4c355f6a68914121d0073605f51735a79e1eabf71bc15ca9040d5b584007726f

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adfab29a8f58fcbd6c40670de8d4b0b7_JaffaCakes118.html
Size

59KB
MD5

adfab29a8f58fcbd6c40670de8d4b0b7
SHA1

8aca29d1de83bf0125ccfa89cac45defd5590386
SHA256

4c355f6a68914121d0073605f51735a79e1eabf71bc15ca9040d5b584007726f
SHA512

0accca35452e68ee91c20abb1750c79f0f15f4def22b96045b6e681c7032859db9a889b7907c38f09e4db0452b2418d7f2ec26f0b191abc504471691f5e115b0
SSDEEP

768:SCvkOpFx9hRs9QbsStzJfnTOQQYagL40Y4ITukGZgnMrx8wp7aiTjp:SCLpFx9h7H6QQfgER4ITukGZxrKGai3p

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
3112	msedge.exe
3112	msedge.exe
1468	identity_helper.exe
1468	identity_helper.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 5548	3112	msedge.exe	81
PID 3112 wrote to memory of 5548	3112	msedge.exe	81
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 5004	3112	msedge.exe	82
PID 3112 wrote to memory of 2208	3112	msedge.exe	83
PID 3112 wrote to memory of 2208	3112	msedge.exe	83
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84
PID 3112 wrote to memory of 1132	3112	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\adfab29a8f58fcbd6c40670de8d4b0b7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb53f46f8,0x7ffbb53f4708,0x7ffbb53f4718
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13688045392745201224,3640108110240265346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
efed562fda1ae7b61deb9400dcf9da86

SHA1
dbeb59056231f3c1959653ed631d6c7211b89e27

SHA256
7f86a222642ad7822704b1a23a6980fe68e69b59284bfba7712a13d58f62bdfa

SHA512
1652b596aad528ae592ab2fd28c0a68898ac163dda3273f00a2740226fc73bee12792ba943aaf35943e6448794f84063c8c51c5d7b88020eab5a7e359f1c1ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1ecdaddb327c5e5689595e1f955efb0c

SHA1
f3d5ff22c763418126bba62f087bc48f6f1edcae

SHA256
83122e0db9531ec3cf7ee4df0c360096e75adcba82ba81a18f63e714acc3089d

SHA512
efa8d4e3fa93397973989d13ef3c4466f51679b0a17ed2435b0ddf179e3a375f527ca90c66f3b220139bbdd5984ec07271952efcaf97fb3db7172382dc41755f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b8195177905bfb6d86db5f0c9b8a4d70

SHA1
2ea27ca6ebc65afa5262dca4a33e17b111ca8b0e

SHA256
d0bcb653780c68879d2e8025d94dc61d4f729755161abab5d6c24376bdbc2514

SHA512
3d7b8225e7f43664b402f6c7bd9d6c867743c7802720c433e1878c48f7889cd786a543d330acde9d6feea1bff6fc436b951f2dd59d4fa16bbd1e616477157bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0e8e2b6df42d4eab76023d174f27a791

SHA1
873ea18d00acea48873ed1bd339f3b50709a57c1

SHA256
d5e19402a67e2a117360ed47bceafa5d1a9636bd6905e9f87944c6c791c8a6f6

SHA512
af17e6975acd5747e4038831fac9190183f4b1907a28310db42d9a1fa8eb59338a546f5d4f3314922b92825077c0d6cd6ef8b40023e86290ad018fe1da13cf71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a2b3eb0b2ea691549480720cce6e2511

SHA1
8773f6d58dcb97b95dcce1fe3938547e7945b474

SHA256
ecb9fbc51405d60f35506142984ed145cca57a95e5a911ff2816f9859a5b7266

SHA512
81e2955f09cbf3f154343d323350163d20ec0980aac50a59880da3a4d3734121f8b1b6ea101464ba1bbd5aa5d61123e743450cf3f7b0f2bf4a6bb75ace08fb1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d10b884bc0cc4158fcdef100927139b0

SHA1
6e82c221d3832d59d7097b1ecf56204fbae12941

SHA256
d40d46291e8690983c69583fa287b76065d865e5914a252a9f2f8503044b8b53

SHA512
4f91776339e03688001715d9a3927047964eea2f1fcf31d73256fcd8eb28b8d5744d0b46ff7d2271e09bc87bd02f1574edabe39afec9b808288c7cb41792dbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
c8f3d63707f607dd3fce8859cd821d03

SHA1
aea54d47ff9a739be144e843d668f12a48a3d985

SHA256
d62b79162172c129a16ea4817d682ed6cf3e7e6e5b683371ce77b5bb70008258

SHA512
adb7c7fe63ce216cb8883c6b6a79323f621580788608dd7fa03ed2d00a3dfed71bf2076c8d1c8435e4de7db35a8dd567392bbdbfa4603d42f8fcf005d0a19204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c8e.TMP

Filesize
872B

MD5
b8559478e3e4102641f71bcd8be1fc72

SHA1
78642ed8e8478b27e77cdcb54d866c613bb9d0bc

SHA256
0ee0bf00d2ad2412ef73d84a1c1d64f6d7eaeb391195b015655af9437eda6494

SHA512
3276ea93460f431847543c91f1754b316295c62e8da1954acec9dbdaff2dfb7449d4854c414c6b7d84931816fb7c91e49a952e640f9c369385084a864186c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c298f508-69dd-4859-9d2e-597c95433d24.tmp

Filesize
6KB

MD5
3a0fcec6c099bc5bcac45ae7d6355f3c

SHA1
61406d0abbc1e899b034528c910c770348972fec

SHA256
55d79e3de979330ae73b9e77691ab41bc7b174c77499aa8c1a537974dfa18d4a

SHA512
8c1c2a1fe3806187fbbfaa028314082161b0962eb34df5c16783ce579311780bc85787eeac86e9f3f116d4b2d17a963e5b5ed182d318fccf09bf724b168e96d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89d352b23603a3a250cc80139c4ccf70

SHA1
e62103358d294c9d4505d913ec89b32247397827

SHA256
7fa665ad6f11f6350e6199674fad64440455e69005923e7456666e8f23711762

SHA512
3c8556bcc8db1d631ed7213aa7a40ce3d9ccceb0fcdc1cd26b22c201522d3aad9cd8f00b4dad76d88dbb8c13d43c8aca419869d55e80682397e6490e57ca3b21

Download Submit