ad4dee19852923da0de02e6d16dfa1f

SHA256
d1ecb166c5e84f908b846188b60bf0c041f0826958c2c6f62ca108b77cc874f1

SHA512
bc1959d4d9a15b32461a13af205d77b09f938924aba1b16657962cd0bc0171b3b73ffe7301dd9ad9177e84497e8fa8645ab6acc9c44f51a59678500b9eba5dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
7ec3c26525864397d0ef1564360e4bab

SHA1
6dba972dd8b8ca5dd478227cdf7de6bd1d7dc3a5

SHA256
9c15ee1fa3a99392fefbc78768ed648aebb65a6c60c7e7a4e94fd17d25b67c29

SHA512
03bde5772dad546e1a78c82c24734adee98b0903232534ab5007f81b2ebdddbc155541b5b5d1e0280dcb7b6f04ee63a0627c84c4a9c8e93106862dfbf180b223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
58ad0772671dd005af5035b24caffe1d

SHA1
a2acf232d96c61265e00934037d3b401ad1dbdd1

SHA256
8de59b3b8b03318696f2a5f05e71df39e7e43a594283d5c41cec0144aa9736a4

SHA512
dab4b2dfa2c751d51d3496004710e51e0aca971c30a929e2538f6c8dce5d14a79449ba5a2053c906499eb7b7f791b0d351d7a7fb11502a3e75fbfc64b8ad5926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fbc7bb78b88cfa6ff020580926e4dff4

SHA1
b2ceeac57c49927f3285ec94de5809d2e3ef9081

SHA256
3ba8a1dc7a49d299c5727fd03d7bb9ed648c60c163236de78f4fe9b146b9d381

SHA512
68452cb1bbe644fb771a9a95d807a9dd9f7e3f98cfea0db1ce2ede1d80941aaa162bb41212389e09ea54eac6507ae7a7f9bc2d088a13599838441a561ea659c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc5b8684cd37a497946484bf4460848b

SHA1
fb1362ffb3e703d87050f91a177c0075f9ec6f8e

SHA256
797d6dd56cb345977329d638e865d03d0a91bd897c97a62730fd63fcf7dcefcb

SHA512
a54beeec7eebc8e2f1e810715d4d320e162dc2086a7bfa4f4dfcc1c0ad02521a87ec95ed021e5de942d4c26aeba05851d6d6f1d3990201be1c637bbdb1adc64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7d490200751e77720f9fa5c808460cbd

SHA1
4424ec3b33f97455ddb05b37f846ce5a840d999e

SHA256
f6951ae561724f6f3451b3b5666353bf609aa2d274c17943f1eb3e0c53bb49ad

SHA512
a5390cbe79076e286bbcb64e8e332f060f2ab640849206847351317647092633ee10bcbd05bf2de4d4009f398f1ed3d20583334d3fa6f4aeff85ed95abc38fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2ef3f01a6ad71f5176b25cfe6f2088b

SHA1
a1f099ae6e49670a21b16e31f2b2ba1e2bd2a003

SHA256
2447e67080e4088984ac80b7d2b349431a96196c5a7456c155660ea0c57ec27b

SHA512
2ec772e2bc7dd51e5b677bf56573940bffc8bcfadf717aee14eb3bfa3608f23c9de2b4a14f83145fe56ebba2f7f0fb48b254a8b86e672a9569b1e791a81c2f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae3691c19925dd09f6bc60a38998c008

SHA1
ef34f4f1d3a88d098baf49fff72d9afac7417b1f

SHA256
97a6f219f4f6789523b0aad7ce1bbbb6488ed9c532825f30d222afaaefe7ab22

SHA512
9779d4a7504a7ee6e07d423b649abcdf29e1735aec42ae2a2620459c197e0d171976c2c1ee94c83a9c230cf39876d974b892547bf83620915359afddf381e3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2772f8b32192ea9e35e0fead7b874358

SHA1
879cecb8e922d97eb511e2515e00e3a7f110ca9b

SHA256
278d8b5f38ff6cb9e8c30cc0f599880a164fcc12d612f7fa0e1a702e05ddc96d

SHA512
2070b19e2264bc570ec5f0f58d489df05c1f45d69bf134c076ce4317971fe9c46c2aa0cf2375c1ab659cc738d3d83e6a478a6fcbbba66e42813cdb7b8a6fa27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ac9e5439b8b686ff33386b27e04dffac

SHA1
e6c1de60d18b3f59f0a6cd53e181cc4ff3d37ee0

SHA256
c82539180466a313263e838b43c56f03441e9df825ffc7cb4a6121ddbaa995e6

SHA512
7e5121f5594fc1e21a601851f96479b0518c482e8c0f8f38a8fe600fb90afa65110430194aed1e56f1a00cf3d577c6f824162093bdc024bb097da6dce3f7a7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c488.TMP

Filesize
539B

MD5
2c5ea32c7b83b7c72541e9d9173c74aa

SHA1
cf414f50d810b01278f5bbf0ca82945b697cf011

SHA256
1b0f7f8736903a42d1c743dd1b366ad7edca99776b2667190682a221186471a9

SHA512
95f862bbde97e93eef2de9c088457a2b9d14f320d65dcc879d08543b71e531660bc4d9cdfae2df795c3e5513aca447a44f2999fe947a4e4b6a1107c90156597d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b612e6e2-2598-4fd9-8ceb-fedb39130e52.tmp

Filesize
706B

MD5
d45a452208d33287d1f52cd6ccf0a42e

SHA1
ca890d3439fc2afc3ed47eff226760595fea7e4b

SHA256
ea399f4dd5cfda09f39ac8a3dbd0a5c4b04e0a44c2734b3c131f4854935396b0

SHA512
65f69b5150f59fbebdecbcce215f9f90c0f6a0f3312a53c627baf6a7c31610fec64869d3cd5152bfba8e1634304670abe211a3d91bc7e51a97091ed499a36e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a03888c3d6559451f7a6bc41e487f77a

SHA1
fa596ad69e874005c3051a9f34ae2354521bb4b7

SHA256
30e591345e6ccbc80b81693f95602c2bb7eece842b84b4d2aac26b8ed345d6f7

SHA512
ef6090f5cc847d182e01d2668ff2adc773b2245e75ecb45d78c1c8c38998e475160f04be729b5524e9ab259205d0ad6674d02ce9a9b6fa3f22e9a6d94ecf4429

Download Submit