67ed1c20a13a1351aa41cb5c876b3ea68d987c98ffc8bebd271c3c06f3f5a980

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb40d0672d0789200e75448a529d58ec_JaffaCakes118.html
Size

86KB
MD5

fb40d0672d0789200e75448a529d58ec
SHA1

70a6012bed56ef1522c79f7ffce2b73ed8bb062e
SHA256

67ed1c20a13a1351aa41cb5c876b3ea68d987c98ffc8bebd271c3c06f3f5a980
SHA512

118936bf9e1b8d4c6321718d0389e917a6c1d634a67ef93dc9fe88400ee88ce9510e283238ee6d0db33ddf10fa0483907736dcc72452a9a54833e95e08b3a596
SSDEEP

1536:gc/xvr31JR/8Q7DIIUi74tI4SMi74n4rtpbZ4n+HVM4c14VDJ1f/BjNqd//CEQm9:j31n/8QfIec149/CyXgChH6VRGi5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4192	msedge.exe
4192	msedge.exe
4600	identity_helper.exe
4600	identity_helper.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 1124	4192	msedge.exe	82
PID 4192 wrote to memory of 1124	4192	msedge.exe	82
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4768	4192	msedge.exe	83
PID 4192 wrote to memory of 4108	4192	msedge.exe	84
PID 4192 wrote to memory of 4108	4192	msedge.exe	84
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85
PID 4192 wrote to memory of 4348	4192	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb40d0672d0789200e75448a529d58ec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeadb946f8,0x7ffeadb94708,0x7ffeadb94718
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10840560723154780496,2284301263283452830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e75eca4-97e5-44e2-a036-4049d227a6a6.tmp

Filesize
538B

MD5
63cb2fe6622074b94edf64cea8c2f8ab

SHA1
f7b1f840b9b3cffad84e04f42dd15c15cf1960e6

SHA256
6f1422933660df6dccb281c727ae15d3d2d827ca3a329fc38025b2fa7999f448

SHA512
669fd40389061b5d14dca97e75e929fb8ec97c41c636dd29e43a9fef11b4337b32c136863f22b1842841618bd97d2569dbd2f0688402d0adbadab7e9e37e0dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
09b2a9de743d373d0d9d2fbe35786af0

SHA1
42be6d8fdc3bad44acc22d6cb65639ae9efa6990

SHA256
119eef955c195cdecba2dcb2a463aaec2f6adee0df2a1e1616a885d939177e99

SHA512
0fe3085cdcb79a834c8dc78da520d1f8ec8df3acb6c3b534350ade3d7c355d9d11f6b814c82313efd709a0a56327035e79d85694f2c145d4b15a9c82706440b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
07a84238d9251161c5150928538b2060

SHA1
2e0e7f9515d037f376e244a64bdbcd16aade70a0

SHA256
ea1a3212a354cb6a53628572d7368827715e642a2652d7e01bc348646ef33c42

SHA512
f80c0a8b641875d089e465f4ef7b247899860519b787a816a7ffcb4e234fdb5150afbe7afc6dd7e7a9fea4fac7c541d4ca29459d3646af1116708e7c7ae28649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
32a75aaff4f371a59c31f5015ce45d79

SHA1
31652fd97d182f3d5af67148788703d8cc8f8a05

SHA256
8fe18409410101e9c25fdc3c52e3c99500f56c091c8892e87c376f56a9e6b7c8

SHA512
c2f1c613c88aa4985764ba00c806f1cd19de4eb3dcc1b4c3babcc6a3554ae4b31443ab92271ca8c093004fd49e21ff470a38454fca42eb2df782afde2f5c25de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b223622f8960ce373c9b0b9e3d3e2ff6

SHA1
ca5fbf5735d1b3e39156d0f3404c40025aaa9c37

SHA256
bea5083e7541bde475c3ad3dd7d9265f4b619140fb3c2b85477c340689312362

SHA512
3500ee60508a02933059082359626480eaea95347eb89ec616ce54d96d910d3fc3855db77a8330532556c9720988c75ebd43e693493d31de04ac70ea27acd313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c7e61010fccd85e5adacbf4ea146f342

SHA1
21989d953893b944a828a08e973e847e4d4f9547

SHA256
1efe820008ca41d779daed4a22d80e4aeefb4521e166365f150103271237761b

SHA512
4343791b70bfbf290cae1d1d0d29883a016319d1eb488234887e361c1407cdf057369efb806c5906dc127de312d0c5f60ba16098c119482ff9cedd30f6c4fa47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bb9828692aa0382fc2d3c829f012fa2

SHA1
9f373a75c389751ac32842c5834d7c250bb0f34b

SHA256
2c8580b9ba3559a8d0a5f307622f38978ad8a85fc4894d0532574e26e100da29

SHA512
80248086aa6ccf96470adbdaa1c408e981aa90865689ffb925f263fe4e12653f22f8bb6a91725636152266af3a7af5cf802d7dc62c53eacb9270031a531c1a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3920129a380beadcaf42fea7383ec19d

SHA1
7e4f4ccb18335a67003105f62b38b18d52776dc5

SHA256
006a1710e277088bcde35ce1009a0c80db83d137a5478dd1c0508604cf67d476

SHA512
f7b080e2a5d2e278728373ec36d0ab5f0718bfc0054d37189ca69078125fc3a2d944b3a2205278ebea54bf885ee170e4d5eaa19ab9252471ca0e11f7fcf26638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83f1bfdd2e4cfc5b628a7f64626b5762

SHA1
90ea20c58169435314c9b46d205665aab1406683

SHA256
ea135aeede145256cbdc848dd67251aeecf53bab1263597d605cb6b3b7590c6d

SHA512
c984f79dc71a509239040cf3e50db0ea010306d5182b622c3cd631fe2c7c208534fbae5c97d16926bd065a63a5d61caa9f142ff1cb05bd890849fb2f473a0ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd89299aa7dc18653de5c3061ca58eb2

SHA1
2a48d1cffc5f8b18ff6642b6657a23093ee11913

SHA256
6d697ef4506f3841b8688e671e26d09d743be1bed026362c135427f7bc3b3ec3

SHA512
d715ba4662d5ff1ecd1623e9a519502a076a5b054a5ebbecd4acb08925bba397b110ac50c3c8e44acbdbf42356e109af2061afa640f8082c1f6498b6fac8fc6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587cad.TMP

Filesize
370B

MD5
59fad053c9d845deae1362badf5c5278

SHA1
7551aed2f6a6ed6fcb33e7a1f5e8b96b0463d7f4

SHA256
598fa6dbfa38125f3838c4a50e4b0d5f501b66fdf66892128c86ce451a288826

SHA512
21b9f1b7d03743af8eeee486b7f2706773bb9efa7d4b745f4f9ff2506c8c604cd705705f11c3023aa224e4c1e96c34ed7c3f6a441771e34642d4e276a94f4087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9dbd6f2688975f977afd668e80383a07

SHA1
948d432c7b87baf2f0b5ad5ee36fefcc09b6cf45

SHA256
b1f4641a696f57c16d3a548111024595f1fa571e926b9098cce955357d932ba7

SHA512
914b04a2040f955e26381a60f01f3890b665596f45b0e973bc9ed18660dfa70c9550e1667867775fd6173e1e0b85d1b478c86ed3872f00aca0131151d3d6f9e6

Download Submit