e8b7796a9c0706c92a38269af0ae1046bf6875821bd4538a3ead62405670b7c2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2024, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c38bee7780a6b78f389e657d94825dae_JaffaCakes118.html
Size

91KB
MD5

c38bee7780a6b78f389e657d94825dae
SHA1

f22413fbd8862f29f8087c29ea092d348930f5a6
SHA256

e8b7796a9c0706c92a38269af0ae1046bf6875821bd4538a3ead62405670b7c2
SHA512

f24c8f68bbbb9b7934a2e67a0defeb2fbb23ccd81bebfd13d633c0c5602798f21ed8f9ae79f4b33e49562137e592a19cbbea9e6c0dfafd7bce4c7c4225eb6ec5
SSDEEP

1536:6E4lHvYo+tUPQRvs5j987OB6ZqxUvC93Ixg5R6TJGv8BIKgfnjZtMG8ynn:6E4lHAHBo98SB6ZqxUvC93Ixg5R6TJV0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
3176	msedge.exe
3176	msedge.exe
404	identity_helper.exe
404	identity_helper.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 2176	3176	msedge.exe	82
PID 3176 wrote to memory of 2176	3176	msedge.exe	82
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 2256	3176	msedge.exe	83
PID 3176 wrote to memory of 4704	3176	msedge.exe	84
PID 3176 wrote to memory of 4704	3176	msedge.exe	84
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85
PID 3176 wrote to memory of 1384	3176	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c38bee7780a6b78f389e657d94825dae_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa65946f8,0x7fffa6594708,0x7fffa6594718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,17071500363440614232,9738322218854294928,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e63c4dfd37b3dcb182d87f0e325c7d08

SHA1
53043d2cbad2664e956cca0c9a84eb305d1ef18b

SHA256
a09ddf866e95871119556482a24d9bd3d1a85bb4e01980ca29f881ade1bd9588

SHA512
40fdca2ce0b0447fcd1af5230ce4d4327ce57db4961a26c1f1397897d7312bff4cb7ccd0d879da3a280544ea93d6d703bf67269d10dec75cd146ed7049888b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e6246a38e3d1d09801d9f72d245ca398

SHA1
46c665f2894502273d93de489c4bde4f3c4c6b61

SHA256
f47e26c690bb2cd9c4f9f7312ae115594296f4630db29b82ea4d38529ff57a4c

SHA512
67c4c6fe0cb5074dae5c1129059b7bea36c8c2647cbb3eb42d992901e9a4340aef4c8d8d5447b36c0956660239099ca5a80d89b5ff3b34a90a602e6c804216e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
416e4a1417d42a92a1932261a14db317

SHA1
87cf241e8e922e6a55a3d0ea8f9cd94695b85acc

SHA256
2130fb879a61867eb6cff43017338190128c4b8d3e1a1c4e146a68bfde5bdafb

SHA512
9aa5b925f0fb1b364a45b463cd963e7bee0b7281d052f03f66876cbc9145153e3da3131f6f315ffc2f03e468d767fd8cc1a68e21188eb11269e00d468f1ad5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b4e7af91455acc135db3474e4a7b914

SHA1
ecda3b091e0396dd0e86d0c33a9b209bd6ba836f

SHA256
35da992457e6c617c5536b823b331c6693f94e6a8402927d4b7a9622c7d6045c

SHA512
39e261ee9ac193bb8c1d461bef9c4ea7adea3e9ebf11b19373be8b4ea285d0ba37f886ef267c9c98344c5344d1772662f6e44dabaadcba81a1878ece2c32226c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
40630bbaa309f13f968f30054e714eef

SHA1
f6061a8516c5b47e0542fa18a7244b654382c9cf

SHA256
7b71887aafe7c4b25819a21fed5f9b199f4688d9855801ebce70590398908320

SHA512
4a08753f70cccb517412e7eede75f1c7b414dcb31c19fa82172f4dac420ff795b44bfdb90315c6149c4ed014f7047b42482b8e109b23f570fdca77a5f0e6181e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
860495e64fadd2698677edfd30a5d5e2

SHA1
84c8628ebc3657485e8f58137e40bb7d75254450

SHA256
c6263d8d09f5d748088925ce1431548f9b7c983b2b14a35a6bcb2999dd82cdb4

SHA512
471f7396791d4203c65a10a157366b6ab282b50a11d6b6fa557f6d4f054072af3505f795b7e62266ad250a26fe7cf62b7da8aea034a7a6622b4095f8731fbd91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8e3d8c50ebef7dfd672eea983d9b521

SHA1
2d0085348eb7db5cbc6099886b7a4a60d9421454

SHA256
f5c9e44ae21fa73cb5600030000da401200bad5a738f6b6c8cfebbd340909f3a

SHA512
261d295cc1a8c04e20efcaaa27822c93e8f3a82e6f6ffc29b5b7b2f4308ae7820e2fc6e865dc7bd7659ee828c18949c5c81ab0a5cca07570d77c57f31b5429ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76660e8e3ee0c6bf80752ed8ba1bb4df

SHA1
12c7672dfd6ba94f40bea92bc53976f85e69aaf9

SHA256
558f3d7ab178679afa10aa6500f7d4e918cabe9eccaa0a348273bd9a75eae501

SHA512
988d9fc2e1811057c9ec5de419597c163e4e2a1b97913a9239bc1ab1c2e367f8ce864be7abf6e1b9fcce07356b168747806f60af7b58d0eda2cadd107666f49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f4ca7b1b-00c2-4496-8787-3c619fa0c700.tmp

Filesize
7KB

MD5
38415f584cbb6d42f24f5437c5d357af

SHA1
3e468cfcad0d422796940521647020d03404a02a

SHA256
4b76a1aff89bc39e190cefc45950ba406a6cf56448480bf3de31b13130cee0e0

SHA512
522753a992524bb72c296b27ca873c0252a84428daecaf2ab0ea6a68fd5fe9e0418ceee1e71bf0aa1fd589f3f1de672f3a5b3ff7e7452930538cfdeacb176279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b5b7fe68be1928775ea5fdb7d4bfafcf

SHA1
2c737104ed6a4d07d49baa0e8bbb55d7386f6876

SHA256
ba813b23fa9ee98612f882c4c7c0e604231621eab05f727ebbdab0f8316c1307

SHA512
e246ec6cb19f26eb05287496283af904683307dc81de5ff251572cffe2ded2f7172f9687026b80ba28024aafbe7e0d28a9bdc8e7bdc2c2bd23fef1a60f126087

Download Submit