467ecd0a72f2caeb02ab3ca7930fda5c11701994754aadc9a0ac1b77ae57f015

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7427bc67c8e282c6a95fe2bbd9a45746_JaffaCakes118.html
Size

199KB
MD5

7427bc67c8e282c6a95fe2bbd9a45746
SHA1

0c9141cfa85c62b3f65476c6838fced99ea3cba6
SHA256

467ecd0a72f2caeb02ab3ca7930fda5c11701994754aadc9a0ac1b77ae57f015
SHA512

3d5f73eba06c030a8506d6ee483ce0d584b81f186d83ff35b32ce6a6e4d0c91aa3c1bcb238c1aeacd6edfa4b025aab9cbd5fa8fa826460faa45fe3a733781a25
SSDEEP

6144:Sew3cIIIW3G4k5QhL8atVIiVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4uO9mge/bE6zB:ZicDd3G4k5QhL8at2iwMIsuQyf5bTM+k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1768	msedge.exe
1768	msedge.exe
3304	identity_helper.exe
3304	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 4112	1768	msedge.exe	85
PID 1768 wrote to memory of 4112	1768	msedge.exe	85
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 4464	1768	msedge.exe	86
PID 1768 wrote to memory of 1044	1768	msedge.exe	87
PID 1768 wrote to memory of 1044	1768	msedge.exe	87
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88
PID 1768 wrote to memory of 4948	1768	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7427bc67c8e282c6a95fe2bbd9a45746_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a3e46f8,0x7ffe5a3e4708,0x7ffe5a3e4718
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16048933913382467877,5515803720026041129,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d60c4fff2d606d835da3d93d04f2ef35

SHA1
c571896e170d4d7f8a227d2706e47fb161743034

SHA256
bd4a0710b89e3ef4667307a3914f39d7375473f5760364eea1e4b1e9ca4f77e9

SHA512
f762e9a4729c29a1561365b01c15cefc27cb8ef384a71f6207f9da0b2d017225a081a61c9841a26d55a74ed0075bc56c62061a78e0903ec527d0bc1dcc1cffb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
84161a3ac58a1bd1c6366fbe3b8b28b0

SHA1
44b395f0c0790300d4ca8edbe73304469fa7d81b

SHA256
04bae26525747e5562d325c1fb0a1a2dcd57204dab8e4f84a729d020e3663ce2

SHA512
2cec29e1bf5c3af6f51ae016ccaddf6dcd43d574c3f128877ff334248897ae7ae14ab603767f5a42333b8f174b734d7d15bee79a5ad766a40c407764fee1f262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4b44101b34ae7dfcc2969a35185ee4f8

SHA1
642c41827b5e1ae2bace86e60a1c33684c4de715

SHA256
8f01bb79b5d9b19135aca8413f0c8790b85efa79de1e09995b74cc21f2d7f7a2

SHA512
67ec32d6d15f3ef4f308e7094548d0f2a40a7ce8a29283a2e80fd4f07b0fa92d43eede1a52828a7a4bd5f0c26d5f76a4fdbbb3ab2c93bf01d0f887463718723b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0c1dec91104b09670f0bb861fa3f3ace

SHA1
d1c14626526e86013479599d0b39fe25141704cb

SHA256
1f91a70148402acca62abef73b114c4733b4eced04de84a2f7cef6e935b3a816

SHA512
f1494ff09807c6a0bc70a2bd33bb61d19c6bc88ca376569b7567a1d6dc5c9995e9a626219cdb407b08f1a6009d7b5e3271a67d6f5a5aeb1f5fadafcfcfefc150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3f61d0821471301d71fe35ecc735ece9

SHA1
2099b35955840fda647fe0485110c21e0b2cd053

SHA256
91940762f9aacd1db721766cd67817483c06c2f48085c943ba1912656c32a8ed

SHA512
0487aafec9856ea7a8bc2e1c6bd78a6b42b4c85b51062c0618f1e92c9eaae9cdfc2d8fe2bd6c95eea9e23002daa6693b625543449a4d01137ed4ab14ba13d468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
507a4f4f8c7780fe6c1cdf846dce2113

SHA1
01dd467ac067f8190aeb05128dbc3e436f561bf8

SHA256
ffd8eeecf0b2b5dc88b4bb45e7fd4f0ad5389ae507f4c17755ae6c1178a091a2

SHA512
56473b69ec1566a5e726c5468a12563d1df1807fb06ea31d3fabcf43b2724792371b6ada0fde21b46f4ad0cd14ae28dd7e66fdce3fe3ec99f1dfc6a53747ee00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e85f074c23ce2eb9915e8a4ebce0fe9

SHA1
5b3d3817c6fa758e4ca274bc831592c9ee0a309f

SHA256
9c20bf3f823d58770957a72b7aca5659a96d5e8f08bc2ebe42321a33259e290d

SHA512
b7a3d67e3df4a25df5937986c4350c16762d7384f05e340d10f5297690f79158477625eb9bc697b62a0c8ad62d2d277d6027457df996fae5512489e61edf725e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
079ed04048d05b92b3eb07e4762d4d42

SHA1
9b4de98b5f8576091f1417040ea4107bc7c2c335

SHA256
53e01ebf35581255289e179367095f3ad89d231fa84a2ead8f2c1e48c5a0d71a

SHA512
041355c63a0a74bf35517ab33d201f4ffc9b1d3ca85840ec8874943eaa7ec0dfc0185e03d131a48a39a760a551f250824d741cd2817f98fd9417f36352ef14b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ffae5d52b847f1857d3b8ae851bb1303

SHA1
0de9a3caae722dae9728b46576440a5bcf3b93a5

SHA256
23dff7d0e2d883fa94a141fa0fc892f5f81dd61110b56b9958f12175d8154a53

SHA512
7a02e886bc0d46286c91a60d1e2e3bfb29f47b848ecb0b637ab9aa837b474bc0c825836ce3382d3acf061049350d1a2b851fb4be00205cf240899c8189af47b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d04d832d1752b014972f994c587b34f5

SHA1
ca382bdecaf33490ec86dfafb95972bfd6c124f0

SHA256
812213eda54ad505acab1b00c1b5d7233a71d465b7cf87854cf6de628c4315eb

SHA512
ab7c66834aaed7b98e094a64e8fb46a37377e2e4a8c06905b35809620067303aadbfe7aac0be59b387d5eefc4ce9da6fbdf8371767dbbc8a9c3eeac4f623ac51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7855cbb050ac9f20aa0e7cb937be1d91

SHA1
f50fa6b090933f72f59d91e0b7c65557b2920580

SHA256
be172d6702a04fc60e8a079b0d94b9015392b440b5ef72e0038bc464dfa43a82

SHA512
dbc08fed21ffa865420b47e151dd107b1481fd0e5b7be445dd106abfee103105c7b49acce2127173d5f4e1d64ee1aa3ebd17191f06075d7429f1421ee610604b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a2c.TMP

Filesize
203B

MD5
e23e801050f9620939123f814440941b

SHA1
b59ebd680d27a56a25d120e1db308a3e9c9842bd

SHA256
a16249cc78a8bd1020ecbf16ff98c2575a6fecc826387389fc4b0eee2c10fc5b

SHA512
cc0c2ceb0629d5460fe61e4f4a33a387ca62d72a138f9c29c67a99cac3e1a119e615067eda17e0c839f545cf71dfdc98b436ac766066f0127638d8d57f253b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0f99abb17f868fa0796024ef84f33f0

SHA1
ce46a955f673f366a3604c0af5dd1df49d68a825

SHA256
2fc30c899dac7db634049bf3a4c2a786def15bccc73d2cbd3f5bb3dbc14c2b2a

SHA512
19312ca89a3df76e5e0988d51e2a66378f5393972a91a256056fb94ab2343f993aae1562673b92d3265782c538ded8dec578bf14d7c9f1cf1ae4bd9d1456ff11

Download Submit