65b679bf5b93520da98a1347ce12ec591dd2a17a6bb057f4244afee0e96f6c9f

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 02:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7f3973be7f77babf3a15c939778fff38_JaffaCakes118.html
Size

61KB
MD5

7f3973be7f77babf3a15c939778fff38
SHA1

35f6c54fa13f52f9c9089b05abf01735b7f758a9
SHA256

65b679bf5b93520da98a1347ce12ec591dd2a17a6bb057f4244afee0e96f6c9f
SHA512

5553a5da6da37a7a703eda36fda5d73c91743f0eba5c48541c9c70ecf8edd2ef9466936b05cc789334b23cee18c847b7a8d99c6602fcd4e6a96a51226989ba91
SSDEEP

1536:iGw4I5khqCOZyP47jFi4o/LzM+W3tyffPiwfJXz8SNVq7k:icITclgtyf3iwfBzzNVq7k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
2040	msedge.exe
2040	msedge.exe
2740	identity_helper.exe
2740	identity_helper.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2508	2040	msedge.exe	81
PID 2040 wrote to memory of 2508	2040	msedge.exe	81
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 1848	2040	msedge.exe	82
PID 2040 wrote to memory of 5000	2040	msedge.exe	83
PID 2040 wrote to memory of 5000	2040	msedge.exe	83
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84
PID 2040 wrote to memory of 2732	2040	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7f3973be7f77babf3a15c939778fff38_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fa246f8,0x7ffd3fa24708,0x7ffd3fa24718
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6597889055212165021,14430479948890644234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3759a8b63b70534597683682b941110b

SHA1
678deb802b488ad25074f8ee790d20fa10343d77

SHA256
3f1ca34ca967f3a1a25b818a9ef1ea1aa7b1b56ffba0eed6a6c8d853691d6174

SHA512
e62cd4ec79eb7cf54e7b14b1f5af7aa05c954a1e88b2e7c3f7a22ebf3771ebbde1e4d8e4b6c43775256153053300534af8436256488cb10200865dd29bfbc186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
30b44bc2bb8b295a8fccf8f6f891be7a

SHA1
2ee582071c76e4a898b9910cf18ceb772e90538e

SHA256
3a1d3658bf1022edd76a3e831ede873cb22fb08e8999c56d3b9369fa0537808a

SHA512
827031b6efbd5009c51bb185c173efaa7f5ebbc652416389ff4672c7bc4c017465fb899cef89216e09c47560d1eabb0ad30ed32d02e13e551a39109d69218510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
07d8f8a7a0b5653b07764d91e32359f5

SHA1
2a172a5ace7198e22c30df7e391162b952a88cd6

SHA256
6b9e628dc145d428b1249c452455f983a39b33b0f7299bd5952c8a3f0d19d64b

SHA512
47980a11aab72d20c3ce527a5ab1afc19f7b372eca791e26836afe94e55209c475645c760b91bcfdbf6367408d44e9f975e31dfa3581656aa6316bb96365ef00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ef45ec418c1a2e319f277e24942ae848

SHA1
485672e898e6d5a0812ad127074b3eb779f58707

SHA256
762a04b81eddd93703ee81e19714c9c8cd7de099180ea56eacb3f9d7fefc28f3

SHA512
f279b45a0437ea474864f095f66cd7520cd920434d46979557f2579c318aae4e9c074b6a8ec89c25e4f6097ec6baef541ff0bc2e3a16e308a0c447e6999a4864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
727aab8e96f4ab41d74ea8359c66928a

SHA1
9874278912c6a8de3c183d0eed208ca117652f20

SHA256
14f8fd4d60a9d22fd242f34234160edf19e5136b6635453f5cbb2c2f3dad706f

SHA512
d1af45381cd4ec0c5eeddc571941f49020f8fd416d89018252cb8d309c4f6f2a1ec8a6a69d1e892833e7f4ea5bad8a15d05c39841c17f13573b6c7da33933542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
612096c9d7888b3cbbb3e9d6fd901a3c

SHA1
a3d54300012692c5c7df2bc35815bef527357f95

SHA256
92b30b627f7ac90fce7ac65099754719bb1f0324878d953b66411738b5ee9753

SHA512
462ad53c8b87dde50b1b4f7bf250b54e59c606a90fd2f91c60c247a3c1374933352b1235e7826fd0fff2cf92b6712d98806a40b807946973d5580c1170bccb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
054f762c09081cb7b04687386d0cd095

SHA1
38a2dd9f7536a98f33abb5b61ec25d8f42875509

SHA256
a680f60bec6985edd228e2610405ebd0aa73d9b8422fa239985f29a2532b570d

SHA512
bd7ba888b9686920efef712cb8da6493b2004ab5a8d0e6d01ca0342944e0aadefae061b5606210cef6f8edfaf1da9d79a9bdc5e81bf144055f3dde7d01e394f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a59d856723b1256c6a761056e30479f6

SHA1
9ce0654d5a3b956a8cf6b76b5c6dd2be9913fca1

SHA256
5689ff7867bf4f046c0617519216148d492365038c2a37c86f940eb641eadad3

SHA512
6959e2d5bca51dc31b1fc5adf4d36bb4bf0a63cd06bda4e1adb8151163f19ad4def933f16712fb414aa27f872e6e0b466c67124c27b7a284faff496ab3758d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b1e6911a52ddf0a7874a92f968cc894f

SHA1
39eac7e19fee3c31382e51c2a16e93e9b836b5cd

SHA256
9adeda6f8d30484e8d5b8b5104f1a8a4a89ce2c6567cd1c6099e908d5a5df986

SHA512
f0d13c1b21e49df1f63e246672ee86d994fef687d613b0807747a6dc1e7e9d17a01aa7e31ad20afc4e40fdf610a31ba746fd7e620aa2534041b968010192f399

Download Submit