294931936956df5e63574a86ff5e58c1f9476c1b671869cc385313a4ccec73f0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 10:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b836a748a7c0a1ce4398b82dba9af713_JaffaCakes118.html
Size

77KB
MD5

b836a748a7c0a1ce4398b82dba9af713
SHA1

74c7fea90ae77718d68aba38be09d78f0faec142
SHA256

294931936956df5e63574a86ff5e58c1f9476c1b671869cc385313a4ccec73f0
SHA512

53f51821e6dcf5dbe81dc6dfe84b96c9030c39c071660baf7edf21f4afa912263fbf35297cd627f9ebbcde4d0ff07f36a969e15fe6095c5eb74c3cbb52293ec5
SSDEEP

1536:llflWGtXOG6WGyH+4eJPhT0/AeOHUCvK+14fu/f:lxlND/VKZT0/UHdK+14fu/f

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
22	sites.google.com
27	sites.google.com
28	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
3408	msedge.exe
3408	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
4160	identity_helper.exe
4160	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 4592	3408	msedge.exe	81
PID 3408 wrote to memory of 4592	3408	msedge.exe	81
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 116	3408	msedge.exe	82
PID 3408 wrote to memory of 4400	3408	msedge.exe	83
PID 3408 wrote to memory of 4400	3408	msedge.exe	83
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84
PID 3408 wrote to memory of 4396	3408	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b836a748a7c0a1ce4398b82dba9af713_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee01646f8,0x7ffee0164708,0x7ffee0164718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16705380221867578833,994729275724450011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2b0d3ff5a4a73727965a8e25347e41e4

SHA1
faa2f53bb4d7dff06759d4681438a5c744f8e23c

SHA256
bbead5b1dcb0523c33a53f26cbe4b65f0287f5a1501971e3872e7e3e222b785e

SHA512
aed7210eba2e24118d60274e11870f231eebe6bd46634fe8d00be17ae545b1443cbecafa60cb7587d11e6f8e6b02ece03ff7b5b12e284c7c6b391cd3dfebfa95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
cc05509e8cfee876fede6b186ea718b5

SHA1
713722e5c0afad7688f1f2afe9b11907596ac956

SHA256
5ee81ad2c3f696b51b91d51956b953ff7303659111d9acfeb8f1598963bb892e

SHA512
49bd312c8b3a0184d03a54dc26219ea79463f5e2e678e3ea048afb21667930c32b7989a007d3a661cf9c38318e0ec40d6de66de4b338b789a5b6c013cbd6504d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6d6f30c90c3a6784f76e1ecd3c1ccd37

SHA1
366f2614049fbfcbcfa2f8ad6771e8bf93d3b58e

SHA256
a99a564e71ee2b5f550ea97fce15136b820c0adff4b5b177af298ba0e34a0c7a

SHA512
e2efcea83ed618ff888d51fef38add26cf22f0c710d3c92c2190eaefec9529925936be0396aad1419f62650f955e7be3824a04078bb2b15b12ab3cc0f1c31b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
637e24ed4c6d79caba0ad5d72fc9c083

SHA1
492af1cd6d601d3cc05204592dac76ab3d63dbf5

SHA256
71f3b258cc6b4f6ef5c39a177249dc3b619b3d8f7be5f1eb93ef6fa6441c5d53

SHA512
ebfda91c7987ee1cbc203b46d4f0d5b386cea93714df44caa4c7940944a016a3bb8aca4438b4832ccb2c28c2f2f8287c15eb917689932307390f835b3e2a4653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02ea310aa0be1f594310edce9062d352

SHA1
725026e4e579af00ded6b2489b572ee8d32c8989

SHA256
5bbd18874a97972461e246fca45df2a0010fee2a23f1f20165df329f80d4aca2

SHA512
2c51999eea72d8f50c92dd67ec69eb7da05a899858c1431bc7ff031bff22f3fba3ad31a2f50c1265cc61ac74464e4bdf2537a5025e2dba2c6b1f3e691275ddaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb211c17958cda88000f58f884454b6e

SHA1
6338b9234dd0540adf66368076fc70d8500fdb21

SHA256
ce8954f892e8712ad078adb39cc7095882f27bff49e3266429963addd63b390a

SHA512
372767f8c27ec0cfd9025e6e67f19c15c619d815a55a5b6b2b60244f8e0718ebbd2183b9af3ba6afa15fbc3756f42a878f041d8814f4a654b0e83f29d52fe4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f311ea1bdb915e768baed645332c7821

SHA1
d09683ab5a97cc161ca59cd67af27f03f5fcaec3

SHA256
3b20dcb1fed216141b4d13ddb2b8f86ae83369706452a3f692ce23f9ebf59a67

SHA512
fd7bfb80537b3f39fe109fb42543705b7fe622b5470c8825117f5c825ab635e3225764367971b892dacb6ec47513065bf348fde5e62bd1891890c158130565be

Download Submit