09d605d38ba5ddd3b0f765654816296a03b6debb7378db03d97dd1c9168b4927

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71d55b818adb01ca47febbcbf5ea2bc4_JaffaCakes118.html
Size

184KB
MD5

71d55b818adb01ca47febbcbf5ea2bc4
SHA1

f376024a4c240a4266e3bf4eda4d6b47f522c84c
SHA256

09d605d38ba5ddd3b0f765654816296a03b6debb7378db03d97dd1c9168b4927
SHA512

b8aa9e3e63ba1ef5843efb8ef3481d34382f705821e45440c085ff906281d0ec6d5d9a547df9a8c2acfa38525396975fe70f968723439c6bdb1b39fc3dc1479c
SSDEEP

3072:a9F6GeH/ToeqbIrqbI5XU13G4k5QhLpOatVhpDvDik2Q5MIsuQyf5bTM+MdBXpKV:ab+HcIIIs3G4k5QhL8atVTiVQ5MIsuQ0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
5084	msedge.exe
5084	msedge.exe
1684	identity_helper.exe
1684	identity_helper.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 2644	5084	msedge.exe	81
PID 5084 wrote to memory of 2644	5084	msedge.exe	81
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 1136	5084	msedge.exe	82
PID 5084 wrote to memory of 4128	5084	msedge.exe	83
PID 5084 wrote to memory of 4128	5084	msedge.exe	83
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84
PID 5084 wrote to memory of 5032	5084	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\71d55b818adb01ca47febbcbf5ea2bc4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a746f8,0x7ff8c0a74708,0x7ff8c0a74718
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2888 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9511471268786893707,13230334267826465277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a384aef4ca746726d0b079a53485b3a3

SHA1
0799cddbf05d091dfc0d1eb6e20068ffc95e6bf1

SHA256
7b4dedadea5d4c885bf063c99da4f370d2e5b461d9b97f06c9f189f26de1cc91

SHA512
77e84ce407dabcf5c4e825e44bb21cca8ae1ac83716e338de84505345550d774b5dd46759ea4dbe4dbb9443b5e6baf9536fc4b1c218def3ba4cfefee8a936f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
35bb62fcff4838b75faef068af0dadf3

SHA1
4f8a9ea7085fc4f491dc93ecb96a05f9c6df54d6

SHA256
e918a8600c088ed734a560af5f94356e2161af660fb43050400662fa09b8510e

SHA512
dc059ca5ac015773591d79d10507bd6bfd65740a434c16f03fa56a16bfe325ab9a7384dbb41e54b95f968d1fbc4c55af97b4dffcd1d51f1f61d4aae19960066b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6cd179e62d77b308d785489a7ac1110b

SHA1
c1db9012abbd3d006a7e5914ca660c1f066d1b61

SHA256
21c36e195f80522359a86e3f28c448eb38d446fdc976ba03c1a7a0b6feec2367

SHA512
f18505f8802127ecc0a8785d5895bb5000b09fa72dd33d4966f18d9efeaf1c9ae919f11d6d713fa83e93701aa057fceda2f88b4d817df767fed8b8a874218d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ae3d734adbdf567dc5dfa96ea84efe04

SHA1
43d6f6cbb890024f2c87357d27f275531d7fe4c3

SHA256
e6266d51e8ef19927392d1be1d8438639e37f9ae9f29a0c8ba1bec5932d7c8e3

SHA512
ba8235b310b1d59d286c97078424e6e544b5d5c4ffaeada52da7b3d8b938e8cfc9e86e11cb4759f3171542cec61c99f77a4489b55be752546cf5cd86780b4941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
596722dfedf038b7a33705688ba2d687

SHA1
94bc5a9efdb5fc24104395a371ce0de99e27d34f

SHA256
8969ede061cabad53d81ba2a1c011fbd4ec5aeab3e1011f26ccc3f1d5bbc5d56

SHA512
a12c402621ecc9334a2bca65340f919ab04a537292d31665161833ced2e95c08ae35fd954451217bfb04aea51b4ab8f446335c15618be772975c6b28633ff176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f7effda583d332572b019d3ea782683

SHA1
c5fcce8cc62533e1dcf2111a975f0e8bf2610771

SHA256
2f292235d59b8f15a78a015b38341c7575705643a0143fc86b3e2bb9d0de827d

SHA512
7303311d2581de90d8748d3916de570f7980f76e9bac4f8669596a04e3f056e464f68484f38fd5b01bb6806a807f4addbc4d1a2df111b1b87570462afe83f1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a76411b51d2865d7090aafba5eb54dde

SHA1
61dd7f4a4651e769bca621afe21ea705ea02c716

SHA256
2852a33ae5d1b5f4cccad6b7354d9b68621ba85d1609758c9ea89ee0bf573a9c

SHA512
614a588b54461a8615cf5bbe547c343d7d856e06cf07a30dacfe621fcd849d766fc796e8850752e01ce8cc6020c451402c61f05e5b24c4caec6cfa0d1d888582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
efab89ba8977d7280e9b6c5701f3d7e8

SHA1
796d325a2a86f7cbb7655e89a5aceae2c72dd66a

SHA256
b9b73125a036aa58de512000e4193a06cedd62a2c88da0a1bef1f401c76e3ee7

SHA512
14bf730e0acbed11282a4dad7d096446b4ee6aedeb9b680f6dee5d626047425b72b74960b47e8468905e05c8cbcd14f056f8cab1462f23ecec9cebd7e73b34f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
890bcc27e4417b22e78fc062c2dd8832

SHA1
9e8d40207591190c9783aa9be58032bb9f099d21

SHA256
5b2fced54aa529ddf672282c11e9e3e3f3132f0ec4a452ce0f341eab8cef485f

SHA512
b7ac483d441f0fb58db3606097f00a8929c31202409989f6961268605c5febde5e8879ec896f440277992ef76a4771796f864fbf7988ed5cbc6c5a6bb17095c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
069b1307451fc7d3971d48e9154a2234

SHA1
a5c6bf5d124e90a151901e0bf2a49c00f3407382

SHA256
61a52cdd69d1c6f7c8917c91068e4351f976714e6dcca3e2ac53ccfb24625e41

SHA512
b209f4c7be6c107d4d4949b1c9947a0ea3d4ef3017c5666f56fb17a7a4715c1e553d6dc1be607cca9098db12524da09eceb78a5c648c4b23d9aca69e8a65505a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b3fe.TMP

Filesize
370B

MD5
3693fcf13b06fa1491ee60cf0316962d

SHA1
ab99531b1a87d3ab8ebf86491ce9ab205690f87a

SHA256
6fe7e1b7b4ed92916277c8624293b00697c88fade119af7197481df6ebce66be

SHA512
b0282f8b5270637f1188fe04930c040bc943a8063d1c87b9f0de24c2cd9c48472192935ae4105646ff2fe561e3943f201642ec4d2fa64ff8cde1bee7faa9eb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
81ce28d70c32db64dad8964bc2dad6df

SHA1
13e3fdedc80de60bb7ed814d3f6f0ad8a9295bac

SHA256
64254f030a0d6967a60b7b0de4c2b1c8e4e33a13b20b1eba500f7804f9791315

SHA512
f1f55aa287a01d685ae40c342efaf3e0160a0dc0d9aa5c384de6b854e6c53ff143a25bcefa040b7fb64a50525bd3629ba6c94734e374d72ae8015db98d025e76

Download Submit