97d7f9404fda80eae4993f3d61aa9ee12cf75613521a7caa56c0930103d0f95f

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf768abf08475bf5beb5c661f181a6f6_JaffaCakes118.html
Size

133KB
MD5

cf768abf08475bf5beb5c661f181a6f6
SHA1

a97368ebe69c2289d141a789c53f24e89b8785c4
SHA256

97d7f9404fda80eae4993f3d61aa9ee12cf75613521a7caa56c0930103d0f95f
SHA512

3e0d08b4818076223b9c892ea4ee1f862f8db2cd536ec6f8c2f7826698c3ba792512f96f771078ac03628a2b4c7fb795dd2cbbed2cc38fa8256e5b72e3378286
SSDEEP

3072:cPipoSL+QK7aoPu874Oqh3CpmFEesMwdhYtCu:dyCh3F

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
3076	msedge.exe
3076	msedge.exe
4284	identity_helper.exe
4284	identity_helper.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 1496	3076	msedge.exe	84
PID 3076 wrote to memory of 1496	3076	msedge.exe	84
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 1204	3076	msedge.exe	85
PID 3076 wrote to memory of 4024	3076	msedge.exe	86
PID 3076 wrote to memory of 4024	3076	msedge.exe	86
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87
PID 3076 wrote to memory of 1880	3076	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf768abf08475bf5beb5c661f181a6f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae52946f8,0x7ffae5294708,0x7ffae5294718
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1588 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5739886560160118556,5959611108378236929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
faee6061040637d5e4d81f32cbe97669

SHA1
35030621e0ad83fcc6fcba0b8bf8277be3647f75

SHA256
7b6d2c041d722c0bc04bb4e6d767c287c0ae8db419ad6f29da424b77a5744e64

SHA512
c9695fc6b1dffd7cd7699180f124522b0e7f8bc02f1fe0a25e3815fdbd7aff8b8882cb8f856d3eefdb0ab707b805ffbf061eeed1ec5a7442d04b71a64d8f9017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
28ba1b29bcbf5ca774c051d308c50b28

SHA1
6fe9c049a4dfc4081a6e946c74345ef4df615a59

SHA256
36ab721d7ddfa8180bb8b97b6173161cae4084b56471093936fc3699bf404fe6

SHA512
8f9e414766f2f63aa45e5dd6c35b80b7fa2450775a2835420f46a16e2bdff3d4684538e83a088fd2690fc40cf00cca6592dadf60a18e02c400e6e9d8161b2af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d06d9b4a41d583e9322ed5fdf0507011

SHA1
677fd5fc69189b3c8264c62a801f89facaafea92

SHA256
2df25ef360cb480671c12014c60e192a7c4289af0b749aacea04aaff9ecfed72

SHA512
919dc20d218f5ef9a6c6ca75b903e73d585edb6305febfc5ace64c4458855d023360098209e9d1003bb206fdb28482a26764a8bc196ec581871db9604352d7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
56c679551537d1e57e9947973c7d773d

SHA1
5edc3f9f2a3dd82a96e61eb307378aa62175826c

SHA256
b45d5aab551b88b3fc45186ebd27e12dac4654e64445d1e3e5c709d966db8d79

SHA512
d3d2c9e2be3b3bfb1f06cd3d86d98746665558cd37a7e99e3bd23fd9467792b197cadd3d25a4e5f7f9dd0b0f7f53cca75ab0c81e4f424af54b65d247da2512e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9415b93f6d694a8a2d9da2db99c2ae59

SHA1
46abbd80c52b9255ac30af19ef20aaf8e94d6cd2

SHA256
730fafaa26a8d34a6fc5027d2ed715b2cc6efa40b515982f9429f1b5108e6770

SHA512
452e7ebc0010810416dc7b8142d2b577ec81a204ff0e006315c0e9dd8774a088f87171613bc8ee66cd9d261930d2d02aff8d71f3d96fb159ed321eb360cd2931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
993a2aa6d18686bfde864a4211a3d411

SHA1
0179b5509553e5d4c4aaa3b03eec93edd8a88a5c

SHA256
295d0d4de4f9143aeb658a10f2c2edc9d3c8080fe830a1b5a4d65ab500c81455

SHA512
c1feb35d0df8e4e81a7426795a441b5068ad9af0b1390bbc44c7d753085d7fc3ebfd4bcdaa53a142ad5da14600280671afb8b4af5d97c3acccf72d3db72c68e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d762d59b855925c721375d1ad94b0c1

SHA1
18f523a1b65d9431973bdfca8a205e3ac576ce76

SHA256
8dd044a024515910e2c7c46ea903135b6627e17e985e029238c6de89bdf8fca1

SHA512
c06ee82929669bfd5e154f0a7d551eba4e68de3d72f506b6afa52b142a73f5eaff06f96e4b280051fd8af19fa04731109f94ea240483ef191b15cce6e0c91bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2eda7a27c00d3bba19a42decfa9b3cfd

SHA1
e98a2de5b95cddedc80d65657fe00da3a11b0e8f

SHA256
74706c6804b38c3f123bb5506c3cf3e05d12b6a1be10b9114319c6329b955e0d

SHA512
65c3ac36cd70081a992d536e9636821b326ea65dc86a88164a7a96916c35b95043a3d80ca581a63f6f27f0a09ac9835c8f8e25aa7eb1281a69ab47a08775627b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bca63d31d35c0398c233f13657933a83

SHA1
bc267bc541c8e2f1d55246acc931691ca87ea9d6

SHA256
4685ffb90a7d54419acb3afb1cf5d80debb71f8cb8857651c0db785b899593da

SHA512
42d182c7c5ec3ede64b029fdc3322f1f69e51d9a6ce03ea795672f73ebf602a47959965c2ac303c514d0cf30b00a56d4b7fc81be7eca5017355bcf5d821197e7

Download Submit