7302ceff9f16025008df6d3d5f05bddc6085971755df9adea0974e79149561da

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c3dfb16b5e3c8390eb8a2c1a5dee5fd_JaffaCakes118.html
Size

122KB
MD5

3c3dfb16b5e3c8390eb8a2c1a5dee5fd
SHA1

acb5a588c3c82146701fa99b52ad6bb2af9caa11
SHA256

7302ceff9f16025008df6d3d5f05bddc6085971755df9adea0974e79149561da
SHA512

a3415288594bef9ab534ae82db37e6858b50c7afb9ca6c7f72222cad81cd7111c967909f66c320dc371cd06923473d7109adf256cc42fec72fd728758600e66b
SSDEEP

1536:aAKWbg389eC6Nc+ap5eOqYCKttI1M3VjjmOkEKCTPgwTFyiBPvQF27PMX4DGD5Sb:XbBGQeOUUiUyF270XrD5CicUxNc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
3252	msedge.exe
3252	msedge.exe
4212	identity_helper.exe
4212	identity_helper.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 1900	3252	msedge.exe	82
PID 3252 wrote to memory of 1900	3252	msedge.exe	82
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 3712	3252	msedge.exe	83
PID 3252 wrote to memory of 2552	3252	msedge.exe	84
PID 3252 wrote to memory of 2552	3252	msedge.exe	84
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85
PID 3252 wrote to memory of 2168	3252	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c3dfb16b5e3c8390eb8a2c1a5dee5fd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d4718
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14314581760099670948,14363626677864559405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
96bc14b74d4d8f4fea3d2aa955b13aca

SHA1
305cebdfc810cd27e030ee3b8a0e36aa21f04abe

SHA256
5f5602f0be01cb412c02a736a7b8172818c7f94f0351e0deda684942705c3727

SHA512
233ffb6625dbd5f5206fc8bbaa42440630d763380c1bee39b55335db68d90b0778e770317473869db953f7e4341ca56f38d10d86e4a0825cc30db933f35968a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c8179ffa125276bddb77c313296b4b22

SHA1
5b0dff54cf239b1b2d5578231ee9fa5650763965

SHA256
81fe612d0f5d079f8097edf05cd86cb4cd5e299ba42bacdbb41f39fa7a57917b

SHA512
f0b87de48d0e3f5f5a75aef103cd1e143725170b2a6e1c1a7e67c65ec4add68979d4db85ad31797de54d6b585b09ff42dbf474815e32a16bdcf61040d530d91c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dc9f6b7f93e7a531da96fa4f5d96af08

SHA1
573d8ada05c69a5c243d78c05b4884c33afd00ef

SHA256
4e77eb1adcb135ae03ae6d7216e261e937770b61ec8120248f4c9ac6082113eb

SHA512
738f24e3b0db993ae5e1d9ec655977a7c9b5a336b506234c88c1078095e479e7cde574947bacbe991d5cccb8630347360f7c62a6a0350cbee2b99699d6de1b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5732995e8ffe9754d57782a6920afc9

SHA1
61e8599a2e6e665dd3e7a6e25d51a4389d2ac680

SHA256
3d296b994fb784348960c872514e3efbd66e325976ac1baa98c853a77cf65a85

SHA512
e4ae4e2d656dde73fae691a8686ed1d910bc30fe4613fafa80cb5b38b5db309d329603564f74de16a7af8f08fd14d062e2034d9a30ccee5411d6563ff6793846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42077edf9fc348bc332851617eb70cba

SHA1
7f2ebba7aab2920a0cb708097020b8fe399be361

SHA256
7216c79e213dc6bbc520e154beb8346ee6dca12e5cb75c197ff42383935469d6

SHA512
5ec038739173f699dc6ddc7da89726ca52e623ed439f671a5eb7178b259d2a4bf9af4dd5eb9db62022c82652fd14b6c164b0c3ab1bff166d070f10960582d6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
614a549b292988f9354df0799611c40a

SHA1
6419fe23e9e257557c6c5a14db1f698e2b151914

SHA256
ad78a16ddedc495d1aea9445210778b5ff6a6bb9dad7aa170144dd8f0458ef50

SHA512
342823e26d94ec2346ee37b08c2e4c24614951e9ba2f3fec704ba447c0f62a40f524552dcf2f9f5c41a83614fad548fe67da57ba71140df8ca7cd9a857a77fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88a9810109b60231eaa5cb657f2fe42f

SHA1
07a84b291f095c9375041cac32c541510bf0f4cb

SHA256
574752e1a4fd55b2436f4871fcb6332c42dd6429dfe1795a43436e825d2c69ed

SHA512
af7c6c611e6e86b2211e3211b9f711c7f41fbe009d7a5d14ca09721b1d2ca231c2191e4c1b3b35649b07fa296b46ae38435791b5b4f047316a5c9540d11ff291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dacc4e99-9ea5-4ee2-a451-dbfd92bf1b2b.tmp

Filesize
7KB

MD5
4c1cb410d6eb2a04273c8fbefc678437

SHA1
26dd79faf16e072b7fcabc4367016a872faa5954

SHA256
fcf08fb40b114712b93cb89edbd7d1632dc8e17110bf0160a57ee157298da773

SHA512
77c09b2a828e79657bf4958cf374351ff70118e392ff77cb86566a8ba1384f43175d819fe8f9bd6b8836257002841fcf054607cc8cb0c5bfe7b580416b6d8853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6782a4eacc4b5e1700d913dfac654373

SHA1
abefd86a5e028b79ff4e5219595429d68c93abe6

SHA256
ed95d7a584d4f52019be0f41de9fc5c22dfb2c9b7939a56b6cde133bee8b2536

SHA512
7e3e98c600e0e16bead8507d8c221e961d9737d6985bcfa31c7fe6a591c9863bc9859b04824a8651b1ce8d3604be9e3493085b2513cbba9a057ecc8022422662

Download Submit