0e99c33cfb8e2e38248739cdf480bfaeb07b7e0a2012c293512e18dcd402e23f

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2024, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a74b724643fea207af490655dc5c049_JaffaCakes118.html
Size

84KB
MD5

9a74b724643fea207af490655dc5c049
SHA1

c3abc1da3c56bb5b93fdb7488525360dd6d7d3b2
SHA256

0e99c33cfb8e2e38248739cdf480bfaeb07b7e0a2012c293512e18dcd402e23f
SHA512

d360d1a0e61508e68883c53452219753eb1b3980983a90b255b017631d062d7a6f02c645c124b1386763000cea861593d460b715e0121a2315305acb885ee7dc
SSDEEP

1536:yB5ps/biOSx4Bs/biOSx4qkg3GBkzBYjxliUGv9rCX7CesIgsgZ05auztb2:y/oDl3GBkz2xlFQ9rCX7CeasgZ05auzE

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5096	msedge.exe
5096	msedge.exe
2732	identity_helper.exe
2732	identity_helper.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 844	5096	msedge.exe	83
PID 5096 wrote to memory of 844	5096	msedge.exe	83
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 116	5096	msedge.exe	84
PID 5096 wrote to memory of 5028	5096	msedge.exe	85
PID 5096 wrote to memory of 5028	5096	msedge.exe	85
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86
PID 5096 wrote to memory of 2424	5096	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\9a74b724643fea207af490655dc5c049_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff998cb46f8,0x7ff998cb4708,0x7ff998cb4718
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7269557721546007272,16692890704882881823,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
a8905aa7c35823baa0398484f76e9aba

SHA1
b4185ec00e2b001b79993b4f5ad9d60e7f5dcf63

SHA256
16b43e23fa7af451ea53f05d8f35421cc9a812cfb1752e17f397fbe653e3d3d9

SHA512
63a5cb25812e41fa0d259e73871bcbbf45bee962a6c96a56dbf696734aafd9e3dd6ba473fc1979b95b81d018f7af21c7cccde7bc277d3f35ae1a1aa34be269af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
7b65df30d63be34b8b833a0c315e5137

SHA1
cf132e4d5b2341ee03d83944c57ffeda5cbd4c99

SHA256
25e0b4d44632e3aa7be763a4f0374c4c224b1921401d4a958cc84ef0f4132e6a

SHA512
79143088f26a03d375ba1c00de781ea74514d564917523f572496543fdf0021e6c09d1fb86cf3aa04cc1daf7e06c069b83323be77bfea7292cc0d8760fd8c075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
39efbfca88be63a669283c2665efd915

SHA1
166235310d43c65e974e9b518d97103e95d16ca5

SHA256
16bcd83273e9906681d8d2c0a4324101cc3424b53a7823d516c2d8e04667576b

SHA512
ad06b27f282cc3c26c43e2cc797e20ff346b3cf9a1c176a8393d8d07849f572886b9b325985dee1df237204ca63f4701f35cab2d35b862945036fd0666d5eb6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bb3e556fe023b702f884ad731170069c

SHA1
244cee9a9a9f053bcb9d1de45f4cd845e5dca769

SHA256
14c61ff7afbdb02c759fb3ce8a0dd9d4fcf6971249d7c49f15aa699aee6f9bd4

SHA512
f383332b94b1bbcc9ff23bbfc9cd7ed6253ef2ce2fa25e735a268defc907b85579eb367ad6d766e4ec3ea8bcb29f4b52e98ccae1703cf0f239adca62137156d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c856ce71435997ec2dd50aae62fb332f

SHA1
844e5de7e227c7b186ee265616187e7d1aa2a2ab

SHA256
787b862fa15e39b7bbd0dc03c358dba4e67691c6ef3c0498784bb5e7545a7897

SHA512
4a4f423edc30bd1357c9c2789baadbe6d68c9de55326786492b4e65c43c9005eaf083d112859a5fb09ab43f65e2b6557d2b222a7e96c002b60cf77a6c2b8d0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
607dd1a481ba55bf71139c0de27283b9

SHA1
fdd7acdc58c3954494d02426938e575a9977d6d2

SHA256
ceb109a87d16d405747ce8f43add5daa79ad70e91cf75ac013873e31a6514092

SHA512
78aa72184183c0ad0104574aeb3b62f62c94c90c4949d29f4428040e29bdff6d04e3ada787d21823a6565d10fa65749e1e2caee2ec88ff89ce4dbad93ce9d2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0babe5909faa44a6166f64d1248b2fbf

SHA1
4bcdb5fd9ee4457254e8f75bb1fc6b682662b2b6

SHA256
1c2de33b4bef61970fb9cbdb950b32902efd22f865406cdc357c652b238d440f

SHA512
4b80f699b82c61d49ac91541f7c87c6fdd8e955f4fe327ff37491024c520345d572db72acc5c2cd1d528abdfe66c1451ffd51fc13c76d3d8e68bd5dd0f0420b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f0e31202a9f6fff5b9dfc3356d92057

SHA1
f305035c7b63dc1786ea7d5f568268558eb231ca

SHA256
32c24c9a0a59b9957617fd46fa060519d2d9343ec9391ffc3954d7767d56fd23

SHA512
cc881ce001a847fd98267529b13391cb6370d2ddf07fb7dd65c6796124cd59b6e2bfb79b28f71cf2c975563f1ad00740453e9fed531dc28164b8a71d019824c3

Download Submit