778034578ac87d87e91a7b38274399b3bee9612e1713e08e38b9bdcd0197f399

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 15:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ad0b6d53c8c7e12f47148f4d77bd38f_JaffaCakes118.html
Size

58KB
MD5

3ad0b6d53c8c7e12f47148f4d77bd38f
SHA1

03537a9396d423d3274df9aec876d5c9a2ad0d9f
SHA256

778034578ac87d87e91a7b38274399b3bee9612e1713e08e38b9bdcd0197f399
SHA512

44cab11974689e8572a6cbba6f97e69f56ffbca72c95fed14c499b9c6091cb1c57e007d76879537466c8b0de0f4d8d02d9e91ea9a4ae72ad5ac31e847cb606ec
SSDEEP

1536:HFh4j4SM4PIfx0LR/XMaLiO9hYUvGSzm1rVN:HFhAMaLiO9htGSzm1rVN

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	sites.google.com
35	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3496	msedge.exe
3496	msedge.exe
640	identity_helper.exe
640	identity_helper.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 4272	3496	msedge.exe	82
PID 3496 wrote to memory of 4272	3496	msedge.exe	82
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 1812	3496	msedge.exe	83
PID 3496 wrote to memory of 3480	3496	msedge.exe	84
PID 3496 wrote to memory of 3480	3496	msedge.exe	84
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85
PID 3496 wrote to memory of 2104	3496	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ad0b6d53c8c7e12f47148f4d77bd38f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad546f8,0x7ffa3ad54708,0x7ffa3ad54718
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7360 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,2505758641311340250,17174396822393717184,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
15ff4b7511ef95ed163f79aee75be915

SHA1
dc2436f4e8537d0a51e612e52051a5eca176958c

SHA256
eeba276fc9ae1a06158f0d82b51706a098a5013fda0920fcbdfaf5e028d9ebde

SHA512
b47ed829136d265d5e7ef8ce4c89580b60fcdc7cb81a70c222952d93880c25413ba85fe6ed29838683730db8bba6cbd685aa0235b0490d660e112d68347b5966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6d223b816b69eb2456913c1ac0877089

SHA1
1e1c6c710ff70983bb8c28d0e1407e558ed1ce3b

SHA256
baa28e443097da7660bbc2722075655022f2575ee8ef78e2d2de882dbe06bea4

SHA512
a833b0d36c5dd0db2b65322c290e8c064da813d8deaaf6b4dbfca542f34a4bb4b36c13529d1b43f2ee629c0e5e2056fd782996913420b3bc6d39f6dadd8ccd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cc2ebc1edfb9bcd70e4320e603cede3f

SHA1
39bb742eeef354b74f78e2ed3cde34f237a3e2ba

SHA256
c8dd5f4e33091892ea41fe3f06806640ffa63570d2dac9a76d2d92e06cde0701

SHA512
a3016e278d9f6ac85e0f447bf16a80dda109c4b7e26029d7fc444bb304fb134ad4a165ecf192150e4045ea5a56aace284b62c50eb58419e278e53a320faa634f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
807897ce5fc1663220ffa3c25c3621fa

SHA1
8496ed9a66251e79b67cbef2c048e2ced2e053be

SHA256
42f182a8d1baa3d72fe253c114c6092928c403572d0c49cf518edb14dcbc71fe

SHA512
c8aff5aef1b47a543f0a780e21ddd325547b74abe03eb42b09ad025f5735cf443df77fc633f5bbacdfa03acb0ee007b446d7e83a02e8660cd4f7f755f2ea24cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62baa2f12feb08656872c0626598043b

SHA1
88e9061aa151c95794cdb3d497e71df1637c429e

SHA256
f4ac55c8333c3b573224f314ba74a748244b5b026c840db4a60733efcf1e249b

SHA512
92ace133f5b94bd03365b6016f3889a10cb973b0d8204d1c5e8af59d7d9718b4fd0ffae90401f9541625bdb49b8ff5389104c710e199b8fa6a843961f4ade13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f838e4fa8b26c695e59651a7ccef6ae

SHA1
9e8f4cd48a4ae3953015bfa57a19206603c1a926

SHA256
edb5e9147c54d84aa9d59195def0ef3175d8cab0f8758bf9060514114c475c05

SHA512
f6fbda6eeedc49ce46ee83e6c231bd4854c103c961bc25ee5a146e72f3386320850dde97167b0551bc98e536f79987f26d65765289862cad76700f114bb3b92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a095b8e07295f09bb42a52a87beb44bc

SHA1
69c40dcbef8339bae859e167ac584ec904beaf91

SHA256
a1181dbac5dd1dd6b930d9f81067c7a718e031bccf10f635aa2aefa95c0a2032

SHA512
336adcb0b9e56382dac376a5ee5b89df8ae8995f07cfc6111b16c1875b8977437db88080c374cb8e23fd6d635fbef06d60072af011d52417803a4fd931b99f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f7506add349f413bbdf3ce4b06b2cc12

SHA1
e80dba21afac9057291e5d5e7691e0acccc90463

SHA256
01db59743b48a015708fea70ec6ae058b5d68af3408b91c2552515cc6b04bd1e

SHA512
6d9e0361653eba2d7256a39bfffa82ada24a7b73d2d3d1b1596195984c01ebd3d8b779379185adf7c292b0912b88486cbf374ed1da8d17a86a7a29c1f32bc5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd9b336c6c45a3b3e8fb9a27ef45160a

SHA1
c62e9f324f89bb3d6ceb0f60c7c43f33621eba77

SHA256
b9423f681eacec922e4181d611e4df65db49c3458a753528f2a2adbf9b1514be

SHA512
2a7d2e44a91bd7d9bae80d6c48ee54b5ec3060595d87a3b6bbd8c47500bc6a1c12c24912a41774f45aa440bb646ffdb8b8dd9bda42518d9e9bd419923b2c4ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582045.TMP

Filesize
704B

MD5
fb0bd2e6e3fed55ecbfdf10326a10ecf

SHA1
c4d54f35eaae8ff0ff7f85502ad87faad34c748d

SHA256
994f0361faedb04c8e95fb3e21ee6a4884fb0dc1d6b6b353be0eb47ce2255458

SHA512
4d8eaf0ac8083023a330d3837e75b7175942a5b56ee255effdb3b504d27743ed783edadac3befcf4eb952f29a3597593d82bde31a4df98c7a47b74aef6e68065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1604c016bd46f94b961eb8eeebff42db

SHA1
3e36fd3450a4c2a152f5f1820e5bde5c96b004bd

SHA256
8375367d6752cb6580c0d51e3b0a9b47751a2c1cfddf38de9f816bdd89815ea0

SHA512
f791fd58aee2c68d07b1977aaa8a32b0e93b6320076af03d05eb8b6019795e22bf07d2790edb4fdfefd8afe5d31c9d71cd1c26d2b49bcc212f3f54e01d379ec2

Download Submit