af0af11a7de3452f63552a08a9b8059632743f5c0c3b525a8fc939b15d16e180

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d57344d3f15c1ba757daa2a40e338d8_JaffaCakes118.html
Size

145KB
MD5

6d57344d3f15c1ba757daa2a40e338d8
SHA1

28d456ff0d321100d3e522ccd9e2a4f7b06c9a1c
SHA256

af0af11a7de3452f63552a08a9b8059632743f5c0c3b525a8fc939b15d16e180
SHA512

4f7708fbcc5de5e2ea311f57409ac4b617cc62ca6dbc85b578de3a3511845b1a22776104889b8249e5d6bcffbc2c00af8607ce5ce2bbc6a065b46fd89da8d183
SSDEEP

3072:rEXfM9W4JklcXVo4+OsKftXSp2jFng1sWwLLlrQTWn+AfeV6nrHKfAvwCB1fJDWT:2M9W4JklcXVo4+OsKftXDng1sWwLLlra

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3340	msedge.exe
3340	msedge.exe
380	msedge.exe
380	msedge.exe
424	msedge.exe
424	msedge.exe
424	msedge.exe
424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
380	msedge.exe
380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 4072	380	msedge.exe	84
PID 380 wrote to memory of 4072	380	msedge.exe	84
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 4176	380	msedge.exe	85
PID 380 wrote to memory of 3340	380	msedge.exe	86
PID 380 wrote to memory of 3340	380	msedge.exe	86
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87
PID 380 wrote to memory of 3336	380	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d57344d3f15c1ba757daa2a40e338d8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb263f46f8,0x7ffb263f4708,0x7ffb263f4718
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10950009896751342377,10803233264338452508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10950009896751342377,10803233264338452508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10950009896751342377,10803233264338452508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10950009896751342377,10803233264338452508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10950009896751342377,10803233264338452508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10950009896751342377,10803233264338452508,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
108KB

MD5
cf7374e7e4c8fb06863dc0edba52f63e

SHA1
2a580c5dae6aabd3cc04347e4d3d8419fabd96f8

SHA256
8394cab419912b41405da6589f0ffd7f1b866d023977a5ea2b8943cf45e58a0d

SHA512
ebe4d8128c8209de53d3627f58aa175ed071edb9093369c211203dd3aaa2a520eba46724314ffd86d19d6cdc0093237ef1b1e1e62b55ae43b19277e373e502ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
2424074d0d15f97ea3089013e0083d09

SHA1
6a7ea3eaead1f0eab7110f41c93211e2976e1eba

SHA256
b0516d4e8253006ab33be8d81262e93a439f32805346f2336c9fa428c65d7356

SHA512
dac88d61ce3a3529d0292f7954fbe811174fda0edad62465d8581a49a3f4cbe15c32678c08427c7c229de9c9c23529a3a1f4f846ec677c3e9ef9c0407da167e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
204KB

MD5
c326312c7446609cd30deecbca70ea74

SHA1
9351c4b6b98bbe8e6f2dda0c10d133e0772a308e

SHA256
b09c297977627b4bf86c24fecb7fc66589d3e39323cc6221615b17899d9b7987

SHA512
97ed1d9eb790bc68fa023685a0a385938f76b23785df5d6d7536250a3372fc55f2d1d725ba3b55cec4befea56e942fd4354b96073aecfb3ea0352a14e9df4e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
73KB

MD5
643ba0fe789a17f0c51e03c8c928ddcf

SHA1
b3a74d44e0ffb4d81143fd6180b7d7d6aaf93d7c

SHA256
09866ab4f9d6dacaa1723a4136e80ae0f22d8888ff29851e3b1bcb1a493d8276

SHA512
8c114646d88ce738f4092043f516debd253e6aa7a517f50467321deaae4e7c93f24e6aa3c564d58dd7fe2e2dfeccdb3c27ba0d728aa973d56791dcc13f1ac2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
4242291923a9bad7896a8b53f7c27f49

SHA1
75e55fb7f58103037ea8ac4118f09a83fc93c1ac

SHA256
18c1138bc01ffdbb5a35bfd5c057be473ceb9aac4c81bb3b321b251626c8f91a

SHA512
181fb16ceb44a7aa7777e90b2e6c46fa92164423609f6ce3ba97cd0a81c6a963dc43f0e8b28c0409e04b902733efac1f13e24967ecdac7e057bb9e59bb8df661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
239KB

MD5
b72def8060bf779814cc5ba0968dc96a

SHA1
fbb9109df692b0042b2013f6edc32ff3ce2aa5a8

SHA256
b55a19d1a047dc57cb843c82d17f2222af2d9d0a12f68a10e04dcedf4b6fbc3c

SHA512
6d5d9f8f6e4fa1fc617c8cf7baa2d34db383e63d6379d08e70b2c05b662029bc1a95e3bec0f5d6d56798f83ed3029463902ae3a84f6580507c7c56b911d21715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
78KB

MD5
54a99fc34def525df5f7dd1205b9e39f

SHA1
c16ba631043d8461ea8ffa99b40b4bf93fed7de6

SHA256
6eea2f6b9e4562a494bf42107229390167c380fa5886393afbf8202688d79263

SHA512
f1a65f16ba0f2056169ba68c3fc49343d55ff28bbacb8b9e928e8e5921521a83b9e0c9bf4971fe901a899c19f91f94f66ab4d2e31a53afff37c1f14db845a16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
215KB

MD5
a20bf3b8ba11f5e816abe6601ba098c4

SHA1
907f6fd9abdc9641d47d0b58d3f3933a421e68fd

SHA256
71bb6cc19bcfc7d8d23cc4e02fb7bf14d2137bc8127c0bac93dbfb7504e3ed35

SHA512
bcd35ab7a15031e2e51fedc7d8bc807c8c68fd09cf14fcdb70e6a3cb04b1672b663ec9e3503702e20ad0cc0544e4a1c4efb70b915ee94ef5097f9cbac9c3f430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
63KB

MD5
b2cd3f4ae9677bed0870db3515e31762

SHA1
b9f9e17d7817112666ceda2333ed1a5ba663ba25

SHA256
0136b47242a1fa898ac1ea325da05358d8a0662284077bf34d47519d0a0b7cf0

SHA512
f1023a9324b606c97f1967ea664cda60924a708a77c0d2da9fa1e7bfd10609875d9f1db19207d9c67b5c66b77f041c8583e0bc5a49e49f89092d7db358169441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
b3b35e06e02b80c7042db2db51fb05cb

SHA1
4203b8f595cf899e73c656b5fa1a96a5bb024394

SHA256
4bc7c4abb515b59fde58038fdb729075693d5f25be7f5922ee2679f657131f43

SHA512
d82655580d50c1adb532418e8a05c4033ef8cf8d7bcbbee1b01d7d7f016e2e4c3c1665de91999d41227ae0ded3fefa64d418a8a1be5c04f0d2379987e77f46e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
148KB

MD5
784675d214c1b3b96b40a9a3f92ee1e7

SHA1
7983d5f918c609f7b0a7dd37edc1be40bce237fa

SHA256
16f114f5e82a82095a47970587e2fd9dbe4d72b36ce0a64977d437df73130db0

SHA512
45c5e86226f27718b85e8d9c7e222524073afd5d06da160c5e3903e0bd6b095948cba0e7c60571a61683ecca76adb9f8251d62b83818b4837834ae4b539ac1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
258KB

MD5
6531b5184d79843e74b2f070d2a02ff3

SHA1
8d77f48fb643631947b46da72839a9657ebbbef7

SHA256
b7998e42ec6c05283cab386a0d60d3645a07bf50d47531aa6df82545c427df20

SHA512
aee6631f5cf68c745d2c0d317e2402d6c154f360905912b2f2089d360869ba951e3916a1c3018b39965f62493c9de66a9e871afe6df4b6d601c9c0bab0f80c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
265KB

MD5
47bb75d20117ba5317198f9d2ef9f368

SHA1
b161fb091f6d419a41eeca7960f8674c3e0d4441

SHA256
7c509afba30b8da4ca96a261c6639f56d8f20891dc02bb9b75a5fc232621e7d1

SHA512
e4a9c95411bb22edc3c4c00d2c73282d24147af16eda266e85d2ae49e656b09b194260ed5326c57fe7c86e56839d96f26759d1d29eab6c762dfa2737fd30df6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
87KB

MD5
e4805631542ee8563335a1fac4467019

SHA1
30f7d095a07db6b7ffa71bb6bb597842ff9cbf02

SHA256
3be0a7f14189a05adb7bb99065fc71708a29e16963f2032ce57111232e714603

SHA512
fe52361bfc2d8621e71e7fffddb93fd8c3dfda65a57d6781325e9a0348f1293e1d0dd0d8332522dfa3c097559173c3b7e6335165b3e52d5e036b79f0d3eb9f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
215KB

MD5
acca2accbd26b9cd8a4b9aff895b9282

SHA1
6f2e0193a3cd5ab842c1d9cad07ec7b84a28ce3b

SHA256
13ba91cf7f3680d8f8fce13fbb826794befbc546d44ac1f1d136ea936f4cad91

SHA512
9569b899c5fc322079f9174a7c293872f0e8a4bb4ed1ab0e2f9d5b40e82fd36f557ecaabca087ee404948cd5a273b72a91ed128b5a95fd2e9719d6ed15f9023a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
683B

MD5
88a69aa4be3eb8fa2b28b4d555655738

SHA1
057eb220fd2dd9dcb55163be33cd4a43c10e20ec

SHA256
199a301f501a8bad06325e21c3a626f2cd96c4e04e0e959cea48fee7c9563c45

SHA512
dd97d94eb5b71ef8992798114cf321d1cc1f63e0c0b1edfc66a4154b9afc392a88ac4319c087c2278c8b2f5985320359698f0517a2c0d349d45cecdc8d6fe457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
683B

MD5
003db31fa083598b181f55152db439d4

SHA1
762b967bcbc98e606b8765e936e2f3f915db9333

SHA256
2e3aaf2a3be61a2531aa2d801389a0054b5cc85ff2b1c9be2cd51120f0f6c4f9

SHA512
2700df89a5089e6faa5bc04280173b3fe26d754b037ced72a0e3f8582e89fecdb14b411d314d137531773f5e3aa65b2be0ae8b3e1829191abd6d65556396d354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60b4f5d1e92c67c535c7ab6a1752b523

SHA1
0db385fdc71a70bbe19ece34269e0de60792c11a

SHA256
12d50e122c5cc9d07b7ab460c090ec68fa3ab7da01a4a791db276df6e7957a2b

SHA512
bf18861c9e17963fcfe5fa5008bb134ffcf439032281d8d11c31d214f555c1bd95d77d2933829dffaa8f0e7f0bcc588c106cd25d20b3955ffef56e86288cded9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45c6f5b4ab262ca50016597091f48bee

SHA1
6c2d6918e909d26eab131fa31746e0c6c519ce23

SHA256
4336751e1c922bde0f2912629429f965942b38ac865b157c8421d082864aa79c

SHA512
9f2e5b36ece119f1ad8539556c18789d2b0dca1636d73badf09d857885f82543fc8c74258bd32fe61cba729ff9e77ec458eb724374fc555d48ebe233f4aa9c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7c3c1e3307b824ee4f3b4c4e5d437317

SHA1
9d988b811cf3d66adecff23de1d2c3dd0398e343

SHA256
374d2de52e0dfb78c1f0f4bb7c740ca59f612c798144d8b0b20054f5879f659f

SHA512
311cc74b0063ca557723239612ee1dda28676de4d29066c4a1c86e8147b2bc71a952e65f9913e9c4205a93765a74e4335492a7b1ea5608f44576c168f135633d

Download Submit