f075e248187991d22844d37a0f53d4529bf26ca9cdb48cc9eb6c8f79b6989ca9

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

105104c62831b074d9fc1232e89585d5_JaffaCakes118.html
Size

73KB
MD5

105104c62831b074d9fc1232e89585d5
SHA1

d517077cf9d4679a449b9429dde63b8aca855aa0
SHA256

f075e248187991d22844d37a0f53d4529bf26ca9cdb48cc9eb6c8f79b6989ca9
SHA512

a68778a241497fd98e8187e656f6ed5887acbcc0c60c226205ab4f99c3f4ebb6e30cc207036a68751c4b43c835617996b0e6666ba37d03399712b495c7f380b5
SSDEEP

1536:CRUAnpX+pY2MbETJ6rHfgaToXdw7KOcarTw0nn7WtEVX:60Y2MYJ6rHfgaToXdYKOrb7WtwX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
5088	msedge.exe
5088	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 1464	5088	msedge.exe	82
PID 5088 wrote to memory of 1464	5088	msedge.exe	82
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 2888	5088	msedge.exe	83
PID 5088 wrote to memory of 3904	5088	msedge.exe	84
PID 5088 wrote to memory of 3904	5088	msedge.exe	84
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85
PID 5088 wrote to memory of 4788	5088	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\105104c62831b074d9fc1232e89585d5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff227e46f8,0x7fff227e4708,0x7fff227e4718
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13224068356409924147,16040262611811658191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d66dafc-f922-4657-b84a-990900d13dc9.tmp

Filesize
5KB

MD5
96a3fc1e89ab16c5733e099c8e900f16

SHA1
16eb1d0bb2367970301d2dd893c046019b5cbb9b

SHA256
dd949f5bc95b3b9ec66a1df86220b94cb67cb62279018c90e50cc6935212c595

SHA512
4836ddeb36cdc11d7315ab4aae1283c9aeace770a9cd0198fc9000cf5f36560d56f210e27baf1ad5748d25169a8d80a6d38f60f69e0dcb4c78dd663595e08d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
77KB

MD5
655df796e061ea829821f460623f6ec9

SHA1
6e40ee0e6e1ef08892eb528549249717890e15ec

SHA256
e52681a2d8ec55d4e9db2875e5c03b13e5fdccb31087cb15ffb677a7f452e557

SHA512
390c2f674064d1d08bc62f47d8b6013baa67fe6fda00169ab0c704458939b38d985315b9c87bfb4b0a8105be7c94dd85d88af41e61ff11de7933576f140885ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
794B

MD5
16a063a5efbea0b8a6f9e8f2074ecfe7

SHA1
c9d04e4eb4127c025d0d33fe966815e10c29d1b8

SHA256
aa5bde9ed824880c74edf52ce56c0e735de7e150d7747aefd4ed6c857535558c

SHA512
fb8af3f9310348abdd681be79bc83433e0e3870ba738aa091fd6dc0eb789c674cc0d292d58e497b2444b8cc3f5e879e9d66b02e50f49c18d99e0e17adf4b897f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
763B

MD5
2d7739c0aea83d02cf584be156676c16

SHA1
d108f0342539f1af0f5beac68662e9c79f703c58

SHA256
40e869a6154fc47321b3f32187ee6ef66238167996c11450c0b99107e099f20a

SHA512
93583106d7a2f7ac826c3599568608c35bc1ec1634e8a8cd48c5279bbd53b9cbfaf8d0aff6d2efe4c85d8cb601d3f339546e7d1c3e268bf0a3487fd07a9f627f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9604c2fd93fbb597bfd427e696edf831

SHA1
b6793f4c9f847b948622551ebac1837e8ba46ad9

SHA256
4a109ac66d0d3b0b30afa36e65440baaae8e91d97cc63c12332e03faf3c119eb

SHA512
724aa7f07f9a17e59ed57fc6d1896e9951b30abb92986d48eed3b7c78c99878bbec2094dca5ab73648db7858483720f20739bdc957196d1ae0540ccc8f798435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23abf0d0402eca59f143a453307e3f49

SHA1
2e2f92c1fb609b1a3a3a0ed0e073228f456c12c1

SHA256
6492170d671aa2b13ef62ffa8981ad966ace1711dfc8421d5a8e4d400269ec7c

SHA512
75a725257a1eb3d337d5acd3fa715115a1ec0543f6021550463f9ba127f85d1b40296cf0595879b5c9b5472542a0b65f64a4ca6628b05c7c3119dae43c6b80b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fe122bc578d5f661fccc2eebf85e3a0

SHA1
65cbc82040425c4bee51823b27bc25cc4fcf21fa

SHA256
9d63bef86563c40e67c26ef57bb9eef97e2bb2a3ea5221d1f74071928b47c9d5

SHA512
e03bcfdb277257d845885ed45e226acaa8296251ff93a09fb12df936af9fb669ddcabcd8ccfaa510d823a25308d47c146c44ce76ba5da9f2dc41416992866e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c793edeb3bcbd3ded9932a2198510bdc

SHA1
5dd1dcd7bf096633fca12f9e51b125d008672366

SHA256
cd3de00236de53d61bb6d11394fae0076c37172c0c921bcdfb4ace8a89212fbd

SHA512
67aa5fbca30595a46c434262da143f4d8ec8c0b5fcd7113af75a68d9da6349d15ade9558826ee2cd39829786096ec069106727ed5f0266fdb53719e5aae94fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bfb5051701cc1b1a933cab9471e9500a

SHA1
fdf3e5588ff65b72f4d3d8d95736e84833458d23

SHA256
7ed663669a2f086d80de4d1a9ee548a888e0b130062f6ded15e1202198ee44fd

SHA512
e90762fdf33500133c6058b61768688586ec0c6c75d8d5b6dbef8fb2571b5f4cd8138f9c03595e664a5176b6e443c18b282c9dec0ace1f113c80baeb3da234c3

Download Submit