9db1942bb31b16cc8877e52b8c9f0720d50f2b4d2c2e0a949c6d83881fbf22de

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d68f5597234ffeef635c30b2ac3d9189_JaffaCakes118.html
Size

22KB
MD5

d68f5597234ffeef635c30b2ac3d9189
SHA1

9fb7b938536e61f0707ad11f15af9d7771c47bf6
SHA256

9db1942bb31b16cc8877e52b8c9f0720d50f2b4d2c2e0a949c6d83881fbf22de
SHA512

d293abe191fc5d0c9e296688f56f5efac5bb8552df223aa271f304bdcdfbd243dd4fa7b8ea183107984252f6744f18ea5117e820d207cf04a949646a1212a83c
SSDEEP

384:vbB0or8mb9194kQNQRHCeCUlRU84z9JL6LdbjVyB:vV0oxaQRHCeCUlRUZbL6L10B

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
3324	msedge.exe
3324	msedge.exe
1476	identity_helper.exe
1476	identity_helper.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4312	3324	msedge.exe	83
PID 3324 wrote to memory of 4312	3324	msedge.exe	83
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 5000	3324	msedge.exe	84
PID 3324 wrote to memory of 4548	3324	msedge.exe	85
PID 3324 wrote to memory of 4548	3324	msedge.exe	85
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86
PID 3324 wrote to memory of 3540	3324	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d68f5597234ffeef635c30b2ac3d9189_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18419606469835736730,8484475902635106546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
20KB

MD5
715c79e5f50f4530260c4456cd414d72

SHA1
b8f156341cdef9b668d4a820b06fbb1e4eb48584

SHA256
d1918937db9a519cacc80b9ee812eaeebffee72782dcf7a189022909046164f2

SHA512
8fee1f9df28e7ec04a63bc85f5e7988fc1de0c94b905c58277ef00bfaf645e3f7359d9405bd726e420cebe898b687335e6d36e17a5c740aa774e9e3d249dfef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
213af7ac1aa72e2c0c316743695b7cd0

SHA1
c93bf2de82958073a23b3a495356118ef718cecf

SHA256
f5680671f5dc330f962eb3de4164654e2c17284ac3a109f687ddabf104e25ce4

SHA512
d0e11f42a046682805d18a0a133df1c8c4272b94117de503dd4992c34f93e516b7decbf77496f45768aeb1a95f1493f74f5ff732e9b42efa6bff1b47e9b0c1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
97KB

MD5
a5943aa35de66dd30b0c48c25ca6d839

SHA1
bbad68a74ae67e1059b1179405b84a84c1972d53

SHA256
52052a78f69c6f800f32e32e8065e1508b0355d2eea9f13efd75dc38ed25986f

SHA512
cbcb60586eee6dee0fd980f79ab329ae28fefb3aee11c438ca1571f92b840a836287e703395b6f70fc47526a58460d613f8139c17d7fbada6a7904e19eb97b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
b52a6714d8f826dfb95bbce8b6133118

SHA1
d379be1fa86367a570d4ca16aee342561ad25d67

SHA256
5f35a91b6bfb1dab5043b904531f8705d7c116273b178995688a4492c20fc295

SHA512
79eff5d17020beecbd294d777001d9612bd9923868406a6f5d45c93ce5930de059ab4c86b0fb7a884d123c91512bb385eab7b70a3bcf857a4ecbc6c5e7261d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
d1a4a9d5260a03b0ed9a48d77f10f3fa

SHA1
e2325d4c4e759b9fc3bb453c5ed775151bdbc059

SHA256
69714a9a171fe5cde0e4b30bb8cfdf428bc61c1da869ff113c6b7d6432271147

SHA512
012032fd0e9338e33112b032196fca3efb0216a9f09c7d109091a112fe99a74d9ea02b2dd7aa9b19ebb77e227c6eb739e254adfffa2d09eccd8c621459e6bde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\327e5e399d3749ca_0

Filesize
233B

MD5
e3b4ba3c946648be4607fcfce48368f8

SHA1
334b8809d3a93ca6ec7f2e5856cabbea628faf23

SHA256
89703b8e0076c8e49e3e67c6cd74b01ab65b10ea296a844236f95063229f12b2

SHA512
b91cb1323565ca36121b0968ad7f15f8504fc9c5f8d3211bb1effa7f539dd2dbdc933f0b01fe35f619cf7e1d3a4b98cf6b16309965b84304ded0e662144e231e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1fe6c349bc21d02ce36e665cd85abccd

SHA1
f60e6a3038ef657a266fee1f1430505aac7a9646

SHA256
348413fc0b8a6f75591d3a33fea9c5b668c7aef799d225160656dff10ff7432b

SHA512
28a426ffbf784c71346989d630f7793553750dfcaf0548cdb5a76fcb1c8e1752215c75496783c51c7f36a69ddfa0ce52c45b7c5239a9ac75a1bb7f18ae149493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f939c655e166b95e3d70146316100a55

SHA1
4c434a623b840f8d2430eaed99006159ab1cc860

SHA256
882ea0c0e5f293603e49724e7a9df0cc29891c25a228e900dd0c5faad42616af

SHA512
3877b5e5ae0d64c5732a7cbfbc63d06b3efd62bba97f38968a71a2e1b3e839238eb870263b630e74713cb5155e248533860dfd436bc03e487158c52e9d2657df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dfd9060e3076f1624c4d45f70cdaee54

SHA1
0694350e164e9f39b88211e51ffb72bff70dda6a

SHA256
227fe0b0a6d1aacec688ddf930aa72decf700a7bda5a0619ebac1fa2cef78dc5

SHA512
c32e0c3c54d3ae83c82fbd2d2a77b18652cc13a3dd8d719d3527f738b853fe6d3cc4f4216bfbe06edb0282335838744be1bf804404a987d599dc4583f015728a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
57ad4b1c3ce86eb78925e87cf381b104

SHA1
535519602af9fabd72361acbfa1652e0d2016fa0

SHA256
6b3484d61411293933f8009f4bfbdfa5f34c64c22e32d7896ab4a586f0de626b

SHA512
48cfcaf2b8fb58fb57b1dd6b735a03cd6abebefc2240f6e9b77895f3dcd1dedf1aac022f47e48f0dbd240e48c8931865fae45a4b6cb3b2e37a098d865ab62f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c29df68520ca1e2724d3c1faaf6900cf

SHA1
2cbe0ceaca0bf3247e118d4a27f4fcf0e4f38aad

SHA256
0794c63e0bc846fb3909d4c5f7ba273c1ece64ec68411a59bfad9c0bb8e71e0c

SHA512
d896bf74677fd3f34084fb63b4759c366557d0488bf3981dee82d3595099f9921bffe50cfcac162317bdae23d1cb72b85e42fe787756ce5b9b80df96731c0714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c2cda754be1f8519ef80de661bdaa96

SHA1
77d6c18f712efa6e53ab812b1d839c0fd5b2fa9d

SHA256
1587ad33b3fea3487c2d9ba5c9a82362c5f0353206020a4416d7ea2ae3de7fd5

SHA512
cbc3e163fbe1712e4da5b7a5ad858a160398f2607d184ac1f47668c785798ca3ada0a10e44be95855b0028e839b0c72445614ad6c9317677456f4a3db3347dc1

Download Submit