a7e5c1d23bf4919693bb417b18374e348f204fea02d23e78edc821b6456c84ac

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91240d4206eeadc5f79dc67bd10459c3_JaffaCakes118.html
Size

180KB
MD5

91240d4206eeadc5f79dc67bd10459c3
SHA1

eae4b3fdff16c14fe336810413f7a70015a0834f
SHA256

a7e5c1d23bf4919693bb417b18374e348f204fea02d23e78edc821b6456c84ac
SHA512

5d8f96c2b6e7ab99838c4c680167caf4f60cbff28639dcc00af06c38c4fc0782ec3b3f26067721ea8c3e06a2890e090c57b4e5457c62393bf913b083419787b3
SSDEEP

3072:tm/MpsSKHDPikfYRt6QQBAW9bKB+d5V0pH/A1BApCIBwxGxobsOe/W2q/mXexZgB:H/pBt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
4640	msedge.exe
4640	msedge.exe
2376	identity_helper.exe
2376	identity_helper.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 2604	4640	msedge.exe	83
PID 4640 wrote to memory of 2604	4640	msedge.exe	83
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 440	4640	msedge.exe	84
PID 4640 wrote to memory of 3016	4640	msedge.exe	85
PID 4640 wrote to memory of 3016	4640	msedge.exe	85
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86
PID 4640 wrote to memory of 3288	4640	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91240d4206eeadc5f79dc67bd10459c3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe24a846f8,0x7ffe24a84708,0x7ffe24a84718
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3854710765023988001,9513099532864406126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\055673c4-4410-4f14-80d6-8c0d85db59c1.tmp

Filesize
5KB

MD5
9f6f129f6a37d52a6a2faff65ec7172b

SHA1
a8b283078d61aad14f7f4bfdbb98c61a5900950f

SHA256
70b201f12dc9cee7e01442adcbab7593a686400aa5fa85e9857fcf74a2c41768

SHA512
16962a9ebcf47cb407c0c65de90a596ad8226ed767e97c87b344d796d5ab98c3e809c419c593631bd08501d01d004208de19cb49c83c93eae1a88305a6f4230b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
108KB

MD5
5bb6fbaf0c60d8484054db863ddace24

SHA1
9f2a1ea4f12ad8597a87ffbcac09ca169af93189

SHA256
f52acb3f9a347bfe5cdc32bb2512e2fa49e6609c99b4646e002d487012203a55

SHA512
ab2c63d85ed6dbebdb494762eb40e8f8bcd782e7b7061e2be4c84ce6ff14a4bfdac938148e0c4ed92f2e79e667128c1b1d5325becb562baca9776da02f037a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
653ac02c2c7f3618d7ab9a2426822a5c

SHA1
5eab524aac5ba465fbc351a6612d454fe751c6ea

SHA256
27f489c4da128fa39783335a3b322627e81d898c05d1871b29bf320a0c4ad6c5

SHA512
1cb276cac1c5ef48d6e5b5fe62dfe02d9af1f9b8f460597323df08f61c08638ae877039d065f0dfc61d3b02df69610dce1076a5fbea6a6e943fa7ea615b09485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
54e12146b2c019c7e625dcbcb0dd106c

SHA1
ce01c07a500fa618e38ed6e53c78c962cf271e88

SHA256
1dd6f36bb73c1fd8807cf368b0818ecf0d509ae86b0ba8ed5b05b3ff92e2ba6d

SHA512
859c401858118adf99a8390c11e16bc3eba7287a2a962cf6ac29534d712423acae06bf08c5fdb60062c5a6b838c85da398e2c2d44ef028128337f647b1670919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
818dfef6341f0d04bd35fcd3ef174532

SHA1
d9cfd3d52351e70682d0d68838fa807c66959850

SHA256
1e932ecaf844d9e4df7363b5c1ff96c2dc548916685469dc9373313c023ee77b

SHA512
4ccee35a8917019166f015edce4c24af898824a879ee9359c5b02d696930f7312b25e68dee20a775d1cce6e0c28bfe289afa6ba043360a5c7f747fd66967ab0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
b5fe2468e5c284409e601ed78c87f45c

SHA1
84444b92b108bb81d93979a73e41c2c9544b1799

SHA256
c80e03df3970a84622905323bd487a547f6d36949ff7da230e841ad86e117970

SHA512
7c73d3036a7fb57d8a4e927dc9bb5741c81d688c934e2a810aaa67cec903da3654e0de1d8f3a1e17a3fa2e9307276e9418eb171d7c692e3c431ee4a2e74ebde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
09b0e38fe0324244782b1238facebb06

SHA1
bd2ed1ecf330da743145ce94584144fa4ec89622

SHA256
b6db6c72375f6f7178aa4af906d4c6f42f2813d8edc7a6588dcaa3e1b33a603f

SHA512
400e9d02aa6736bec3f7b2c6c81b8b8244df1e1a87ebc5cee27510ff0b678bfb8556e4ffd896eba306a0dd942ccd231b5e1cec1f4f35d6e821c167df7f8b91c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
769187046a736b8e5789fb8b3436b964

SHA1
4d7d60d36bebae00c4597deb4875d0f051128615

SHA256
e74be74447eca9aa31160eb65234a99da5abf67d82ebf9a2cb6816a26b4c57f2

SHA512
8d772f04699bee4ce6dac66bb6149360644a54520a1068fc1de9a28d86ef25adc93f5fc06ff3ac06d8680478e80e4e5e1b5d4cc6fc3c0c5838ededd31a45d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0b4550862f85f2193051d08d97865aa6

SHA1
612b8d51b19d5c7c680586ce108cdca799bd32ca

SHA256
05708f3d257c82baa5dced9b79813072424ba541a2d0d74cba0f4c177ba3f86f

SHA512
f94de94d232be8d8bfba3b6f6c23fdf96695876c72ff63f4c256f5695dfb709bce2c3e5794f063f30bb8d2c001a012e87c2b3eec213409ecb6e973b1573407d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
697B

MD5
bac325f1ea5d870193c220fa60b81401

SHA1
f3719582c8fbaf610fee7a514fdc715c74da59fc

SHA256
cbf0b816dc743dfc80fce442a161fb76d52925104151a1d1867f46e5b5f4d07c

SHA512
1d756056d71ffc8b53e561527f91cded0042e9ac495e21e14e7300ee48568d3edaef6ae852d3d54552db70a830d2f35cd235146f0ec6862ca150725fdf77fd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
697B

MD5
8b314937e2094d8ba555f8bbf8e93f78

SHA1
3a2fe896f00209319405c644f261bfecd50218ca

SHA256
e4adb4912c05f5bbc2e5b8d690470ee7738a70f3cfc71874b98adf356a8299df

SHA512
8a8be12379dee44819fd9fe5eee3a8200828caf4d63c3d62670067f5041e2a1893bdc95efdbd48575413df6df1ba86483963cef95d419731bfe2557552b4199e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c96a.TMP

Filesize
367B

MD5
9de90c01c243df4476a2421a750542bc

SHA1
6f3375d7e28762fcf433610e69b55ed461bde767

SHA256
d5016f2b6a76739330df281e18188c90ad301afa2a060bc3a17e0aca91e4eb19

SHA512
42f65f0d39a1a726aa14b5eedc41e956b9336461a81dcc0800f18e3700ebd66096441b6b4c12a59b2e9c8e76e9405a9502bf8bc33e27ba88209b95a3f964fbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d03a7fe48883dedf1757ef3e7104c330

SHA1
ae8171ec629e65e572d41a47eebea3c76ac5f802

SHA256
5503e8e06206523125da607d19bb52045d8fe66aaafe6dc5445181405c3538d1

SHA512
61adf47658b326a5352537b4178addde3367f735285b23355d6234f59af676d41425b7c61a2608b9c35e53e38c58fa8287b558b6a4d36415c591f1bffd3e0d8b

Download Submit