d9805f630459b078d2964e0bf2c5a29934a970e25401dd9752ef4df392b137bc

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 23:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c1d1a3c884a85515283ed91b90aa7227_JaffaCakes118.html
Size

175KB
MD5

c1d1a3c884a85515283ed91b90aa7227
SHA1

1548a3fa3a3d17e40dd7bcafb02338b6c33bc847
SHA256

d9805f630459b078d2964e0bf2c5a29934a970e25401dd9752ef4df392b137bc
SHA512

73dc26bbdb88b644342ace8a8e73858fd2ac7095dcbe3ed67dcca81fdd5c7246b5e0e20eb6ff959203fbeba3c39a43a3fe64696b2105101344d37377c1d65bd7
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3aGNkFaYfBCJiso+aeTH+WK/Lf1/hmnVSV:SOoT3a/FbBCJiam

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4372	msedge.exe
4372	msedge.exe
3776	identity_helper.exe
3776	identity_helper.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3424	4372	msedge.exe	84
PID 4372 wrote to memory of 3424	4372	msedge.exe	84
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 1420	4372	msedge.exe	85
PID 4372 wrote to memory of 4792	4372	msedge.exe	86
PID 4372 wrote to memory of 4792	4372	msedge.exe	86
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87
PID 4372 wrote to memory of 4152	4372	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1d1a3c884a85515283ed91b90aa7227_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdffd46f8,0x7ffbdffd4708,0x7ffbdffd4718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3517837630930633638,5840425624907075659,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
47KB

MD5
6646660a402426d233a31df12057c97e

SHA1
3587ca32ecd9965dd3ba3bc52b3d7436f2d99c1d

SHA256
e76ada0aa2a19d88d5c47d89e81ac6b8b116f91a30bbb5c5fc334e8a90684dfb

SHA512
da8988bda6dbcc148caafeb8a801b4923b4daffe4d114dd462b5f29898956bbd2bb2f6249e569b94028edca70a79096eddad5385535bf9f5e1819fc2b821fe4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
fb6e6131c19c9bb8deeca1ffe5c5674b

SHA1
0daea417987257b8d807e92b9b61a567e5a2f4e3

SHA256
1a9381ed1c1663de3b13d144eb8f06b680836b376dba821550de688cf041c8ee

SHA512
3621d963eeb2f33952041e64f3679d779b8c05bac00238d104bc66f2d5a12033346c037a0af8962f050e9e00ac3460d171c883e8251d3598cbec973b448fdce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
97KB

MD5
a765426b87c443b61b2d36eba26bdd0f

SHA1
9440165d41b2449bbe48fdfa2219e18ea24dde70

SHA256
1b1db5aa359c45a233bb500e491a8f2fc76af9073eec666872648aa7012ade66

SHA512
f10f99e3e9bbd2c054503e993f47f504e783a6adafec6b530c43aa976de7c68ff30ea79a7a78a7b9c208542f5f0e7e5daf479b4013861da7d7ed7014175aad03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a3951bb79424b6c3eb14ecb53103d8af

SHA1
2ad2dc08629b6b213d8b287f26a9504240d7dac3

SHA256
42158822e96206fd2e80832e9449d3a2c08ede0eb35c257eb37da2d5aaf66303

SHA512
0d47a9951f1d39e826a95c6660b1a25372c80351ec145cd188822998cfb6e5978f1a71f07cebbddc711a5259000743bbfa0c1464a19229b837c6e8a817adbf7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
79625ca20823591729f6daf953125355

SHA1
a9133c7d26b8bfc57fc25f0a0429fe8f7a63df96

SHA256
2c9c4e58b838e442d08e4028aafe0c5b060774878fe2dccbfce9e85c92776e69

SHA512
3f84a01519f0469759b1036d5ae08b6de494f3f495dd6a94c030e9fa61b896572bdbe722f58e3bd6bc3e0820276a01d3a56c4da16d549dae55a93c3ea5c45036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8e3cdd7ca0b9c651ca033aa402c41cb1

SHA1
131964b9ef0c6272076f9e6bfb83857715211869

SHA256
089939c285cd1880a959049389fe3d675edd1e0eb260158020b94b2f2a21b523

SHA512
762238bf81dde9bc36d8a4b8a9bc6bac9d59862fe6f39dc37994c53774c0da10c98104dd00c9597d5b0032a590c261402704c7b2a3f8d315d05d82ad1d44db1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e7bad6acc4b3dca6b17c0ae82d752ed

SHA1
e2cb9f7a18989225007efaacc0ebe741a311e5e3

SHA256
8120ea5217847f6a0d1caf306c0cbd8cb67f3caa86cd9325e95855d8a21d64ff

SHA512
9e5222f2b743a16b1c6801c9bedf206a7f0ac7ea0abb9d15af6dae22ec142d95d12287ab43578a19bafb565ef2cc62d939a9c594d870d9016333789892be5372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe95b3ce3d5c7e5a9720ea849a34fd58

SHA1
3838b7716377f477b7a217bf83508f99db4f8f5d

SHA256
00cb1573d858cfd3c3532386b50b18cfb3664dfae607bde9fe9899998ea3a261

SHA512
8a79bbea65eaaa1ddedeefaa4c4c7079627a7d634e719ab223e713ec9773cabf6fc66685b752ebf0accaf23f26fd205798313cb67cb4cc196e7ab951afa535ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3438f5c4ee0f019a681f94d686909c23

SHA1
24db7b9e5b8e8be9c17724e209cbec29b8955671

SHA256
37d8fa1c9f5c49e6858b422ab509dcbc356511214443ebd8d2c61e4046736339

SHA512
9b2967a772192ae95870faaa74bb515f2e6c1b0cd9faee54d3afb2419d97b9bc29bdaa6e5cf99645d86717a2ac9d64287d8e8fc7112b75af1a0c64ce317620f1

Download Submit