820b7fd9b353406d956d6b25309eae0e193f12549710af36e33380e2ee0080d7

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37aa88c4267e188a6bc150172f221241_JaffaCakes118.html
Size

142KB
MD5

37aa88c4267e188a6bc150172f221241
SHA1

cb92383563e7398d161b7b496999c60686c26ff6
SHA256

820b7fd9b353406d956d6b25309eae0e193f12549710af36e33380e2ee0080d7
SHA512

7446dad81c3b1e860c6051e01407b83041be3474827f53e3769430187a9b3ff6f388ffbb99188b348778b2c92c33ff7aa9ed0efdd8ebab09c2d6aa5ba57a4220
SSDEEP

3072:PFBSF3z2UP13G4k5QhLpOatV3QvVaC/fNbYaaLStRscxWUu/v66sbsGon4G59t94:NIr3G4k5QhL8atVefNbYaaLStRVxWUuM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
684	msedge.exe
684	msedge.exe
2900	identity_helper.exe
2900	identity_helper.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 5024	684	msedge.exe	83
PID 684 wrote to memory of 5024	684	msedge.exe	83
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4212	684	msedge.exe	84
PID 684 wrote to memory of 4440	684	msedge.exe	85
PID 684 wrote to memory of 4440	684	msedge.exe	85
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86
PID 684 wrote to memory of 3976	684	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\37aa88c4267e188a6bc150172f221241_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2fc246f8,0x7ffa2fc24708,0x7ffa2fc24718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13818051944436960937,2810296821558956779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
23KB

MD5
c6ee151c95d5bd2339c67eca774449fe

SHA1
c2de7e4a87b91ddd246fee53b8274b35fc55603a

SHA256
65edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09

SHA512
eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c824a5329fda890e4fddb5654e18d232

SHA1
e6091ad8d14ff190c088d3f24f1647bd02c8c8c0

SHA256
7870b47ae3ae218cff737675fd89096de526fc2be54f58ca5ce728e68cc9c0e5

SHA512
f888dfd9d4ba519a741bd376312c03d86184b53abce3b85d020f2d3e844560bda2274e7c6d0929313eaab38d853f324f135442e3c7fdc340913e987ce6e1827c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
35030de42c06a47823bc7c75007fb7c3

SHA1
c9fabb8cd81a9139bed7670259474b712f923bc4

SHA256
01703cbb15a5d5d4e09881d7f361fbf0a5313b124f2b29b866c940c18189e69d

SHA512
4ceac9eb7a6e3fbb50380f320b5e3ffc464758ed3f89a8f1a2db029d477daac862506fa3f9667156fe07b0b2a21c2fdcdc53df2c82fb9c69d3dd579e621b337a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3bfc63179acf7cfc9903820b86ca41fc

SHA1
5576c63dcb6b58e7cb1ad325aeb7fa2f41402cd4

SHA256
9f583897131de03b0ad3ab5acc5f412b57eeaecd43f836963b4a0a869a6b0e10

SHA512
2cb3fae813ae23a5ceb52b2624cd6ac0416a4d6880ea5412ea7028b7c8513491542efffbfd480b93f91af3f75951858f73ee10c6ada014d543531c525a041345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
190c1816aaba82971b142946d4554bef

SHA1
ce030a6e34e59962822211713f56184af2ad5c9c

SHA256
2126c3e56c043c915f1b1f4312eeb6cf487643798339b477043c08fa23fa47a8

SHA512
631ff22f70b9735d86687cf133d37c0c8dffd86f91ed08f4eec7b3971650a4be96d9fa110b30cf53ad87eb6058e8b8a921f5f551c8dc47c4e4411d5900994440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
31167669bf0503ffef4b533b38e34e0d

SHA1
f0de1c598e4a3732d2c002b618fcc896f060b8c1

SHA256
c66e31cb446d1efc0d5dd2a83702fd7f6164d811fca8566c6c099f02d7615cc5

SHA512
136ba35a64bb38048062bb0333123c4e8814a346a28b25c13f7c529e44add6dd5c616fb296f7fb8c76b5d3ec6f8ac8efd7aa42259221ae7bab26be606067ae09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c42240d05d8c82bdc2e9981d3d955d2

SHA1
da5705c60d688553d4e550e3de7fe258dfecd538

SHA256
84c5c28a29200451d88179b468f1248bf9c3a753788ae1b13ab80d602797aaa7

SHA512
ccbb45beceef595a778ed301a436e49312bd0157c97d02cfce74c2150b1303404b8641185050122607fcab4adb94d7058da3c3e209a41b24522a70e471d3614c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
536bfe2c19383cf9557462f12d489958

SHA1
fc018d6ba884252d23da6dd6dc9787ad058d5da1

SHA256
2446ea77744386a3d2a8f8a8ccf7af7a4c43b119cae7145cc2a905e32a385e41

SHA512
fc029179701a339db17450b8c866aeae5de96b8890a74ff36ab14bd96d486d42f8ee5f41e35ca50397ee5335f036ec901549e755140b2ace527415eee7f4bf3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6f03393fea0210205727b4f96163adf

SHA1
0c4e0a2c7b868e2a4174af54390ba6ab40e3978c

SHA256
9b3a4fdfa3b74fce1ffeb25baa1113d3e7ada96a09ba1d3bd06d3d86ee7dbd22

SHA512
95c26b1b318521bb72f69c6e6a28665c0652fa0bb212fd2dee424a15234d336ed9174520bcadcd10b77e5eefc42f4088b36fcfd64848bce112be7dd6ad590035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93e7049bbfd20842b3c20c76f9b35b90

SHA1
2fb68179f8bca1595354c508f1f47ea9579113e7

SHA256
dbda87f3b1cea059aeb9d434825541f30544212249f1893b8ce81ed982d85d4e

SHA512
f40a5f5835184111c8fa50088be38f4a1a9565e4ce0bea241fc764568e1f28152fff34635d25943b8ae2e50bee1715d7f707e4cf8e5cf9b1023ab59994218dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
2ca0d2c183cf92e92cef296c3054981d

SHA1
cdcad9f5276a527bc58149341241df9a873c38c1

SHA256
30ceb636aff840c3f881c240d31f674bb78c6cf3d7f5688718b09afbcc38d688

SHA512
4ba8c2f9250a3c0db0cd86e5c2efd45122808f6d1a3bba8bc6fb9de08000603159345aaa53109f8eb80712aff67351aa3c0bc2b5d04b2c5d5c0ae7e0def17ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586201.TMP

Filesize
370B

MD5
bd368beb34da4f9e797adeb39f20ae5d

SHA1
80d920d6ee415e311e212b1486bda6bcdef39bd3

SHA256
c5fc3901873da03b937215f3bc0cdd3d8133a5e03607d23ce8de0749f9714d80

SHA512
5730d2c2fecbecde84093859a371bb5c117f7d213f3fca8c77b452c65b2696313634b26da986679f1e4106f213bfec508f21a679bad1acb3b282bf404179d346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1790b788d0f488c23f39cc9375a89fa5

SHA1
c5a9f2469d507e88a0259ca754942c67d40e4502

SHA256
f1eba421009c809f78c4b55f7bd9e648f7465328b3bf4501ee5207bd54e06327

SHA512
4d7cda07d1b806e1b77a1a8dd06e41de4321280220062f0d582df16bfae41da369c57da190cfccfa64a51e02606f04a15f1c3716c15e855f8052c1a2e7856190

Download Submit