1200dba66acda67c0610e10be639fb62693ef032a0f22151fd39ec0b01429e02

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2024 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77482df200eff494d08ac8ed6ed52a21_JaffaCakes118.html
Size

60KB
MD5

77482df200eff494d08ac8ed6ed52a21
SHA1

2802571f67b389f31c7a460e4d0786eaeb8427c4
SHA256

1200dba66acda67c0610e10be639fb62693ef032a0f22151fd39ec0b01429e02
SHA512

342a1eef699497e42801767148fc8093ae662367975c7af383bb41a6d0655a0349fae72bc1cd7f34b83a0546d4eae48abf08f437daa02ab0535470525dd3263a
SSDEEP

1536:nqXhPI8l+L/sBTIew4J1teRfEy5PBczcAVtQ+:or+L/ElY555MVtQ+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4668	msedge.exe
4668	msedge.exe
652	identity_helper.exe
652	identity_helper.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 4128	4668	msedge.exe	84
PID 4668 wrote to memory of 4128	4668	msedge.exe	84
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 2644	4668	msedge.exe	85
PID 4668 wrote to memory of 4880	4668	msedge.exe	86
PID 4668 wrote to memory of 4880	4668	msedge.exe	86
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87
PID 4668 wrote to memory of 3800	4668	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\77482df200eff494d08ac8ed6ed52a21_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8129e46f8,0x7ff8129e4708,0x7ff8129e4718
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7188 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
05197e9427acea2ac4dc812f97a8f078

SHA1
3d2a38b79da52e57783360f195ac3e7c85edefd8

SHA256
7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191

SHA512
084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
787c8032252a614a325a542c79125c07

SHA1
b3c98dee17a8c36f990f36813bf76189b3cfb5db

SHA256
dd870f24710095304b7f5e8354544c53cc347df39dfc00026ab55bd7c12f61f7

SHA512
b05108f9184bfbe1aed93896560915503c909c683b878825a14c41bcd948fff6a03931c2ea03a80d89d3ff32bb8da8ceb37c6c9a044eb8c617f8af55a231dca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4e3b13224ac8a7164f70164da17b2f0f

SHA1
e2e4b655da106e4558520060df878a0c04df20d6

SHA256
c3aaf2f1f082ee7a8f86723ebe5d6fa1aa1e5ad894664b3bced60abf2f9c5f64

SHA512
f13ab121f0e6fc552884ba6263ee6d9d967ddd69e9ddddf66d1139b61d85e765b90aaf85d1ab17261b4c4188416fdde42ffcd8a435b780c0af0259f294bc4524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6b5041e8880489d8f6ee23a67880793

SHA1
a946307af099257797655b58b1cb5a8b42a1d922

SHA256
e0a4d4fc918a8be9e3e9c75e36c083f1a98f24c47e5a7b20adbc66cd5f350585

SHA512
6ddc53ba045576e37a76a14df8f41599477a63ac3a52cf2fd8f5f41e484565fbf52003a83447413ac9d46e4a12513488645f10450338750c83c73f74c54ddd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e95ef2ff95a657f3f0e2adcae8834281

SHA1
ae1ff6ecabf7f5b378099119074dde9837d94149

SHA256
ebaf51a4c620c8c5c8219e50aadb74448b1cd9223c8c5780916a73329345bfe9

SHA512
e5fc77d56630dda849868f454456561ca0e910b8b1d86b3cd93156a7f4c5f2c33eab85b9357c92624ceb7c7ae12351bd5ae26715d6dbdd8295bf574cb5b0ac9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f77a9d0666b5305f831ea6a0bd2d3ac

SHA1
3f9d9ea459be0dd01f29c22adfbde05ca4d56d5a

SHA256
33b42875f1e91e21ba6f764a797f38ea0e7f148b232acb31e32926aaacadc07f

SHA512
1274c8f1627974b60e24e022a3734155585eb4beb741896085884a58e8e369835ca54f1333888c0b18d61d0a5d95127586b460d1adabcbb3bfec3d64e960a1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6925c4d294d5a2ab2fcfb4dc0cd1dd00

SHA1
d2789707986b8d1a846fce1c9b61b9e933560c85

SHA256
cdaa86a9125616b4b036c807beab8c674eac7b8d0318682d54d6de72f0241b99

SHA512
fe402c859cf349e634751da026879eb020bdd079a3deaa6fd01d6e6c38b4d1d7e867ef3ca9dc16b4419dafcc89a559ef29b7dd9cebfae30371c3c2c4acc2aaf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
239d2dbbc9b6b9e212d64e891534ad23

SHA1
8b465923e82722831b9868593b336f01f1ffdd0b

SHA256
b247fb72d3a13c2e1bcf1844f8dcc1ed7c55d98da0e699505bba0510cdcef953

SHA512
b72ab94ff58b1ed42c246c64795950da7e0842809ca19422ab6e6d8a0dfbe84b25d1dbfaa9887bc914128370c920ac013507459e21a51c67d94f647c06016d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cba.TMP

Filesize
371B

MD5
977d3deafaef834a93071c9a86c57276

SHA1
afddeea2d9cf02cf9c0e175af0e05510fe7b2e10

SHA256
7a0a0099c955e7e19f2ef8bfbc2459b5873585d47cc8c293da8d487d8a607315

SHA512
d57d54bcd7eb08376d4abf56fd7ca8b43b261a19c0cbc872cf30d014997eaf6528516b8b52db0c9fe35225613daad9be920b2d58e708ced82ccae673bc657a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e11ae33ab222fbaffbbfc73ddd3f37fb

SHA1
bddc10e0df0f1bca69639bc6224395088f6eafeb

SHA256
6427f669c7242eb2c070ecbc3b6445d0fbd333f238578b2f7d6dc75fe2223657

SHA512
5070cbb2a00464494308bd338d07237c90b19676a6e5d7a673989ce7c686b0c60fa2280d8cd9a7b0680b7f4ab1d5d152f55872dde94b02940d3164f66ac7e1ca

Download Submit