49b02885fc117e4709b7e98446012e5e6a97bf857b1aa7deb075c849392bc068

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 00:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3755b1d9a11331f50a6c32284ba43a72_JaffaCakes118.html
Size

303KB
MD5

3755b1d9a11331f50a6c32284ba43a72
SHA1

7978b099d515072cc3b9710e1020b5351a21b7d7
SHA256

49b02885fc117e4709b7e98446012e5e6a97bf857b1aa7deb075c849392bc068
SHA512

e60a304f74ba38d0159cb2b5f33f20ae2dc497b6c4ae627b8a219eb57ee93da12e3791cb6fae41991fc0bd6ca1ed9c03b85b399fe55b4b230a429dc39e32fc25
SSDEEP

3072:evM9o80DueqGqf5k1Gvos9DV8ghe9j4dQ82Q0loODoJDz2SLu:H9o8+k9B8gheIQrQMow

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
4472	msedge.exe
4472	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
2756	identity_helper.exe
2756	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 1568	4472	msedge.exe	81
PID 4472 wrote to memory of 1568	4472	msedge.exe	81
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 2612	4472	msedge.exe	82
PID 4472 wrote to memory of 828	4472	msedge.exe	83
PID 4472 wrote to memory of 828	4472	msedge.exe	83
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84
PID 4472 wrote to memory of 3232	4472	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3755b1d9a11331f50a6c32284ba43a72_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e4718
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8050014349709572903,11583133110878148481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3322ae93-4f6f-49a1-902c-7f3a0e867b5f.tmp

Filesize
1KB

MD5
08a85a19f9aee06165d16b64e7923436

SHA1
fe133af735125be80e20161104959df9a6b2cdac

SHA256
2e3d459651bd3ba23473e92d3865dc9b4eda338f0ea185c822068cad186d2157

SHA512
9e4c654fdffd29f0a461e583c6e54bc595f3c15345852d520232f669b8e200b0dddc0f0f1df713e9af0ac2ac2695e3f012488d3dd278b992378c18bdaa3306ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
914a3f226751fb054a818fe4272f9afc

SHA1
75bd1dff93a57a51ed351a03fd855204c5d86aa8

SHA256
e09930b889f090a7dd9f67715a76e0238e310d39fc43ef4aa7e069e10dfef82c

SHA512
b231056bb23571e6f84223afe3c1417a5e73ed858a26b525635f66cbeae62d2e955d0ced91e00e37d05a2684724d6aba7225b1f8c6bf7e72446e207b8b3e9852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
b9fac0cf9881edf753a45720ea2a1d24

SHA1
e9786d07a32552f76185c535305476fff7dcb663

SHA256
6010468700305c78e063065b7b5982c78e437ddaff2f90ef5591ca9adc738efc

SHA512
9cb9f9e8a3f143c4ee4f65328ea36e3d8f8af7bae9a8fec2e6d3c38118e00d91714718e84b363160ec95ba880738e03f1ad4e8fe3a722d55f9429a6092b32569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5cceeef32b3eda40479cd0ddb88dc7ee

SHA1
54974029b005bd9daafc7ae3c8d542685128fad2

SHA256
135a0a0fc5e65c51588c8c916c057fbec6e191207d7b5856fd94b42f2bc12d0f

SHA512
a7c09e4de76113477a23cd0280b155ea4a49ac187faa59e632f38c6ac808dbeab43447bcda422e37e0dc063617b15d4caed0f82dfc7e546d8dfc5d0743395520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
200ec414487a2a9d5177c80d5e242630

SHA1
6337e14069b8807a7dce218365c268ed9c3f981f

SHA256
fc070ad01ed9c79b2bd8d683ae7c65699cafed748feae6a972f3456e1543a26b

SHA512
e6984121e35ba41209758933c3d98573713e89b265cc79428ce31475651d7d079456521c745df3560abc73d27da5d2b19c8fd9ce4c7a00415a330afbca492d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
442871e7c646028e003207b07d1658be

SHA1
936d696766bb904f858e5c664464206e9802a05c

SHA256
536a40a606863be8e32060f230eb03c17fc316b5299c36677e064398f5dc401d

SHA512
d2cc94c6b90339039953e86832cadc8626420521baf2b01a1a678724a00ca74481d2112c98fd030f72bcf34f94141ee4e3dda17938ffd53167e11229c7f0174e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eaa0ee62275423d7ed84e9c7080d38d1

SHA1
6e130d962bd104619564d95f56338c3a70397600

SHA256
0194f8cde8bb746bb8b679f782428d178058f38db94aa866cada8775ec7a11b9

SHA512
ab758fcbe9406c3920a5411ec80577268f5e5fc80112f7ae95a40c3dc53516d270e71a3b1b858cc3fbe207f2d5bf59cfa4dd211129fdfd18ae0012dcf4c9a8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3000598de46ef65ad6c31e155512ee87

SHA1
2b24ce9651baeaf2c0f93be358760a5d803f06fe

SHA256
0e9277f73a3fbdac4629493145a4a388f225497d9890e4e2e059260b109ee53d

SHA512
929621e97e8cc6423db78c6c3453f443cecfdb6c2a83588d84a2da364760375788047e6e7171a0f5469cbbda3c1dfd20e316b426e48a576d48e8d928fbf7f0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
739c5d4c92bd35dc442497d4627c5fa4

SHA1
137dfeeeecf18f4012c7878d40be5b1620428c7d

SHA256
a2e5f8ad5014c458feb51670ee1e54590f9828cc13c9fc6f52c422a2d3682343

SHA512
130cb8d669df7073fbf58a8f1470a50d29a77981d3d8a991705f7ebcd8fe07789a2b47033acf44c9cdb3dfe59729e83c0001d6b596a2e1995117628a08e820db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1386fae72139fba55bf5835eb386128d

SHA1
4e980461bf46e59a6512ebdfdf8ed090dc7e83a6

SHA256
ed61e2e1f659d7aaa7826d9da703b6db8734be93a155d1478dc6d45df19a6e8e

SHA512
d0a82d05486904b0310cbfcc15c1d129a17084862e7a17bc89b9ffc9006a1c0135ac302aed3cbbeb367175430beb0218780bcdfea423c7d71c6cf058aef78166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d263.TMP

Filesize
203B

MD5
b46692297306864597e9c4a0e177c03c

SHA1
ac65e7f7ebe9aa7a89f78750f7956e300c06787b

SHA256
acaa810bf5c699504baa29efa738bb7d92ee32ae7b98fafde8efb5f27c57ace1

SHA512
434c8f378e052f0cce541d025b6d13df59490fd1aa6905cd3e75517ef8e74c08026e6b0ba6f7751cf5539c87cee6739828edb800479f4af9d8081c2defdcdbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7cbc15d4c175584e8651ee5f919c23c9

SHA1
c358699ba5e06d77e7070b2506ad87cee6ac0ebc

SHA256
4a96124187318822350e3fc4de7271c1bbb129db84b82d973b7d6d748358fe21

SHA512
7139f419667d3b08786095dcb6e6ef58b12244bbaf7f9406ccce5e009f598f789a7b93f53542a686cbe2e97673521fa3e92f2ed758aa8231b284a2eac22c7ba5

Download Submit