79b0d97fce8c9e5de4d618c0091cca09b1e9ac39f91bb9f9a5f63f270604c601

Analysis

max time kernel
148s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a273a51b20ea4a5f782602cc980e5fbf_JaffaCakes118.html
Size

49KB
MD5

a273a51b20ea4a5f782602cc980e5fbf
SHA1

066ab984d3067eabb1b5d6932f83b565361c6858
SHA256

79b0d97fce8c9e5de4d618c0091cca09b1e9ac39f91bb9f9a5f63f270604c601
SHA512

3c4e647468121b81e0e4deddfc9e529d85a94e6a949784a542d38a024d31485ffd199c4d8bc598ed5d8dfe3f8d7707f77172d731abcb17132140fdf42feb4201
SSDEEP

1536:9z4yNIZJ6pGqLq04q7qcnq7q+h8qEqRqpHq37G0Hii+R:zNIZJ67GXiig

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
2696	msedge.exe
2696	msedge.exe
4036	identity_helper.exe
4036	identity_helper.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 4404	2696	msedge.exe	87
PID 2696 wrote to memory of 4404	2696	msedge.exe	87
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 1480	2696	msedge.exe	88
PID 2696 wrote to memory of 4804	2696	msedge.exe	89
PID 2696 wrote to memory of 4804	2696	msedge.exe	89
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90
PID 2696 wrote to memory of 3896	2696	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a273a51b20ea4a5f782602cc980e5fbf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a8746f8,0x7fff5a874708,0x7fff5a874718
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6682619770644821683,16894239403178505432,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
32KB

MD5
b1e8f56542fba2f663ef70444a82a75e

SHA1
38f1034007db83a3b1f664ec7332ae4a910cf118

SHA256
608aa7f028f230acd9ebc897a83686a52646b5ee89325f415b76ae03291a51c6

SHA512
e1288466265575376a77cfb5b224a672faba67e0fbe44f609dcc25f789313bf9c182c0dfe4596d471bc4ee12e0da8402360f55ba19456329ff3fa305648c7fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
212B

MD5
f92823530c9929c20eff45475fa679af

SHA1
1c432022c553dc9845349be231bd761f701018ca

SHA256
76d9fb86aa7933f311b0dcdba0f2cc2e1da25e17d11998bcf5fa89dcba64f198

SHA512
3b1b9487efc6bf20406100b512cd70600bec5914fc6b656dae4e01859c6ab53887a9ed8a626dcd27241927b935a16944c524c4974270ca32a5ef60e42dba4d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
3cbfaf01e4a99905804342b41cb2e78c

SHA1
0cb28016cd64d9f1a1150fa73d86956914858ac6

SHA256
36c6319c89e81a05e236a8cb8f9cb5ed34a4f98ddbbd516f481149fe6994adff

SHA512
f2a2098fcaa2c25b1c573b77ed65bad9645f43ffde0076e8494a9ea04094b455ffbced67decf6ab663faf97c57596cb16f6229ebf8c414136584f28c63578d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
da30a6be7090172a5aee6633b4177690

SHA1
aab7e152dfc572bfe341d9783fe65adbb53f0f71

SHA256
b1455948e1f877d1918196eda0e91c1924bc8d452fa182dfeb128b99f4ba711c

SHA512
21889dee6c65be79207178c4e1d172c4cd2e2b23ae5c66752f637eaed135674bc842a02b1638fad52c33ad6da99e2b1b8a2a6b91f2fba8d3a8263da37b03c0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
21089c1255e099f5e4ba8bdc5aa55e3f

SHA1
b43fa7191e1c87171dc5a30d7f20040902016afe

SHA256
7cd2a177f08854bc7a0ea1f6f75944133554f92bfcf79c0468dfa1cd8e86d47e

SHA512
e8017f0ca83adf234637d84a564b7fe79da81c5d10cc71a9692b5e5ca4cf1ddf9c209a83cb7aee91fd92e10fe10d8e66fdcc16123040fa0c140d36a8f6ff972f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
76bb9a110a5547f0374c86d059cf25ca

SHA1
5fed45d0378726597baff78bbcb54975f16b39ff

SHA256
d35e378e8799ccac2533c573302984044b6898052e0e65c4f194b1d24fe799b1

SHA512
64bc5cf41fc9c48e1532b2601760f19bf464ad12c875e60f7175c665050ecdf457ac35f5490f85b4bcf64e5469816b91229b70e5638be7900ee1be7dcc14c3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
796ea00e4016a76bebbced22b66fe227

SHA1
cbef64094ffa0bb0ba9bf6a54831c464639a9621

SHA256
b234c14eaceaade89a50eb85cd0dd2dfe220a7a9ec6a172f8b55291dd3a664ec

SHA512
b4c0451cbbedbfb16506cb6756adcde163a4cf2639d1b2871a228f55e9391ba6477fe708b7ce13dfd34c428e607d2e380a2fb0aff748da9acad08d87c491ffd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e31736fb127258736c35d183e57dd97e

SHA1
7ba799d8898f58d5feb8322d7c2caa2f6b864607

SHA256
99af82460601947b4e8b082e0fec6dcda3aed62f25fd034685d40825d7a77ca9

SHA512
8229998615cf06dabd9c9f068e109e33c0e9bd0da389881b787bb0af3b6c864cf5fcaf2b70d59b5fb38d6820a6a1c11da02ee69d586ea698a2c391c79c0eb5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1063d950075e7098d2cb4c98fe831ac

SHA1
f701b37559fbaf18b3871996eca18ee5fc5f2053

SHA256
218ef9e683d4702297038bd77a3a22078efa9d9051b7a41f0495c2ec47c4dd08

SHA512
4f33687b9882510b76570c846acfc3a889096504e195952f2aad8193cd3ad5183ee4a900d50ab80564d33ddc7693ddd7c73e758ae2131b78754ac2b26878da4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
599933229c919ed7795e98ad360d476e

SHA1
8bac5faa21ee8cde3400a79bba4cca5c56a06c2f

SHA256
33c1df23c05822105f550b4852c37933da28e324bf0ead774fe1003b411cb004

SHA512
8dec1a9d03c68d8dc3316bdd7d96f3f728694b897964e06fad05051098f35a4b8d23ca017dff0eb7a71510eab986bb574b5b98c88aabbbae85aeea782a219f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5820f1.TMP

Filesize
1KB

MD5
3d1e90a231b0c2202e6cdf2195abedea

SHA1
21d5ed0e812e4fe09d9e46d6f9fd8b5d373ede2f

SHA256
b448ddf5989c17ed97ee4a405c58e4a674d331b5faaf95690cdea438fe246805

SHA512
db89e55b04a7759de81fb35bd1793594fea00ac801a9d952e2da811e026a0feb21ccabd44cd491fa7076c8307aa43b16e208458bcf7820112d91b8f5045fbc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cf574a4b-22f5-4052-adaa-99f70c11a14d.tmp

Filesize
10KB

MD5
3ef0bcdd8cf318e5f6912905f6a51816

SHA1
327d55727e8a07ad0972ba465567a6225efcfa87

SHA256
813820f99388910324b75961f95bc52d786d3dc12c43ea1271455035d7ab29cc

SHA512
e67eb393d14df2e1c9d1e897d97215aa95e1bb7fe073945601625da0bc4a994feac60dddd6a9c93f9e095cbc6f07c02e1801eeb88bf286c5e19a8ab5ec510b32

Download Submit