96d3eca0c194e2bc6e0cfd7096cd77b5eefa8d8d14d1cc1e9a60e75b40d7cb70

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78e2d5c51ccd88b5b9335673eab0680f_JaffaCakes118.html
Size

79KB
MD5

78e2d5c51ccd88b5b9335673eab0680f
SHA1

fea9a9a8395b6f303cb61bca9508ee7498e5b1dd
SHA256

96d3eca0c194e2bc6e0cfd7096cd77b5eefa8d8d14d1cc1e9a60e75b40d7cb70
SHA512

aed54e09deb4e3b5eedc7490f6a71c1c535f8999435979c9e76bb586d92b2476341625391949478065e4caa22fb9f38f2924ba281f207d3a974ce15f92f890f9
SSDEEP

1536:83WSuY2pWzjBAnHJ1t8k9NZ2/ORKzDX8qG+GszkYaq4Ulqsyxlq2XU+nIxO5x:MjeJ1t8aNiR8qFGsryFHnKO5x

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	sites.google.com
22	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
4752	msedge.exe
4752	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
2124	identity_helper.exe
2124	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 244	4752	msedge.exe	82
PID 4752 wrote to memory of 244	4752	msedge.exe	82
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1596	4752	msedge.exe	85
PID 4752 wrote to memory of 1876	4752	msedge.exe	86
PID 4752 wrote to memory of 1876	4752	msedge.exe	86
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87
PID 4752 wrote to memory of 4976	4752	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\78e2d5c51ccd88b5b9335673eab0680f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad34718
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7032 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4929093777818001686,4591650741851178005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\293aeae0-9c90-4c86-aeab-17e7870858aa.tmp

Filesize
11KB

MD5
e2fb3571f9d9e481797a203fcb4b9779

SHA1
1bfb091fc94c284e7210526f3f4715f65fba0d6a

SHA256
9c6d47ac9c7ec230d487a980f3f38c07f033a4403ab704fba08ebe27dd50d64a

SHA512
3e1e425c9f30460caf038161391061f083a44c206add7e4c96dae6688f44b15d9498117cee2a3d899dfe06f10ad77118b16fb908d8ae9efe6d52cc93671f7362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5398bca41a1523f2e402b1d6febcad1f

SHA1
c3b64d3f462d41ca597b3081effcf14e4205266d

SHA256
284854ea43a6ea004b6ef9fc31eeab3ddf8e39a29de0be342440aece198cc5c9

SHA512
31dfd30916883ce6ede11f77d8d6e43351c573e8fbf68df5c9447c2fe6f660b5e83f32121477cf7742b01d168b2f71435d12622a63f5557d88b1358ddec2a52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
25a54b2b43ac284d828f4831aac72e84

SHA1
3e9691599f90f6b40ecba3b19e625b95e5e6ed1d

SHA256
d16ff895e6772ebca2d00c155eadc8a745212557bdc95d709f390f4553bb47a2

SHA512
f5e182dbe0aedfbbb25373ce5d2fc9cc40388ec6b033632520f2a542f8edc0c5829d8c62b0b80e85ba0d3903f031eb0ef6fbb8e89a291043f82ce5840b154adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
12675e12e34ad17e2d22f177801cfc9b

SHA1
2c1a3e6158e6eee3d203010f3c9f54a8f9ab1968

SHA256
0bd9eaf0aa31d47d6074b5d080783de3d536dac527816bcd9750d8b5c8ae7da0

SHA512
c262810aca0ec8e6c123ab67cc2163ac63017d0afb51cd6ce807ffef812f111abf4fe4a0fcea3ffdc73e97c1a57babd9739f9907423f92c0fe60440d1aecf50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
92de26ab49a04434674e1c0c356646c3

SHA1
4a42de965fbcbeee546ce625764dc4a4c27ada66

SHA256
79e07305e35c62e026d2b6d77d12b7617bfb4fd7e4ddec63ff30e0b29fa3909c

SHA512
ad55b5646b6b789c7183266be29fc099caf15c6cdf6af8b60896128ef2677afd302b717b49f40b99bc2baa8deb560a6761f494be3f34bf107773e895ea3132af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53195fe4b613b81a1f64a39957b0fbef

SHA1
345706859ab92578e76b6cea40ac61105ef211a1

SHA256
613c4fa0846effef532a4787290abaaa36bf1d55f3dbfe6256c4b78101455251

SHA512
c8fa31ce4578d0eadaf16a9e295abaf7fe9549e853dca4f5dd217230205c1caa223aa8e12c020604b118539d39b798c9de6beed486a364f993c92639eab93c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
285f1ae8784ef483c2108e39ba62826e

SHA1
736f7705ecc44ae52dfd823d2c54c74f037de1b4

SHA256
dab873d8549f23de359a6b16afa9cd27e4e19afe4f07486753453b70a40c2258

SHA512
2880d5be18251c69ccaac163737e9e3d14441023c8e246194409a3a7ab3ac7b065d3adc4b4ea608660b6d0c175878b108e04b7fd0f345489eb7e2fd981a48f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95c75bc6c8272ffaa805124e08df1bd7

SHA1
56d60a46c5b70d99bce521461f54024720b7be96

SHA256
bae9c1b510c64d54d6bd8187427d0b7354e2d10670bfee5c1e8c4bad2070f8f4

SHA512
4b09342bec164edd1e164bc847a3df6a1db3d5446decfd842801fd6655dce657a198cc84b43b57333441fc23ab6d294d2ee17d66c5bc5e56dc6414a666426de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b83783d722c4f8af8b867ed1cc8ffcf

SHA1
7606348cf791a18af6041b96029f204510437b47

SHA256
2749ecbc244499c0a5d56fc548c962c7647981780e5c45f41409119a9e7f4976

SHA512
8ad6ee51563cbe83a1e352936cebef9e2813fae8605dd27e26bff75b8cc70f69b53e20927dfb3ba2a8b7519dbafca596971b069dafde3b6a4134e78f3eb9412e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
70ea24dc9cf4fbdd54e0e27dc05b02f9

SHA1
a6273b37c92976199768c3cedcc622dd7e4f1c7a

SHA256
501fdd7565521de7ceb2c634d1ba54c1990c8e7fab328c276bba3e041f32a574

SHA512
3582390a72fae412feefef077663ce58d5596ffe7ddde86977a65ade2146523378b4e975a0102cd36322501b282cacedb64ee2d6e7234cab20d6dac9039c4c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b67dc90287f11acc4ba60b6ab3af4168

SHA1
efd0c2b44e6edc095fa689e9b12cadb4b8dec546

SHA256
3e60d4663c104f91f2343be6636f6d4fd245e6d2f98e6d0457c27e86fd4cce87

SHA512
cc81c995d159c1046752f037b6e0fac197336e76682617e12d6e18c8e30467d5e072c55ca98081de768593928c56af5e3f43866c3e8656db9b9666b77abfb26f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582805.TMP

Filesize
705B

MD5
f4d7bf948b88c33afa494d9a1b5d74b1

SHA1
49c93f1186f70fd0978f94c05dfcadba86bfc9f6

SHA256
1238875fbb1e07f276c3012dcbceca11de36576b7a37ad6c59851e4339b187ab

SHA512
ff0ac3e6747fb57ecb698185805e6c2b57c5ca73f8cef9d805a86f6a6b1a198567a35d683dac2f4bb1039dcd4f9c65e57fcafa45b0f2e30512c31de2acf49b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit