472a7ea6b71f718d10ae55b813f17c8d0ecc39f3684fd82c48c100a90da84410

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 12:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e212e886d5c83d9014ef0d994305ae1_JaffaCakes118.html
Size

175KB
MD5

8e212e886d5c83d9014ef0d994305ae1
SHA1

fd068dd950e780fb4bb282308ecb7698c2de2fac
SHA256

472a7ea6b71f718d10ae55b813f17c8d0ecc39f3684fd82c48c100a90da84410
SHA512

e6444466692c99b2a9efedfdfa290ddd12fa6a1b4f3a7e3dcbc4f8a254f732f7f950304699e280ad74656505c8502b3232b32ff6e954ec9a40440b6970a0f959
SSDEEP

3072:MF1Sc3z2UP13G4k5QhLpOatV1Qw6qjZe/fNbYaaLStRbG3CcxWUu/v66sbsGon4f:YkK3G4k5QhL8atVrmfNbYaaLStRb6xWw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
4728	msedge.exe
4728	msedge.exe
4916	identity_helper.exe
4916	identity_helper.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 3416	4728	msedge.exe	81
PID 4728 wrote to memory of 3416	4728	msedge.exe	81
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3552	4728	msedge.exe	82
PID 4728 wrote to memory of 3624	4728	msedge.exe	83
PID 4728 wrote to memory of 3624	4728	msedge.exe	83
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84
PID 4728 wrote to memory of 2312	4728	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8e212e886d5c83d9014ef0d994305ae1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa682d46f8,0x7ffa682d4708,0x7ffa682d4718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4625432272852599131,15372424838847747164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d956b6481cbcb2afe25e4af8b7382448

SHA1
03cbf3afe3c8b7d3ca2af319b25e3599790f0f61

SHA256
08b2071a40b703f766ad45fb5e7c1dc12572ef09f95ae2565fcf30eea9a9ccf1

SHA512
88bf32c2639a3d06db9fa38dee3a747f9f6ff2396d0bfe96da771b13d44f0b9099464f583017b88b68addc4be0c942682071533feffc7546b3010698b2235123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e3e1a405050f2d9ac47bc5ea8542a142

SHA1
6d6e2c381382496e4d95d9da9cc3e447edd266c8

SHA256
b203266bc9183f685d324752b8dc8b0709d91df7e97fd47aa499180aa4da70c3

SHA512
09dbb46380a34de8db9fff1eb2308d5827553ca3ddead2f97a42f1375eb242f91a356825062c6ddb0d41fe0fc13410ca16418968edfcfd032000fc20dc1c4484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cfc6b1e5f26fc548ed89cea6421bfb79

SHA1
e708a60067c75f5cbd5cae16f661ae8f6562b12b

SHA256
c8618251af14ca4fb29ec89c2b74faa061ac935455db644cac6892d29d51bb10

SHA512
6c978fe45b03d834f30d2aaf1b66d5ca5ab0940bc6317ef354fbfa0c5a4e11f547560e8315f38fcea6a2c8859abf87b51d6ca145989b6913d531085a71856f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f47877c8fcd1faa9972e8f07f0cea5ca

SHA1
120c29172ea6583ae6ac4308fa83abfb964bdd98

SHA256
27114e6e678b4aa16cd3486ada9af0219ffa098c9f1bc9b58456b45867650200

SHA512
57a96a3da135eddb2a1363872de383a9038f735cfd523ce0169e103ef154193179f000e4796dfe7ec2cf53501fa91cdc43aadce1108ce3b97f22a3cf72642218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e7fe30cafa0f8829ad6a2046c33516c

SHA1
fb3648a39fc4a8638604130265bdb68abb6d39ba

SHA256
cfe57629b6c5f5b5724337d1e18fc4f83dd169c566b26cdcc79c4b74fbf27a80

SHA512
613a6b5e68edaee8b3a2248131ae1a78110194c74cb2326592ceee1b52d3ef312b5a3d65d7bd48a5eef3c050fd844300e647d923397db41e9e171c9522480979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3be2ae7589f3b865f626ae9ed77b6a1

SHA1
443f7a427b6d60db6b7a1853c88317f4f5d0a826

SHA256
a5162552ecdfc94598c5108dcbb733bf1ced182dc4b5a3c342563a3e25c289f1

SHA512
de5bb4858973cfe118166ad7d1655095bf3af5670bf60dc51a0603a181f40d3cbf3af42fe5e5d8474c6f2fbd8ab937e15f6236b9c7fbad19c629c0da56d7721f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0af08a1504f460895bb554d4ee4641f2

SHA1
ef82f8480fb334616b097fa346883b3327467be9

SHA256
aa202b74eba37f4565abbbe15274e59ce2bead1da316663125b2f0ec832b4226

SHA512
2062be4cfb96019be77bc8ba81a09bf8e37db0079a8d0afb8e1703d9b891a2c1f539ffeccae8d3ae97718063ac482512f6ea04231cca7d0a92b0c38e78c22414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c4b1d28e5f9f513ac831be0f8bcb01f

SHA1
e9bcb7986552027ab11f2b950bd43b4c1254d0b2

SHA256
5a3c445cfc12ef18e3c258de2f3c7c4b8f1b0813c790b57be441af405f75e9cd

SHA512
3645d017759577e7d3f4dbbecec326cf5024f90f94cffd25d272ebba42a913133e1bab051cb1f689f77960455ef0db7bc68879c9b1aab8ac98a9e48f541272f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1109a28ae9ce2fc86388e499e5d74922

SHA1
b26f75e9e7d2aef284fcf2d11705eed8a6148958

SHA256
6e261f5135ca3dd5248a1fcb3503a8c10007222d1552aab3dce57c217f34d9f4

SHA512
843dde69dd7e1812b39153644f3dcce756208db763e59bfca9e2a2bd3d9d0740cce90b7540e6211dd4d6dd81d5b2a552a3f8ee6d1922f50ee2f65dd3c5156acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ebcaffdb3517ad2d4ff9fb4cdae50671

SHA1
1e07c9981c2c7af8babdb81447d2b322387ce050

SHA256
b79e3e8414e4dc19cee60773033d3763565289162c2b82f83ddb3bb0ccae0cfd

SHA512
2c02bb6072001b78ea7b1d930264d063fddc031c9701bc4e614d70caa95841b5065ada131820274e2d609b7de3e6c322946772f9dc0d2388a8d41ff81dc99f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589016.TMP

Filesize
370B

MD5
21dc580cbf41e0cf54a1ca991351b352

SHA1
f25d2b5449396f49cbba68d19358428dfc1b48d9

SHA256
2b6123248b4470f2e307da8e2e002bc80e1eea7e15d68d06e13a6027dc13d07a

SHA512
33753dc96b776bb0eb3e1fc86bfcdc5fac6fa7227d644f05f8befa98ee4c7c1e7400f7973244852f4d200e968298db1776b5830a71641492d77345d329bc15a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13e86915f7fceb353ab663fa9de53025

SHA1
094a0c2de1b4594e9ef8703c10d1236741985034

SHA256
fac456059c2f58e45a869c26bc4487d899999adce77d74f5d80e69594255df9b

SHA512
68fbaef20121a1241f5e5c80e273ff66768848df766bdd900583546e76cc8f7b84b773de360b8c878ee0078f1a31f06f2e444f9b884f58a9744d34e3fd7e41e6

Download Submit