83252d591e319f237592e30db1632ce2a0621b5e86de28822a77b76e52e82a31

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 16:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bf045c81d9ce68438b8cdee1092f5542_JaffaCakes118.html
Size

65KB
MD5

bf045c81d9ce68438b8cdee1092f5542
SHA1

b081fa7e718a03966330b82de06795e55e0758a8
SHA256

83252d591e319f237592e30db1632ce2a0621b5e86de28822a77b76e52e82a31
SHA512

39adb0525d354b11eb603488ab14d334718318eba089b8ab126dd968b5006a8a805d67bc7a755609f2b32b7a265c48c60df768082e1049507c983897b18cf60e
SSDEEP

1536:eH1sQgK+AS5Q7i8ZWI2EsAfnxSuna510/N6wlXdY3KX2T:E121QvPH7xSuna510V6wlXtX2T

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
4444	msedge.exe
4444	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 2932	4444	msedge.exe	84
PID 4444 wrote to memory of 2932	4444	msedge.exe	84
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 4788	4444	msedge.exe	85
PID 4444 wrote to memory of 3228	4444	msedge.exe	86
PID 4444 wrote to memory of 3228	4444	msedge.exe	86
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87
PID 4444 wrote to memory of 4196	4444	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf045c81d9ce68438b8cdee1092f5542_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff540d46f8,0x7fff540d4708,0x7fff540d4718
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12597354511588382298,2394824925248939078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6388 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b5583d84ca6f800124b8fc2d3e057fac

SHA1
839494e0e92002623784728bb95193886daab44c

SHA256
f8fe41e2c5213c571ddf5e7e3b856ad274a2f7e54fe623f03a81aa86a4e45e1f

SHA512
f229a2abb11ad2adbd44fe583f35cf24bbe9142f8157383fb27ea408f37631f35416907fe9db6e7bbe1c7b306ba0eaf2e100c4f34982d80388116a55371c5e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
210927060abb74f48c1dab8b318ebd89

SHA1
c87a3d5ea6073d1e9e0cdd2bbf71d1efe920957c

SHA256
446374e2eaff207513e650f83f99a6633f7b47bf29e3ebf1843760aae993ce48

SHA512
1120b47b2bb43a4785c54e30231be2e1dfcda5d414f33572b11a10bc1e3c112c17d5e8b3ceb5d8657cd59b7a4173b3027861a9f31c4f5dee28a35998e50b0d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7a69b43ea66f0b73d6c837d55f7b07aa

SHA1
e74ac7a671c55a768bc18173f87ae4b6f1e2e7f8

SHA256
dae500b5cc98a0cf01b06e098e3f0c243c384543341f6758bc5a2d617d130b9e

SHA512
fcbc3174d92c58161deb3697c51a07884395b9c08fcbfc6208dd1950cda3313cf91f59f2fe9ed87aa2bc4179852603ff13599d096508b589ca2298729481e067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
58defe795dd777f9d16e356143ba059e

SHA1
32f046abba3c719337652452a943c12b3edc2b7b

SHA256
2dcbd61c0745d9c8008ad7c5ca886417037bc3813b302780c94ebdcb97d80666

SHA512
19942f7a95fc9db0725a8eacbf0805e9ba70c56c3fc37bbece25026e60a7dbd5001c940fa61c19dfabd9d8a7c8de03300c7df9a21d27eff9862ededdcb665de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c278f43aff8016cc28551328926db177

SHA1
8dc95d89063e92aad820833b9ee5807c3bb185db

SHA256
9bbae4958563446c5b3d57213af37e28b771abcce4f025f04df4aacc7c69e692

SHA512
90650b592046dbdcb572d371314059f55dac7d682db21ada2e72f7abb8d07ae679b95a216f24133a1656decb726ed83e287d4a78bc0a2d90501f34955fb86393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5b7ed8d78c212543490ee9a3533b42b1

SHA1
449cee2f9f0bd0861fbbf6607270f8d4d3ebfc34

SHA256
1797380d17a61a6ff9ec1d24e1bdbfe57b3eecb3f6e81701ebc0c618b33492e0

SHA512
3d09a91784f5c83e0df4bd5e26d582f98980962fb662dab7eedd48c2628d4fc1b5b077eb0cc8e5d5315ac373767101e432c387dea11e773a0a626c1e8459a437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aef7861a4e068c86b7a6f9659bae3f8f

SHA1
de61c4e1a5ffce7c9c80ab36fd97300140660a60

SHA256
2cf530131009b75a1c8843c7ba4cb7e9c6153e426d2e729e5fc0ae0dbcfd5342

SHA512
f4cf11eef75ac4de9bdb1b7ab52e14eb060ee8b0eddaec1156b9361f6a3df5425314b1f82dd1bf297118a5afaca100816c103b1e21754b4d7909a15023a67d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f1db98e3b203ad981186acd42ae2e7d6

SHA1
600647899651fed7500224e7dc7fcd85938eb056

SHA256
95f4c7efdebe0404ceba2d9e7b2989586ce15c6fa086b25dd18a9e73de9a6110

SHA512
4216e4817fe0100e6c1f996b419648f687b8c4ee88ae48cb293e0bf1529024aa9d67e5cc0ac261f63952655cf2bab624391c3060c10a431b8b56f358df27fe39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
567b11b72c8626d8d903876472d7f91b

SHA1
459064f3b2bed9f8d037ed3eb11660d8e5aa438d

SHA256
79418c920cefa178385202700588948973ea5a294a3c30f1422c1da8ccf82aff

SHA512
8a8f0c94fa3ee857b2691ad93852018dd2572bcbc3c77a42b592a466474df3d537f7e37eea8c91253cdf3ee057304155fd115e0a9c146f19874020966a014660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b8b39843c9bb24027eb96b4f2e1dd34f

SHA1
959638ffbd1eb50ff23ef711431d0850ecc13489

SHA256
b248b0e239d1135f9e6b8941a5d6055f79b25e0a7ee54d78b3d72e58a798acc5

SHA512
61dd9274b34f96be6ffa056d24c415630e6375fb7e8a7a02e294d9de5ab03d8349637d7716842cf49606a539893a780f306bffa384c3af4781bf61749bbfb30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9f18c9ed392b1c5cec6af8af081a91e

SHA1
f1756f4f42ac423e7ed6bb8cad8513ae47da6401

SHA256
b988ef26f28a0c0866164bfea93d8c9399c19847c42e12b782563e34179b15b8

SHA512
b133155c9bfb289ed6fa0dc0d157725bd7c5947f72a17405182b6f4efa46f175c8163e33f47bfcac2203f79eac0c656ce7318554ed5f789d058d4aa13728458e

Download Submit