7c86dd34dd0c13be4518f8cb65019b2dd51cf4442405abbaf37c212d79710b46

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a142af0ddb4aa220217d856e8ae95343_JaffaCakes118.html
Size

79KB
MD5

a142af0ddb4aa220217d856e8ae95343
SHA1

177847a283093ec08b41a495670d4237cacebe5b
SHA256

7c86dd34dd0c13be4518f8cb65019b2dd51cf4442405abbaf37c212d79710b46
SHA512

36bdbbdaf11addbb1ac1a09e684861146cdf17df935f4f3cb34ff88e3b45bb14047fde7db56b3c6f53a9dc46c699a183f967e19a166b9783a11c6299aaf1528b
SSDEEP

1536:nJEndpppaYrto+cAn9kxkldHIn5cOD4NwdyRZ:nJKpamto+cA9kKLiD4NwwRZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
5080	msedge.exe
5080	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 2940	5080	msedge.exe	84
PID 5080 wrote to memory of 2940	5080	msedge.exe	84
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 1380	5080	msedge.exe	85
PID 5080 wrote to memory of 4496	5080	msedge.exe	86
PID 5080 wrote to memory of 4496	5080	msedge.exe	86
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87
PID 5080 wrote to memory of 2072	5080	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a142af0ddb4aa220217d856e8ae95343_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff381446f8,0x7fff38144708,0x7fff38144718
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5234578047242767254,8363336801079852447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8eb749e51306c301699fd7049e35ddf7

SHA1
f2035ee438533634fd4f08000df73e03b3e77961

SHA256
134e51ce85025ce5a2b630c2a94ddfaf7e009993bcc9fa6fd81e8651d13fcef2

SHA512
62b94cc910cf73cb5794da726a0c02cacb14bb42442b139187273c29c06cfc0a67b999df41b2cf08aec73fa8dabbcbb5b13d6776f08524c8f47fa1fab54a7243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fa2806c05d9a73ed2d64bdd443efff0d

SHA1
bf0537faa30219b4483b405090d441c60755d3cd

SHA256
e6d3d9e9a70d63dff1e150c814922dfcc8f0318f3df5992d195084756fb847d3

SHA512
c1c821571af637c48a6c5cb62031d2ff601de81416dbccdc073d8f96fb03303172e2c84160c45b95b5cc09f31c7d2bb0cdc1105ffae512d053d69cc14637821b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d23080721ac693cd829f6d7b7370b80b

SHA1
ed9ebf49938b9d81cc52de8dac3abe589e407a26

SHA256
9a420c271a117a0cead9d9c247618f6e654449bd6c54f3b284989c65d363b2d6

SHA512
7815d1203d8b336ff7e843e3f7d571fb61d3b0149dc4dda893098121c740379f707a044e29bd8673a2d2ccf25abc2bf41a114c7eba10efa06a28ef9076b5b7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
07bb9299399a68293a6e3f846f6074c9

SHA1
d9e3f5fcfc14d4f1b6cab4c487273ba8a71eb8f9

SHA256
dbc49e81ce7e2d7e0b42c59f4ada05c05e9c335be6e599811362b4d819af6956

SHA512
2e53306d481db6bb9f0494b576b29dc9a014ab1596573c5d9d37299d2363aae9ce1f43fd6f62b7aef1b5895d80a96054bce797af0211d1c2f344532ad3ce7d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
840497784d6c58bd79aeb08b62359c17

SHA1
c7f8b8413c3a12dcb383362011f0d257ff86e885

SHA256
51e5609d8e15a981171e5ba75e941f0d81a66e8a89605929b1d3327e6234bcdb

SHA512
7f47abbc2e19e81c88db74842ff40bf401dbbebd5851f2929a965b9d299f9b4f28e103c9a88a9dbad9d1b35307dd019c07fb4224b71af6ae52bf770b133a273c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf12f158c0fbc2f85af21aedadf1c13b

SHA1
0eb1e2d5d898176d10d2e197f624de0cf7e18732

SHA256
64b5b444327c8d87aecd0edc90f8af6da417b8a569e09e1886098fa0221ea6b5

SHA512
5a64ec6d3ab1867f0fc462cc799f12730811c902443e40c9d2d006a1130e8cd698ae8fed32d2c574d011e23cc4a87fe41d9d595d4f6aec0d5e84bf72bbd1d81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b11c7bc04d888e66db2aa66a968017e6

SHA1
98cf121eecc8054119d806c60ca4dc8203d4394b

SHA256
59602f4687e7cdf9000c0545cd98ef51dc8dd160d12a7e6374445202950168ba

SHA512
f1dc35535c6efdb5e240622ef194f32aadf3e7b85b45582067ebc59de5751d567890cb816b744113fffb94f496ab826ca32ae2cad22548fcb143fa79f0583287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab51fb08982f0b749c0948c60903bfb8

SHA1
6836d1d4fd93ed19b8c1594b2bdd17ef29e89a0e

SHA256
2dfcd0b74d2e01c9876ec82a696c2fd7a4af105a6ba75c0d06b4323949459d8c

SHA512
3df80b10990a06f9daec5d245ff1d0744b6ca71b626bea17f4106d1082919c225bc97d860f84a340298b0795dd4d2f7aede9fb1577eba1f6d7ddc6b5a2eeb1ea

Download Submit