b3dec9ab54f24bae1e4e2ed956dffc30ab19b4960b9824ded35cff47cb96387f

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d9215a445492af4008d4e06eacb5560_JaffaCakes118.html
Size

31KB
MD5

3d9215a445492af4008d4e06eacb5560
SHA1

61d218e145a2bc797f21c99f21eba83002b81e6a
SHA256

b3dec9ab54f24bae1e4e2ed956dffc30ab19b4960b9824ded35cff47cb96387f
SHA512

fa9ae81b4c68c9e1c9879fe288a69fbeb7c13823309fcc67366b8c8fec9dc9d736fbef9eb8515358768435f009317ad85f191f847e014ba7223a929d29327e66
SSDEEP

384:Sascav+1btR7jTTey3Ba6robFSnJMT58cYbdlccnd+fEhRNQW7BxwDocuMgfxdLC:SascaU37LxdGsfpnmfoOJeD6OML

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
2100	msedge.exe
2100	msedge.exe
2536	identity_helper.exe
2536	identity_helper.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 3648	2100	msedge.exe	83
PID 2100 wrote to memory of 3648	2100	msedge.exe	83
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 3652	2100	msedge.exe	84
PID 2100 wrote to memory of 4748	2100	msedge.exe	85
PID 2100 wrote to memory of 4748	2100	msedge.exe	85
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86
PID 2100 wrote to memory of 3748	2100	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3d9215a445492af4008d4e06eacb5560_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2127536835904359568,9694742007348126560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\398a89f4-3759-4cb8-8cfd-f72bf6e91d02.tmp

Filesize
10KB

MD5
2d4ec6c5840898dbc2756a55ee5bcc78

SHA1
1c562275abc6c0cbcbd2b28648d54f28f959ce88

SHA256
c6fc6499efa0d9dbc1ba8fdaf8262ecc8049cdef06c7fc59cceb4d644d699d97

SHA512
04327f0e370ba7842195dbe78ca2e4dbfee4cf572404514c24068e7f3810e5744e2699061992d1a7c4453c534d4ec118c14b2a2961561922e6c9c121e7703590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
787d6e316e7f0abb25517067f7300497

SHA1
62c7f039a1faa8a1f56e1f84c82a114082eb8286

SHA256
8a720d2ed6adb2e4c38a34c3a590000069fbca8d90bd7d13e1c0dd572f28d9a8

SHA512
e1627c023e7eb56b9b5aaad54ce090f9af4ed19ed38a67745af5e964f4ad9f8c1c3a8b8f6a4a3a0b28802560d7ec35140a5d30fe38da71326a30be697a371b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7ff4322272eca50a494f348b048a6c76

SHA1
4de23116c534e0644745c07d47c193d1f10bdd3b

SHA256
a6a2ccc85d83452c020088c0e7dd988656c117dca285a6f133aece03f01af2c0

SHA512
a2ed5f83d783dd5187d57c04c874547f13b929f75f1221b88c1ac2f8a0c709d816652d7afcd4f231d630ae51849eb6a79c1ccd8ba03fc9edcfb903f63f87133b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6857eaa9541c090eccffa9ea1f086f7a

SHA1
7e32ef766dc4ff9e2f4fe27b5a84e4df3dd6a3b8

SHA256
686cb8b877266959cb0993ae1f9a5a83e32f6e5e1bbb1a208521b4337f832084

SHA512
5563a7d628a63abe153c7645e12e784e65238feb35e2f2f395061ebeee3d24ec211e6db9aa111268ef62168ba919de07523b032baaddf8312a4c144050a5a4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cbc137a46ec456ae59cfeb00e7176096

SHA1
27a60a702afeef5b5675e33e95e0cf5080751d4e

SHA256
6d5418933545aa325e3ee768552bb1b7e795f1b8359f854e590582c879659709

SHA512
4c3a7718eedea212d6a340763f39508216aa581437f3861f1b10971af02a2194b2de8b903f1b33349faf37568e57a100a67409fb0154c949bede73719841b617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
248fde7b785c237fdee49579121debfe

SHA1
f934f90b8af4bd2820e3f8b01ecd4db8d4b0732c

SHA256
c9fea5ca59a3ef3642b0c4497d2915132844d40640e6fdfd0173b1ab616cb0a0

SHA512
faec8d318f944e907049cbaf202c56cca6c3d7221f8578901560ea3d820054460ab722bf5a0f8443c961eaea5e86bd18ffb84aa94f72487e62a5f06f3e9e23a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
58f9873a39d5045c531597a5c8fb4333

SHA1
bd0070347656248479b90aae5a410d9374d56556

SHA256
806e9977d87de3de2101b350660bcad977f2e63f128976b7f0c8c33496a322de

SHA512
5638449a3e6eea85fd8507243a08c3fd478f37cf6c9269639c804e17d5c0cbe2ddc419261f6e2dfc26361e103f7d64893de15cc42c34186ed660c444d61d0574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bee5634b492d540cc9831035abfa9c3

SHA1
5de1bee58c39be3cd315ea777d1c791a16748d25

SHA256
8a939b326d62ef3bdd09bec46a25a11e0893b2524cc6214a92ed659d62546daf

SHA512
5bdc11cb904be1289f08ef4c18bf68f524e23b72d5ebb0996160be8e3dbb0e1e8bf81694af4e3bd342aade370fe2ef562bf5f6008dfb9d71a03f6049bfbe4596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583aa3.TMP

Filesize
1KB

MD5
26de2e34c172daf940e02c7f7c390a57

SHA1
c4e0e8ad7ddaec99c7e647efa451acc3e4cb8ae4

SHA256
360e7ba071ded9d31014059b4786a8e36609becf6953887770ffce6d620d1daf

SHA512
ddd70569c9c0b4e4173c19826fd1b6cdce7411f96bdc0434cf8c97d4455f76fa33f7266187b7beb38e1a637bde7cb8dad586379f01a30f2ec6fa35c032561077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d4af9f98-0fe9-447d-9c62-718a11343e39.tmp

Filesize
1KB

MD5
2a98c9d4bb0bd96d44cec5852d72eb82

SHA1
2e0d32de07560d847c1237018faf5a87ac5eec79

SHA256
1aca99473be57ac3a2428ffba17bde8d7634ae55947eaf31e41a097f2cb86b25

SHA512
bebe27114fc453e614699e76977d1ab740d7149b475af28bbfa2fbd1c5d1030cecf1fc0aedecc0c976d216be2d56de092c658e99f866dfbf9c9f23e4123610c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit