ea0e6a102d8918aa6de8cc392caac783b8fc85742991a9a929f137d6e39ef27e

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a46cf727c4ca0f0ffd74a9e8ffe80ce_JaffaCakes118.html
Size

97KB
MD5

9a46cf727c4ca0f0ffd74a9e8ffe80ce
SHA1

9f01d95d868e98cd46680c69c57cc39e221b18ba
SHA256

ea0e6a102d8918aa6de8cc392caac783b8fc85742991a9a929f137d6e39ef27e
SHA512

6b266f69932afca59921b52da6712b90ae33e403707c4cccc62a92ed2c34daeba1b6f9d63ed94fad4544298445882042a6af47349330f751a51688f50b8ce789
SSDEEP

1536:UJp49RUHlgvKaXUP0Fw+e1XJ0v/YgThPXNFGB:Uz40pHPh35FgThFFGB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2600	msedge.exe
2600	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
1224	identity_helper.exe
1224	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 228	2600	msedge.exe	81
PID 2600 wrote to memory of 228	2600	msedge.exe	81
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2316	2600	msedge.exe	82
PID 2600 wrote to memory of 2788	2600	msedge.exe	83
PID 2600 wrote to memory of 2788	2600	msedge.exe	83
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84
PID 2600 wrote to memory of 2280	2600	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9a46cf727c4ca0f0ffd74a9e8ffe80ce_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8354246f8,0x7ff835424708,0x7ff835424718
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7058815392062739967,8500837314402772355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
66KB

MD5
0fe383a7ddb9bbaefc3105b3297f5583

SHA1
f80c9d789f251909c7560bd91a9e1b9a10c26362

SHA256
d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683

SHA512
31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
72d057c002fbfbae33784bdc337aca64

SHA1
c8da187d72f883d2f0afc103f1e4a95a29b2665f

SHA256
0faa01112af338c3c0470986276cd85e8babc2f3abcaeb4f92980fc4834c5b3b

SHA512
1ddb67f6c566c8dc9f981a85235b375fa365ac860db47f31415fd5a72d2203faa9c1f802eb8219948dcef37f56127250f066e2982e3b1647d17e1bd7b0f21111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3e5e7c4da6fa12d5d21e3e8bc6db39fb

SHA1
a2bdc0a6531e77d80dfec79bd63368b957e95f6a

SHA256
a206c9e88a527e420d77afc8149da48452e18585983ad921ba638db0701a7e9b

SHA512
a5067c138a26e5fb9857f21d347dedc7ee25e226840d33cd9bd1b75807bd18354c0f8437cb712bf42bce1c6d29f187b456c009eb7f4907a25b0c070f839c109f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
244e6cd7eaec61e2d46967a8d2107f54

SHA1
3b9b41405edb292f66a3e55c2330d87f423cf52b

SHA256
48dc4d99c6fdbf1e3d3d3ce1dab6f96df0c9090ad4e5acabf56e69412e101af3

SHA512
8b1000cae39468d097e895e755c167fa2b3036c22c25713a1804724bba22d1503d327319f940eff35ca3226906a8a200559a6dfae84e668e0bd0bb4cc11f9e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
67e34d4fca9454a9fe9db277c9155d75

SHA1
173588fb0f9bfdcda0ad8bc570038b38f47d04c6

SHA256
95b801da5192cebb907396bb00760664c8469f7e8ccea814684303d9bb33fdb1

SHA512
9ca76c44a3fc58c41df1f98a4e9209f773a7293152f3e5b9c1044a451ff517e0a745bfdd71187334bd01eb62a7fbaa6056e8c49c73d1920aa1c8abed59088ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
68ad37333ce69626002741064de7bd33

SHA1
544feac974c16096eacc3272a76ee499c871bd66

SHA256
87194d5ada916d2fcc744677c4d82d4c848563b8b2f1cd68676717101ca3a997

SHA512
a3e4979e0346d503bb1e029261f3fceaaeb30bdfc3449b28170ae2a7f3e84c037309e9365635cbc03601c8b7f75d0afa7b72316b03eaa44734d1e3d6ceaa142b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02433aea0f016d2d4826abae641c34c6

SHA1
de7e526b394bc647446a90d949caf7f2e5f3fe87

SHA256
c0e97acde748759f2d182e4502d89fae754a831aaa4cf402e716f80c54a329ed

SHA512
b564cc8bd83d3728be4d91470ca4fc15b34c80ec1a01e22a4d425307b5c143f1206671d4a6dad81e721ab10af07c922f6a506b842c64fd14cde29f20a4bfc534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a2858dfea825da70f28588b37acdb71

SHA1
64454b093da15b39d0c3a4ec508ca0ca817a824b

SHA256
f778ec046a71a9b88d43ca730663a7f7fba0887331e28f1dfeb7751cae09eb51

SHA512
293bb0efa36cdb98a6bebeef57d9aeef6add5a6f710f4574cc99e590b54235711770fadf559915fab4c3d609a82924efe2adaac9fc8e117d07ce59d3eb386fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0061ed339a25724f9dc2f3e32f5aaf5f

SHA1
0a4b68ec87c33c0ef898b6486538412a19b12070

SHA256
dba490ee7a23fb9857b2dd0f7bdfa807e8b54dde0bca6311c33e5b5e6c601759

SHA512
45235f100e036cde387c503f4ffb32bb8e424b10fd4a168e1eab9da87a55a7cdaca7b4abe7023eb9f4b448442a13b331ef82586d739dcd23087d3121b72378ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d328147f6688f1201be7916d3360b30

SHA1
aeaab926dcfbefc18b724e8f938c06dd3cd62401

SHA256
fd8d36aa8a55cb5481943a28819a63329faa265495034a1b2355ddad089c11a5

SHA512
af8ed63a25bcd3596990bcf4412dd0f32a26c4741d0ac22feff3fbe8028ac460f9834f0be658ffab49df197fb58d9b65e1b189477c87ff1bc05302ebba8decf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
700B

MD5
b8ccfe8125a268fc7032962ef47372a9

SHA1
82a03a8da841ed1f9d1436162bf46348e95a3002

SHA256
a2732fb6d32ef844e5ddf70f0b280aac0c2f024cd2c36250f4d7386b1a5fa0f4

SHA512
937d96cf78bd209ccd1a72b0a110f3d3d84d1ef0b90deb69dec832010643b3824e5b94c5f6e0db63b5db85eff9ff5869afb7d88a6571cc70e10aeefa2e16c82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ae8.TMP

Filesize
370B

MD5
782e0d4caa4c2c6e4f27e332b69aeb58

SHA1
20c1af8da22f0801ffb2e44239e2c99aa215f258

SHA256
6efbfc2d297cad750a0188cf837c67669293eae71e1ee3a833f29c9a27b86441

SHA512
4c9598c3f755e84ac58e7d6b76587ff762e54e92e48a04559e97a4589a2d4e368ffa4183e95d75fe1e942ba9d91ac0d96bfe8f5c4ee8107031f55019e6b5b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
74c5821eee9c65cba285d281df8d047a

SHA1
9b363d330af6394008cb6d93c966ae40ba38793a

SHA256
572f97c4d4b0eda4a3c7c08018b27d3d2b19e3f4bf7c15979e21a708d29b41d0

SHA512
07d77b0bcfc6c365a24002d0cef6f2485c9f4669819b4d43d4be9444eae07fedf030c3a9ed6beea0440866e737e5df118e289b82233114ce2717b5850d0616e4

Download Submit