bd5f9a998e6426e0ab9b510938838a33b8edba7b711eb7bbc66b3e540f9527a8

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

204f274dee8a6a201b8b52c3c5fa2b61_JaffaCakes118.html
Size

664KB
MD5

204f274dee8a6a201b8b52c3c5fa2b61
SHA1

35a882b4f3bb9cc9702656ba1794fcf30b7928a0
SHA256

bd5f9a998e6426e0ab9b510938838a33b8edba7b711eb7bbc66b3e540f9527a8
SHA512

4c511e90c728b86d997134c8e6de1f5fee9f1e33c3e7105072167dcece57b5bb69d44a7162b47fab89e7cc471c03430b6c130e67d03a8c7b64033b83c706ac25
SSDEEP

6144:ZnaTd+Wh51vd6PonllCVGXgzpfKuAvpH0Jo8/rOd:Za5+BKpH0JW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3096	msedge.exe
3096	msedge.exe
1120	identity_helper.exe
1120	identity_helper.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 2128	3096	msedge.exe	83
PID 3096 wrote to memory of 2128	3096	msedge.exe	83
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 668	3096	msedge.exe	85
PID 3096 wrote to memory of 3596	3096	msedge.exe	86
PID 3096 wrote to memory of 3596	3096	msedge.exe	86
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87
PID 3096 wrote to memory of 3156	3096	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\204f274dee8a6a201b8b52c3c5fa2b61_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a4b946f8,0x7ff9a4b94708,0x7ff9a4b94718
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,4452940408153627918,13962207041496351727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
504c509e7ccec111dcb2a0736c9a5ba8

SHA1
6af2353a0d05f0c7ba50f0f93d90c241cf89c146

SHA256
27129ac0d6cfe983d48b122664cc88738ca59225d8d352486d680d926e92614a

SHA512
3ee36476c101cc14f23089435038575fd2a86100d2b88afb061728e84d9faa428eef8a81a71c86992096f4b7bd3c0aabf5d0867766351eb1466306459d1d0eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
35f03ec483ad0ad66d221b951fd6e424

SHA1
35c3a6efc920bcb0cee21a751e383009faa5014a

SHA256
d8186346866dbd839779abda884da7ea1c3742913941171d65a179742f73778c

SHA512
df26cb298fe6c76dac452618b4abd36781b4a2c74267869f1cc6e498685feedc360b8f87057ac74d0c39b12e52995f82bb50f22f77a35296d31c3882bc1c7b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c211228d3ebaa8f6b5fbc72d54f0536d

SHA1
8ec48596a335893d6ee21135cf9b6237e06b64c7

SHA256
4cdf7d5c16e2355ca0050930e0a84832456dfed5a4e1697299a6bbb42034b268

SHA512
ef9ccce9d24cdd9a994ceb53c4f3f05edfa8f8bef8f4b3e49e08130db82b4dd9752ba1618d9f50a6fef28c04f2ceb853796af815a346df203e26a97c3e3cc691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a9ee0179bbafa4a51108bb5a9c94e9bf

SHA1
5d20d90aee52c48fef92bc98c9afa9699105fcd7

SHA256
d7f4e1e78082882b04de867b5a898fc1dd5b023ffeab9008b544b7669f4e7aec

SHA512
897a028193fef943d3855839631deb23a516f5331ed4396e5b80fb13d01ec503ec75f94e3cdf9bed4e7de20df863e4ff9347bb5fc14a07642d9b3f4b7df36212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3312db4671ca93ca7a12acffa0814e68

SHA1
c0e2643bede3ae66a52a97926192a6544cf3cf8e

SHA256
1712affb977477cf0300ad04d23412b54a8996086dd91b0da90c20486e987ae5

SHA512
32db984935749982cb0def382c5d71e435dc6276b1c902eccd5c3b05be0efc203eebabd0ae6d2bd26784cb23dc395f6234e611882428c12dea8ed2254aa0fb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d52c961527391ac8f9eda7bcb9bfd82

SHA1
ecaafe760f44e1746adca627f96641667ea49942

SHA256
195d9f2ad89a68ef014498249d524519ba9bfc67f2cfb32a3bd73bda1a5af8df

SHA512
ca88c2c2aee82afb968b9c74eff9071e84bcd5e4102bd96b2862afdd91071a84c35b8643febb6e1dcadfc71922e7840646e28487d75576aeff37df78261f6f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec9d6e28d690f0150e48472bf7ba681f

SHA1
197a5afc03c9601abd7ba3b019bacd36f516ca2e

SHA256
7b095571d8979dd237d196cfa26a7d1745e13061aaf1cd843682fb797c9b0695

SHA512
caaa9acc8e97c994fd7c850d3b4a2c658c1ca9729816efb8cca3f084f74cc4af661c5fb2c9a3a47e51cfa03024f05a6456e3938b8d68dcb006961ab852e557b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f9cc7ddf63382cb0803fc01455a54d4

SHA1
dc66b2dd46dbc0b6d6df797bca8d480804f0f5ef

SHA256
0e2df5c117b6104d0f7084e0629adc52c4961042c093e843952c8b01c2d9c347

SHA512
ece82fb12779ea182f8aade36aa322820c170d7b6bca6aa7a91b7e70367f139c9ef6b137f58bb7302f025f848fc8f4316ced1fc257894e5303233ffdcdcff7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e615.TMP

Filesize
1KB

MD5
8fcbe103b17fdf67896a07960fee69f1

SHA1
b0da842734da677eb249ae681bde70a19eb00eac

SHA256
2fac341eeb3347b04030f16227dbfca046bfa563ac2156679e829c005fbb4fa2

SHA512
9fe2c9af60672e0d8871bbc10482e6439dde7bb13d6d3fe0a3e7d8d82b222e8618f600e5e43d14681393d127c825cef28087deb6bda9e914971493c499d2d6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3620795efc9d20f7b20db8a7b2b12af7

SHA1
91d91599509f5003bc65a10763ee777fce157468

SHA256
4ac6753ff665fe7ff05e800b070e026f96facdeeacb41d591d5690a4f7732961

SHA512
80ff41b5f94d96bb29388f97caef908aef6e8b879678c1662afae5cd4bbbd06f5f7a62c346bb2715e4c0adfb6d20e3e5d0222d74bc389bd19304b7a440738033

Download Submit