6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

max time kernel
841s
max time network
846s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-01-2025 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Size

25KB
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1044fc82-e066-42f7-8fd2-460b3fd2d6b7.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250116171616.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
3328	msedge.exe
3328	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
4692	identity_helper.exe
4692	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 2928	3328	msedge.exe	82
PID 3328 wrote to memory of 2928	3328	msedge.exe	82
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 220	3328	msedge.exe	83
PID 3328 wrote to memory of 236	3328	msedge.exe	84
PID 3328 wrote to memory of 236	3328	msedge.exe	84
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85
PID 3328 wrote to memory of 1812	3328	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffeaede46f8,0x7ffeaede4708,0x7ffeaede4718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x248,0x258,0x7ff726455460,0x7ff726455470,0x7ff726455480
    3⤵
    PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2380 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6268660169325097774,13530030283787487113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c6c51122c811a0f047374c84954de8db

SHA1
46b9923064d07adc31ab16fc5a6358b46a429329

SHA256
0e2b81c17f8dfc47696bfaabe2abbe02912406734e3e2db6848615ceeb88bef8

SHA512
d75eb7e979694b47f0fde49b3514e100677d2ee7c0fc5f880d2ed9eedb5c215e15a6410db913fb7d9b1c8d4caa9235a8587e0525e4e78c4ab5170b23f8dd4d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea1c2801aa63b0b7d559edd3adc7cfdc

SHA1
535995078ba0c227fe78a9bc340e848907e420e4

SHA256
d5daf639f0e5d8039eb65ce05767ae58bfa4b04a6a5b0b01b7a42bfcecc9756c

SHA512
877abc639d9913465eba3e82e2192a03d6e63ca341e0954c9b62b109d1f0547048423f4f0b6825c4a1846b7964f1bd14272663d7166df6a71446328f9241b06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
27ce776b0dfa2b44788094b2163a1cdf

SHA1
b22f18954a6f3636587a2cdb99587b5453674ff6

SHA256
5b7350572a2606ae4f6cf4114833f322bd57338d5e415d782fdced9ba60d8274

SHA512
f787a3dbfd927eb9a961e0166b400209f056abe5fd792a840c1d774200aca1a7e8bb5bc7e2cdb93cbc2674beedf41663a7cae33dd13a8bf0e5b6714eb192b9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d66db74bbcc98b4435949cddcaf951e7

SHA1
b611d936b9c8b0c6527a4c10e73bfbcef4f7c7bc

SHA256
b7fc28c24db989dfb042585288dfd81eab952c8caecfd19d250d29bb961464e6

SHA512
ccde6ec30a53a4a33ad71102689253170f07fdca304a783363e438b52ee16bc4bde3efa62929d8731e8a9c72841b760b07c0485858c0cc57bc13a08f021914ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
60aaf511ff7d47e84a4588442ead2483

SHA1
a8ab5f1cf29af3b1ebc853c2a71cc5760feaf00b

SHA256
84b46c2fe5c656be267eb64cd0c73d37e7cb3bab50e3333f2e060d6721fa6879

SHA512
f49386509b62f2fbcc83bd0c5330e224aefbe5db630558986bc7a6d9e1eb193bd64755b819ac883e884e620646e7cbcea669b4f2456eec8d3caeb3f519188ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58146d.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d92b6c5954b5db840577c6cf178ac302

SHA1
c733a1ac757ef5d2f81d7e42cfc05da6e0208e98

SHA256
472fabdc74cdf9f5f1b412a2751f1a8a9f1e1a91ecf085e5820b815909091af4

SHA512
1bca6d87811864465b20ec56d72a4a3ee6b556a9fc7c93ce8e46a143883a5a23683b8a212267e4a2b9cffe7cd5ff49a028f6eee3856bd99c01edc0ce587dce76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
43220bdcb53647572755fc89f68282c5

SHA1
e8a5e6bd47241f94be784638f4c48a147114b149

SHA256
c0ba79324b7e017bae90f5622a4deb935aa55db84d881036b82068ac9c363cd0

SHA512
27b5903ac359a4ac43443a24808baeb8363e1b1bc71b6f198ea9efd04313f2c8a8f5a99ea8a167ff51df36cb8d164155f540c156f4ade6da87be80b4efa72b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44957990a8edfd2a744b798a467d0898

SHA1
7fc1b10cf8b974ee1df5d4c696a43740ae2c5727

SHA256
55ed2717b12a724e4537e04a277db4193c316e3c51e3250dbe7affa1e47cb0a9

SHA512
b200c4d4bbad16f1957dc084030765c440780798615eaa6a64af0a4c1c131bb751554a3a757cb3475b84302861256a566f5b708fdecad9994f2cbde315830a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b51dc9dac16e9549279f498fa74cdde9

SHA1
74e44f467973b6c3f4fdb85fa4d0d5399efb61a4

SHA256
6966a4f73e59a3c87720c51de2145aaaa618f6b2d7ede7bbff8559688fc7119d

SHA512
ea83242eb1f62b62dc469e8330364a7a2ad4de01af66d21a52ca07c80e59dbebff08bbb46bc5b54f6cb1562f8aabbe80463db1af6074812cf70563a052884e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
db0cc03b1657f5dda4b38846f4eb7157

SHA1
1deac63712a9f66b4a33ef65305ac5f0c678a34f

SHA256
2b79c7a18fb021ed166360ffa784c4fb44b5784d7bc8e6187dfaa80ca4c07761

SHA512
55dfbe0425daebd6fe6cf54019e690fd4dcd28917a91d1fa0db57bc120d84d2f11bf119d836b8f0cc2e5c1387fbeb911b1a08a452fc493c06850d80621f45f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fccad2652971ce1f105ce6354c7d5235

SHA1
47e2387537bb38fc7db14eb46607dbecc093796e

SHA256
c9f86fcf54928f7f4f85f83bc696505cb63d1300f7a1ffad4b97f3cd92784c40

SHA512
31a536c04ade93a676958046da98f24b439ac8541011be47d1514a6556788d052c1950cd37968c1a9bf57ce6e0b29db9ca3f2d22e28c8b6cb653527b0d74b3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
39f99d89f2beee179bf6c3c8967848ba

SHA1
865b3a229751339b341c08d11618bb19469ba572

SHA256
46c3ff3cfb08b8884ee9add4f7dc8b33a5341c9f26f417394703835f9cba1a86

SHA512
9b819d905bcaf874b156962e98e63a042b073e82e048589ceb657d2c91623a363a3718e6e58d9eb45530bd6c4009f85374116b49ebf8885aff5e4b229f90b541

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7d1d1a08e895236b9366f0bce3364deb

SHA1
29cfc6ba49a19119286f72686b66339b04f48d9b

SHA256
b4620acc7c4c6a7b374617447877844d115e6e33ee28e00708a0c6974eba3ad2

SHA512
3ad04eb23132f0ffec77a3e19fcf7eac429bcf3fa3e7ad1b46cf9928a9ad7dca7939c081546c345e474bf71b0f2660bd8627e9fd90fa93d1de13338f7e99ac4a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3b435dde0fdc3f3d805437dcf1c0beda

SHA1
d6ea2c39fde9acfd4a4ab8a6543a82597b703fba

SHA256
e25ae662348a59970c6c3224903e2f29b287e528bb739213ed12b716cf345dd7

SHA512
66779821e6c9a901988aeebb36e7bb9e3cbff6f983f7111bf07656aa455f3ee1b8ab30eef8496c7f03173b1494333a537bddacd42f0dd06c082df0e9676ab3e0

Download Submit