203b5f29ce40d9b0968a91e7d2c71cd566ab83fb7e8b403ff5284593e1b34556

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f4d39854132f5824c8a569d72cd7473_JaffaCakes118.html
Size

215KB
MD5

2f4d39854132f5824c8a569d72cd7473
SHA1

90e469faf04111118e4d30ed7aca41a4767546d9
SHA256

203b5f29ce40d9b0968a91e7d2c71cd566ab83fb7e8b403ff5284593e1b34556
SHA512

acf03f559485566f00fcc5caab4c8264497ed530e980b908da86d0b5847eb0f1b35eea3aa91bb92b0cbdf4abee874062073b0b1aba9baf3f5510ae8921523e99
SSDEEP

1536:HuztRWw2yhaBaTuYqE2fJ6O1TZime5ZQ5yaeELuKdB8:HuzrxeQTuYqE2fJ6MckPuKb8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
3984	msedge.exe
3984	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 2032	3984	msedge.exe	85
PID 3984 wrote to memory of 2032	3984	msedge.exe	85
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 1100	3984	msedge.exe	86
PID 3984 wrote to memory of 2672	3984	msedge.exe	87
PID 3984 wrote to memory of 2672	3984	msedge.exe	87
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88
PID 3984 wrote to memory of 2200	3984	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f4d39854132f5824c8a569d72cd7473_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc634746f8,0x7ffc63474708,0x7ffc63474718
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17528981287832563781,1759729516339170617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
23KB

MD5
c6ee151c95d5bd2339c67eca774449fe

SHA1
c2de7e4a87b91ddd246fee53b8274b35fc55603a

SHA256
65edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09

SHA512
eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
468fcd9cfc73d34f514e4fa6dfb3b24c

SHA1
b23b7bbea8d3950301fdc9c78be21ec007d2a3e9

SHA256
fc4fc71f45d9ab9cdc4f63252aa1bff150842f3b9fb3d5d6e0422aa62706ac91

SHA512
6c8ae6a455cd9e5ecd8ac399f475d6ca2252fb816f7017dca1288debf69530908219f276c46796985944461a19e9942a212f88a50953114adfdfc9e7e214737d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e12c1702b3a6a7743141e7580d5b625d

SHA1
28d56a1a167c8e8f07bc636e3eca710fab3b37d2

SHA256
a0cae1f4e7be920a279729ab345d018a8f879351a81aaa7627a511acb8f8d49b

SHA512
86d9bd627dce545ee15987dd8a6a2467f2584d5133d0ccfad92004732357f9d2a582453fbec1d242ff2b1029b1aeb28ecde7dead1522188b2e5707cbc83cf8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
518fbbb55869da376cd20320fa067bd8

SHA1
2ea43d1f3c6759259d956193eac168f749d70785

SHA256
83d1dc58a26ac71e471b188f1ac8f683390515382970fadc2c15f887489d45e7

SHA512
c2996c815fcc058395d7c81c7f411fc052fd524f36039f3cabfa9ac4b51a28c570668e6527d510fc86ea72b98e964661e97ca6e72b69d7b2d624b0be9fdb5eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
620bf960c920c23386f06b4ec5c474ca

SHA1
5e154ef5d607a3e08a61c641e5af524f3557b5be

SHA256
c9cbca7331144dae6ef6e235b61eafe2dd1423354acc73c9b9d99e1c8d61d675

SHA512
035b376f3b2cd83ead1204b01e304c9abda9bb716ef823304457e3e53e43826da2bb3c9da54b34df596d5d53db756fd4c657509f72e4731dac0217a9d8fb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7c5e26a337a662c682677e24cf584532

SHA1
f31b13f7957f75683ebe979f154d4acdadd7569a

SHA256
1b982cd8c93443a2022ae2914e897f2a06dcd22a2681cbfcad6ebfce389ed3a9

SHA512
e94e461e2ec05a1f875087490b2deef0803c3d37d5ddbd8d422c47dd2a027834eedb8d18b7bffe4435f3001b15c99ad3a4b7fd6857414639f71c1c71380e200e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2df31288e7aa2ad4c1bb427dd3c728b9

SHA1
64b1cb321618fc2b767883a05cec0555d1557469

SHA256
ca2515efa60348bba550763aba20d41a3289e56220f99992b50972f2303829c6

SHA512
1348af1a4eb497d1e1a472262f9a72b688f53e66b0c8f2fc737eb83d2a7bda109798eed7296d6bc954992dcb047978af92e5e18b9fbf909fe00f78df1881a642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a46d0bfbaac9102c66fb682d62368fe

SHA1
df413570b1b7fe4503a85a9bfd3d780446b9b3e5

SHA256
07da6dcec85141b9626a90cfbafaf13f47538e83c06df4d0696564c91a4f4433

SHA512
02d88662d459c8bdedd5d83583f4d16c96b67bc588b3c28bd30fc308c16a17a7759aa809022640fa7af7952ab4c838876678759624300dacc9b427919776d027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
df55a2567585d12c6d9c688782d8dc30

SHA1
ba38b453865a54e0ee4affa2c854106d682cad78

SHA256
3fe3755e335e95ad30f90ed8b1cf80039a1c13e08e027208d05ba11c7af5d749

SHA512
fcbaf9a28dc1de694090824e85e150d8918e73b5ef75097bd045144e4f810c1e7fa978177d84444b79127f53dd8e5d30a733acebef5c67fc534ca96081e7c04a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1ef03704a6a40093d6373c8a8638414

SHA1
ff3a63390f5bd54f274266d4b191534e0a3a98c1

SHA256
d6915d384a61b6e911a78a59530876edbec102190c0fefb5d687cbde68c2ba77

SHA512
649d0e352355df62708246f1a1c941599ce528e84bfa43091c92cacd5aeb37a6bf5bc6c0d9d17379a1248e611bb6b4913d3347fe456341d60a708488fffa7058

Download Submit