a17f0a20956c4881b3353bb7ff0686288baea7eb0bea15c109f8f4552519ff86

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641984789296c71171718a579bba3f17_JaffaCakes118.html
Size

73KB
MD5

641984789296c71171718a579bba3f17
SHA1

b88c5d4c125fcf4ca38fd5944041ba668477cb5e
SHA256

a17f0a20956c4881b3353bb7ff0686288baea7eb0bea15c109f8f4552519ff86
SHA512

0b79e661f4e328cc9d99809cbe2707d63f2faa1ef8ca955c3c6e70e6cd178ae0e12e4a31f38b6ac047371300aa1c84a84978f6e7d8ef8d8abb16b2ea129e6478
SSDEEP

1536:s+nkADkA6ckABKQbZkAXhTcr0IPGNMxZPdJXxPTQakAr+SuvFS3wuBuMVL+LXBLk:rkADkAtkAIGZkARTcr0uGNMxZPdJXxPF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
2728	msedge.exe
2728	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 4680	2728	msedge.exe	83
PID 2728 wrote to memory of 4680	2728	msedge.exe	83
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 4204	2728	msedge.exe	84
PID 2728 wrote to memory of 952	2728	msedge.exe	85
PID 2728 wrote to memory of 952	2728	msedge.exe	85
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86
PID 2728 wrote to memory of 5020	2728	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\641984789296c71171718a579bba3f17_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10299712857001565398,1555875599517088043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
caef2a1c2c57a309cf2a804af9114c4c

SHA1
5f77d68e6bae59c09658554e3cf140455bfa066c

SHA256
e03bbd0839fbecc560cb86a058c6dc3b0febb061d6187d8a369005aa25384054

SHA512
2b00d5ba94e65d5ed40e1e0c12fef1354f7c53328d5008846971c78802895e4a98673d5da0cc73d2633e7992ac22392698ffd9adc947e4b3731db20e7ecb953f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d1617deea38e4f5ff585b3079f39490d

SHA1
056ee62e4cea2b263df7e5bcd450a76556abc2ad

SHA256
f309b3a4b3ec846c3a376d05aefa5aad7d1ac247347bd11a0f0e194f9a7aa9db

SHA512
2a3301a7bafd1ec0a9d044812684aae25af0229cbeaa27287c2a644e64b7abd63706481a40b67a4dcd979423be3e091b95cadba3d064ec77da9f83975eb7983c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5477e951470c8f607977c27cae793f42

SHA1
fbcd15f68e19d2a8a22f9de577dbbdc2b481772f

SHA256
a0e524064b9e060acb2187681abe9d9e753ad384427e50867a877f71db28cf41

SHA512
f7ce8ed77a79e09976dde5a0a4fc57aaf3bb29803679579f56d5e43ab344caa132c6fb0c5d8ad0108619eed63db5b5cb07e57b9d473e735d45c43405d26cca85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
91e4b082083abe0eb7a3d8a04b1b705a

SHA1
4130835d1224e5b3156d404e4e4f35661424e8a4

SHA256
19c3f04bedd94e3662a7b65bddd5368386ce2b20dbfc4990d37ed83cb772e7b1

SHA512
78cd3b33844f4c6ce396088a636ecd9097351d297a4475f19709335f86c1f171d6f646c5ada05d739d9cb22e9d4dd25816e90eeab1db83eb3ec09c996a538414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3501b9c1e6c589e486bc11572dad4e5a

SHA1
75050f05eb7375ce4a7e1acbf2cb8858abad7f2a

SHA256
9d3cf5bd6b7c666e0d8e36c4275cdc67e396d598859a0835af4582c1cd3997f1

SHA512
25f9d6b7e8928a357731901f1d13bc8b4d2c7edc860e24898afa6c0dbb7d74bb52fe9cdec0baa09e7bd5a3d3caa37c4e6d1206b52e2184637648a1f9886da53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0f8f3a086fe30ef51cf77693bc0172e5

SHA1
5098a0bba987f91e03416249c6a4e94666cd5da0

SHA256
680723e8376d1632d484d8e4c02eedc7716263ef93368f81cf6cd89856406531

SHA512
b6e1ffff50a8e3ca87794c6da7fa774d32b680cb2ff485cf209a7d55f09be190b029394fa0bec19e69bd7826c942dccfeebc7baaf500dfec558d9e515c520bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4233354b54a6680d46ed7e79c288a491

SHA1
a1b76e2e61674260ac3d6368eaf96fd281a43859

SHA256
5a04035ae7d0019efdd427b28cd79d382c0a13b3a2bb55ab387e4f1946e3d887

SHA512
1409c31e50933e4295ae87249be4a2599e1230ec08401a9d2bbd9e9a0061648bf0d2081a4b89dbe6571a212e3af043038e0f6d72ce522971dddaff608055d3f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea7f812c34b0cdd0cef7428592c5d361

SHA1
387bc03e1ae057996d0b4574ffa3e927ed692d24

SHA256
1a73472d00f2ee05ae53cc463e13482d7ed07ff560a540c31a2affdfea2335b0

SHA512
836b9eceb6f27d69d22ab7bd6cc2954c7a05b32817cf0cdf85910de2eedf743708dd74d6de4cf704b756e37b079d5aed92ad56d3ef90de02628edfdd8d612984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3629b3b0e43e86c6922a950801b1ccfb

SHA1
7d01bb465cc3c336e4478507c97c749c4bfade0b

SHA256
a887058fa3bcbc6c8938a730d7bb6690372bdc20a4c19f6bdfafc6aa259346aa

SHA512
cc705abd99bac3c22670f408a96f7ee839dd06c9d036a297d2d1a68f9e3a63ffa08bb46df2400e06e1a73074eaa3d6f1639d9542b0dad0bff7c3f55aae645a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c709.TMP

Filesize
204B

MD5
6945a93adf8c651670581de6d7fc1b6d

SHA1
ccf364ad2346384df76e71756a40ba68aafab312

SHA256
386cc5c1facb13a926f4b87f54f9c89275e436d52221afa006d358525a1e4d2b

SHA512
62696bfac2c10a37e790dc976f208fdc25f5c6a25703bc4399a01c4644b2d9b776a61979a0cdfd3edc7a7f4ea5320246e5e3144344385a0911695deafc08697f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a2a7d49f0421067208fae46538efd41

SHA1
2b3c2719f59a9a134729e67e6c528da94cc056ba

SHA256
c9115152b239075d0076301f2c7f38babe519a83494337decc583e178aabfedc

SHA512
f5415fd6207240c048341a776e8893681ce1d01f8e8c1ee5c5e74c61fdfc1c9bd7fe96de55083704a730739236854724d9900af6147596673835951837f27aae

Download Submit