175aa1deeeb2ef9a74243440b17f5593998be5c238daa9997ba2ad62dee37e08

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e160314582b019cda1d520bd9f8c20ff_JaffaCakes118.html
Size

161KB
MD5

e160314582b019cda1d520bd9f8c20ff
SHA1

9def8e3f8a446b3fa659dc4698242288b9732aa2
SHA256

175aa1deeeb2ef9a74243440b17f5593998be5c238daa9997ba2ad62dee37e08
SHA512

ae27ec4cbf39dba6dce5eeaf383a8a3330523b8c1197244710e64909288914d7f6febcedc7113d6fd7a906acd24e8a095aa4c688d09a9b4d6f99b68c9d0827c3
SSDEEP

3072:lqfCVfU5Khe35iha/ykDaKo7Sru+qrz22uNyVqRlh7b5PtW4:ICVfU5Kh0iha/yiFS+cVqn

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
4772	msedge.exe
4772	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 3952	4772	msedge.exe	83
PID 4772 wrote to memory of 3952	4772	msedge.exe	83
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 4612	4772	msedge.exe	84
PID 4772 wrote to memory of 1960	4772	msedge.exe	85
PID 4772 wrote to memory of 1960	4772	msedge.exe	85
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86
PID 4772 wrote to memory of 4520	4772	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e160314582b019cda1d520bd9f8c20ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeed946f8,0x7fffeed94708,0x7fffeed94718
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10300500856834759971,4008943665145776284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d4 0x318
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
816B

MD5
214e4a07f81c80a50d2520b6e6cac70f

SHA1
678e6b425a85970e6fe56b74f8659b4a26263034

SHA256
cab6bb23459adf581ca18d730641cdae14cedc619ee11c1f15d81189452b86ed

SHA512
e87ad684095424e3286b9e22bca7d508c68c1653c29fac87fec4a4fea17416e7e9e2639ecf48beed7d79f7445e4c9ecccbe3f700079762e375ca88d7270b42b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
2acd2423cb2a91ea4ce81b0cf6348e3c

SHA1
365ff18bc87c2a8ff1c008bb041e5fa2654c892f

SHA256
eeb2a88f1adacd093b2629a60268f046670ee615f69da2804b31db1773a11380

SHA512
bf96a5dc78626496ac9800249cb136d20ddb13a1b5def595be4970bbdc2b49caf949b5f4edd475436f35d18528da1cb432865e7f0ca23c695c888f1fbfbbcfbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7e7ec5c2bd0e288d44a35b9032d5e53

SHA1
28a89473392aabbd1b58fbc30c3d237b6c19e838

SHA256
44e1c1596e3f10c7b9dae5520bd6fa70fe8bc48fd0918224f7a790ccb9bd3a00

SHA512
ce4fa01d37d8b3b518fb6b1b4e7dd56bcb2cb551f6d251fcd87ab43921aab4d4db4d76de8c8cad91d26347d63e5f708c9ffa588aebe9b4e45e0041b3f5afd555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4cb7667d0ef888a03c2582a7067eb000

SHA1
ed9af52c557f83ade97e0c02bc7b9c351fae7bf8

SHA256
085dd4f5d3e426b89aa8992241dbe91fee8f301e67da8f17248e2f3926a12796

SHA512
469bbef80cfb88e8b9d6e24f924349b1c1f1a3552d28052fe2733b4efd8b377537c5a3b34dcb4dea4c9748a509682b98f75c5926520e99c43e962e2ebd99bc90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f6548d5b122cae735ce49d7de19bb26

SHA1
bb86b128b9141d60c5d31da5b750bebe936785e6

SHA256
cbbf18a44476cbb726a94155f97071d0574b4646170c0de4440a65dd61736290

SHA512
c7589ad458ad62f45fa53d46735f5304538a604834887af3df0bad685af3911ceea7e3bcbfc89ddcf2f9c51089f2964167835c672e6b423905c01a4c1b3674ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e59cd736519682a3c42ab24c0758684

SHA1
dcd899fada6a49d7479eec7f76b771fd586d30f5

SHA256
2996ced2edd9f818233a5ee1a5e3059e75eaf7a149297456636aca5b802b2bf7

SHA512
bd0062eb3a726245b561f72620c421a84c84ed6e029339e58d718dec496051299df80dc503cce1a42704f9a0c33d6c22a348d58879f48e21de236da35567d122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56ed1bf45a095709c975bdd9e0dd81ff

SHA1
d44965af055229be08420e0250f08d34bf31d65c

SHA256
5a65ce3876422789dc9e1b272e681ef10670b7cd267ddda72b2d0a0fbb1a8c67

SHA512
785edf16760a6cc1d7b47d7cbb40cba55ae2ac3999a06742ceb7dded8beaf0b8a2a347b0f26003a15745b61b086a60c200f566ecdac9d1f80393f503cf2f3e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
20c294a6ee45676defc90b6731d31c9f

SHA1
90d42cc23f3d64e3346d7c3525b3e7a60990bc7e

SHA256
ab253108df396f03aa7e129a6532aadae86c8e81f826c0d35dd3e2a4c7a88414

SHA512
e07c33f3fec242839189f406c19d8481d5727263a88c93f2cf6c8d92523439a05ddabef12b0351433e3642177501b4ffa454f163185b70d3e59574478ec4b494

Download Submit