8afae33c3d0c1edfadf51dbe39214dedd715058112d237474a2520c4629ac1eb

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083649f1de703ee76d50172651264b2c_JaffaCakes118.html
Size

191KB
MD5

083649f1de703ee76d50172651264b2c
SHA1

63f12ba461b7792b1f2fa0c3769c9a75baf5be77
SHA256

8afae33c3d0c1edfadf51dbe39214dedd715058112d237474a2520c4629ac1eb
SHA512

614fb3bd345a27b5312c9219e3da342813cd8223f3887d8f23e5da27a4fef8dabb336791a51e0bbc2bf99647bb86591a67c320ecc87cf0e845e9ef879ddb10c1
SSDEEP

3072:QSAfJ2L/hhXq40PLtU3rfO6xAZn35Hy73Q/HQqXwtSJFzXOBo/Qqn/4trzhuvk48:QSAfJ2L/hhXroLtU7fO6xAR35Hy73Q/s

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
2736	msedge.exe
2736	msedge.exe
1648	identity_helper.exe
1648	identity_helper.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 4936	2736	msedge.exe	83
PID 2736 wrote to memory of 4936	2736	msedge.exe	83
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 4968	2736	msedge.exe	84
PID 2736 wrote to memory of 1452	2736	msedge.exe	85
PID 2736 wrote to memory of 1452	2736	msedge.exe	85
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86
PID 2736 wrote to memory of 2696	2736	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\083649f1de703ee76d50172651264b2c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90de746f8,0x7ff90de74708,0x7ff90de74718
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9728544602233189451,13170119927185311837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
f901bc82fbc20ea511d9e09853beed79

SHA1
f3a7c6865b1b76d9d48730ec3967e37db8529370

SHA256
bd7d362f71fd5406116f919e7b4f3e66d913bec3bf3ed62fa22503648e7e9b69

SHA512
ea2ced5a3e5260084940d3f709167ec62b557ef2fed4c3d40c6558b801201d71ecb0bd9a8269962e921735144c4893ce2817156a42c7f988796387708fa35b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
83cbb7b7bfc0b90b3933352dfaedc1eb

SHA1
34e559cc4b5f784827f3e2039ec168ce5f3bee22

SHA256
f57d9c7ad302a2035663a220c6c1554e1fee64cfda3abb7ef62aded9aa638e80

SHA512
82e9356df6c26ef2013f98939909bf16bf73394e599c00ac9a41903f759f4eb0e0bb76d1d9f126607697ec247058ad42d0540aecc28d54ab0f983320dda9dba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
667402f4ae5f45c14a3c6178580e898c

SHA1
647cf5d417e14c19eea66825048e9696c71fe6fb

SHA256
33b95e9006f7f12e4ca6010bec54c66e69fd3d7368355d3d0f7e0e6f81ec898a

SHA512
681837b6ee14226291c527129f03cc8e49dfe42d6fd956fb820566551ddb5aacf65f32a9099fb505de8403912bfc6510eaa5c852b5958aed1cdde3cc7ee77b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a8e476b0ac2fedad6803f513f50d826

SHA1
21cfbb52efff6f9c9745a1f884f12ec2955d17ae

SHA256
9179112dfb1bea3613f4aa16ac31d7280634b76e58ea4493a9dc2ea16f6157dc

SHA512
26f59858686f974f327b4aad756f4a6a50caee283250d93c43f190592f2f5e15b956b4906acd3c6a3f22aa60b757df960acae4eedd9fac6c3bd9f35d1f1386ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b8377cf85d8364528196a4fa2add01a

SHA1
025add01d41058e5229b3f27a56ac08829858b0e

SHA256
6aff11212a7f2ba1091900e8b0c60aeeb91acbc95bdf37f2e6052d471852941d

SHA512
45873706b0d8833bbb5c0d96a5e3c9eb66a39f28ee4df79473e555bb4977db92f19cc26793156ca3ffe345d94e5cdb38bc4270bb95cd4f04fba6d78ab981671f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
408323e265847efbcc5058cdd396bfce

SHA1
5adac2bb540a6ccd89d8aba86f9589508621e9f9

SHA256
4b32b34f4dde80a8a773215c230f0e45d5dba77475800c844723664de9d78bca

SHA512
f54e370ca3bf48a7b8d5fc589131906f250f32ce722254a2ebd3a7ba7afd4261522b33b17aa54dce9c959b84150a2e35618613981af66446479b17fac772cc3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5bc9cb497b97013bcd2c45938fb7e4ef

SHA1
7c0e7ae8544e8c381f5bfe5311370ccea20da877

SHA256
d9f319e93e660a892ad7c0d234a1cf5aca79dde530805f1472ef7157ccd22693

SHA512
97d2bfca2dba18c23d7abef3e2cfdace05bc253abc4d88c73bc304c5961f450680b75ba6553a88cc22b394c5900a07575920349d7e9935f177ee84220e7f4c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f4fb6ad8fa1c70bdd81153497df5beb

SHA1
7afa82ffc2215ada679ee766378c6d9f89a9ab7f

SHA256
ce73aedbb8d3400d2a18e1af8b66273c6d3646566592d5ec97f6c7a47a09e4b1

SHA512
0594dbe0bc1c97463daf75c549029d4fb201a9d7ef1bb04e870e4ddddb32d09fb8a4ce2760370db747b60d187f7c76a4b8c879c0084f29e4e4af84dd2eb185f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580356.TMP

Filesize
537B

MD5
37da1dfd9418f868ccc9dd2bc6ea8fcd

SHA1
3e37f27230e979aeffb0f83d08ae996ef228b847

SHA256
9a1c7fe321f3c32c91584a4993608234b2963d6247defa3e60eb872baede9ca3

SHA512
930687585f640503357be4c0167c942c77bded29e7dcf1ac8ade0bbab0afa1edfb6b3ae3300fe4ce735f116ea85320aec5ed1f616b94bf137841e07f2f6ea4d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b3fb26df568ff2fcdb39680e7ecfd18b

SHA1
644d99ec1f635ace58fdb53520c7aa0909001ba3

SHA256
82e8b98bc7b7c3b423419432fa16478eb5cb5606784a05f15facc1af8826af71

SHA512
06ac43a126c70edf24e4994ddf14de5ad95521b4d7bcb040e7f18bb4fc4ad8037531223076f9e5b048f8d275b43d306c6ae5c2bf960610ef3217cf9a8ff63164

Download Submit