1d2431f69d3c937f3dc733330482549ba63eec4056b9a3ac09b1660ef85f8361

Analysis

max time kernel
144s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

419e68f4ee6b3ebf7dcd552484e22a82_JaffaCakes118.html
Size

86KB
MD5

419e68f4ee6b3ebf7dcd552484e22a82
SHA1

8a6424b5b40d512633f71649260e950e5fba8a3d
SHA256

1d2431f69d3c937f3dc733330482549ba63eec4056b9a3ac09b1660ef85f8361
SHA512

003793607ce8655e862d10e0a2ef3b8a9519edb47612f442b3e80496b720cb32dcecc6b70932c424a5bcf06ab594c212ae9c4e6ba900a29462487a77003d8a47
SSDEEP

1536:8hAhie87TkbFaQ9kbgi/QuaDl8/CVdjR0wyKzasBtmrT1NUM7VEB4kav/Rt24uJm:8h8lRH9kbgPus8/CLLasBtmn1NUeVEzm

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
18	sites.google.com
9	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
1604	msedge.exe
1604	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 4168	1604	msedge.exe	85
PID 1604 wrote to memory of 4168	1604	msedge.exe	85
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 4936	1604	msedge.exe	86
PID 1604 wrote to memory of 2076	1604	msedge.exe	87
PID 1604 wrote to memory of 2076	1604	msedge.exe	87
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88
PID 1604 wrote to memory of 4748	1604	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\419e68f4ee6b3ebf7dcd552484e22a82_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf44a46f8,0x7ffaf44a4708,0x7ffaf44a4718
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767623259829490398,15307780120306506078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e8f3f1d42abb147b8009715a57503204

SHA1
8c7a80bade9fe7b0d2776a730c568b545e6a463e

SHA256
a4e8d1743440ef3e3791f5e1723a9f5255e9be103ae21c837f9c33e4a2943d5a

SHA512
2bbd8075eb59eeeb34518e9ec38b254e38f790e381ff4222292243fa2df087abeedeed50380596584760f4157ee6ca703df49bbd12bbc30d2cc75329bb083b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ecda9f531a70c6f94e6286c73ce95da9

SHA1
a13255d3089322411846b2c60d9a842bf9aa60e4

SHA256
8f0670b1b0dc4c1ce3452606db079180e6b55c0d69345e91f9dc7f1896fc804c

SHA512
f6609a127a93ce5e85b341cb2316947eef9c51b35b17ce08b34baa0965126d9e2e3f10880dbce7727b307b669e0f080040afe67e5aecd5a7cb3961eee23f851c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c96703168c420b2d652ee3676ef4f9d4

SHA1
4921e3923577bba73cc0d7d7c3a308a8f229c02f

SHA256
2c9d02ecdcb338af12afcb50d60608228057f7f4b17f0b32813075c27e846888

SHA512
fae6726f0ddd8ac56e8cd2d08e974cfc1bb9b48fb8b3dfd1331ffc8079096e9ff08e5ae65b37ba81b9b7fa2007cf0e3c06c7a7a82a293f1ac73ff06a7499665b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2db2646592e8c94f724e5a2ba4858957

SHA1
52c4faf93e729b21eabe02d887c147cc7c37efcd

SHA256
5a72cdde7a6355188eafe56ae0fb270631323d0fb7e0cec08f566dc5f02ba6b2

SHA512
9998dc5149c2c54d197e20d473edc13f0adb794f056aff4eb5bb342658ca45a07f75a1ff5ebe62d267feb585d4a54bb3b369b03ae981bc79b691ba1784e3edb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d35aa6e7832b13f31855e3ee24fcd670

SHA1
c6d6373d8798159a637c3bdc87a3e60ae72cee93

SHA256
d18740b2bbdb323263bf4e09f1637a508cc19068ec59d77e3b0c815a2ab31b98

SHA512
b23a4e9c576398550ed26801a453a124dac11c099d6a93c496129f6e535017022bf716dd4d349e7e73593fa3f3af01053a41e3f5404893f355324fa78113e987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61cf70a939985c09f8ebecc55c0f2f3d

SHA1
abd18a4c301b66c42171d2d78627ce10de8df89f

SHA256
eb2edc5faf3724e4871839c8e7aecb2e4fc90a247af4a6190cd85e92640d5d66

SHA512
873c43c20aa16021af06bf9013434935f7086a4898a197649f37c9b738709b92d4b280f02233e4159c3c64e660c7fa0a04e6e7cb42186faff214b8e46fb8e29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
58e97f9db4772faf9b881ae24f37465c

SHA1
e8dc226bd7ba0e7ee2844585318aea9c3c1a537b

SHA256
17902a1072df06f7a3af3d64b3132d9c52ee62658b5566c7d6eca0df6af000ae

SHA512
98a03e30002e7eb1fd444003b433d398f5b8d69cd82ac164988fe026da5edfabaea04ddad32d3f21df8c071109afef6d2ecb594c4a339840585346471b0cfe29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ba10324060250be0d537beb44fdc4884

SHA1
83f144ac2daef9ccf5d99617f7c82613aef6e92b

SHA256
85a08bdc120a07cab04f8774383b28a4f618fd4c379f6be0d00f865e19a07e24

SHA512
a7be3d473565ca2d7c3eba88151dd0c134c953c8d2cbce73bd605523ebec3f6a26a28408b3637ecb0d76588357984666c92118a04d245298a2520e27aa21c347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
735d5e89d1f39093b26e4b8ed6961a97

SHA1
1293070d74c36767952d7fd92aa622789caac880

SHA256
22aa9d9f53939173720c82c9006c215de293e55708a252be7cefd7dab2275a89

SHA512
66b46d29dc1e3f754d223acd4cd0a5bf142757181a09f7739d9f331e657e12fa0b7ea3eabd543bfc77ce525f7e3b2f5c9e39f4a55993490944a4c4e2fe36daec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58920a.TMP

Filesize
370B

MD5
d6d50937a0b5bc7f7bd6ebe47fc53d72

SHA1
907750d0a97b35e423a2c342d28c34295fceaa64

SHA256
c9a197eeb48ccd2eb20ad23f9fa38ca541ae4c0b8edea0821434d923489ef24e

SHA512
37bc33223980bfd519e7afd132ac8520e6d80222728984088e76db4179505d9564e0d7f68563e9da204f5a526a9786f340fc74134d0d9566d19b778877cc6404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb10c0bcd274469ac8d900b52c0aa7be

SHA1
b0027b25efc4c72aa98c2ce46530eea515afbf62

SHA256
bfeb7d4805d1171f600e2e92f6d88f06f17d90a8dbfeb40dc444baaca55dee8f

SHA512
001fd8f3c20c62406e6d4ebfd594b0f69e866499864adcc740d671e676144cdaac0379d62eed924cb69008845c4454dc5691c1aa638d8acce6669119a8b81e8d

Download Submit