f0b5ed56a6df2cc77626053b062c0352590fba64ce67eb8bbea43d377bc28c48

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 22:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2b379f72c48ff0647db0d9d4b6fe32c_JaffaCakes118.html
Size

93KB
MD5

a2b379f72c48ff0647db0d9d4b6fe32c
SHA1

a0617bbc7330a26bf6d66baed06e13ec97103515
SHA256

f0b5ed56a6df2cc77626053b062c0352590fba64ce67eb8bbea43d377bc28c48
SHA512

01cd5bc681be370980c6b0ec7d6e060f771e33376123f899aae76ed337c21e9d2aa515e1dfd40b99eb64381f86959e451a5c3dcb79292d4608e0e46d71a3c822
SSDEEP

1536:qyfCNZn3hZaAmO25IO9IXOwMSvnzChYN6Pt4:qyKNBzrM9KOwMS/zmYN6Pt4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
2416	msedge.exe
2416	msedge.exe
3516	identity_helper.exe
3516	identity_helper.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3528	2416	msedge.exe	81
PID 2416 wrote to memory of 3528	2416	msedge.exe	81
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 3860	2416	msedge.exe	82
PID 2416 wrote to memory of 5032	2416	msedge.exe	83
PID 2416 wrote to memory of 5032	2416	msedge.exe	83
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84
PID 2416 wrote to memory of 4040	2416	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2b379f72c48ff0647db0d9d4b6fe32c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97ed846f8,0x7ff97ed84708,0x7ff97ed84718
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,3384530951122030216,14388124138639490154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1.1MB

MD5
5a95a6f7f45c4926daa431adafbae30e

SHA1
bd70cee7984f0e2f515112b973d2e5e98e500a0f

SHA256
02975b858cd3dd08c2d48334445661fc8f517f111bbb5e0d7314c0975c9a508d

SHA512
6686b8ce36e4c9f3a6f884760d72cee351ca65865e779ee07abd741d5d785cb94c6e8e57633f0152ac7041d8c1b5fe6558e88cae5a984492ba371f7bd94c3954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
2.8MB

MD5
09f78ffdf6638042f94863bf4129470c

SHA1
189e4b544ad594ba2e241c5008bf0b9c38283471

SHA256
8c7ae1d5e772165d33e8d4835400cbee3d4aa019e86ad36150c63fec05422b28

SHA512
f263be84f524abb2a45d79a3d639906d200354e11474e6857d590dab5021d74b09cc5ff13a21f1050b7979aaeb9c094becbc640c5edaa90482a37de13c7e875d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bea38322ea004899062e2614aaa1d39a

SHA1
fbd9e85df3b35070c6ffdde957164f8ccfeb526a

SHA256
bf1cd37ae5405a4055c935846b6381ecdfc11cf772e0c5caedc9907099975072

SHA512
27850a206e0069cac4e31c6456920e4e78d5a27760cb15a7562a39bfeff74096342d879e7a0f02ddc55ae5f5b11d17a7d85927ccbdc2eb330851a4952bb9e358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
fcd2d580597ad911d6dce2ab38ee1907

SHA1
63648d09e8c4b5695fd3281b6b35d506e9f87570

SHA256
809fe2321736045ce8791ef5683f9156465cdda38b0d70115e8226d672ac3977

SHA512
8812a28fc7a136fbcbafa529aec375192ad3603ffaa9e5fb91a9dc340022aeaf2fcb370a32db00c6659956947df442804757598ed9494609bf2223ba24fb4101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
f8bf44a4310c213103e399c02be4490b

SHA1
4179c9ffcb8e4493379d68bc57df77c8ba474904

SHA256
fa969e638d832db5696adf3a3c60f14b86125fbc70b9ec4a0b66003645ed2244

SHA512
9a50ad12b6d77a21caec120c9b18048cd7421933ca8ef250ffd2a471a4ccd4edb9beb1905e47be9967ba0f7c5e11f43d10a14a29c05407c9a98f20ebea1ed79e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
eaaf4f01c0b3589d44cad4d97204ee07

SHA1
e06d9760a0917e9eef46862583f9465af9261c43

SHA256
f7c0f0b5d1064fb28a9439b8842c5c6fd27646f66eb95f65fca0db08a485a521

SHA512
d57c7ce52ebb19426be315f3f72ceafd565f4c003d68cb693eec676a608196dfb306b1a37d1e28630a8ac3388f289547fa536cac0b4dc9e7a56c3140c6dee96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5aab0cc8d583906d32c12dee8ad40585

SHA1
d88e0d58d48d6b62d7f119562fb3eb3e4e271a1d

SHA256
6187c3f539ad20fe6ab1aa03dc0543a889648c02083a9e546067a3adec086e7a

SHA512
17529848e2957efa994ec2cd5fb98c92cb49da0dfd859f5c30b600403e816643ab825dd88bab9aea5e67d6ba29cfbacd44370b585e3a669b8d9e3170068856a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee38e35cbe4bc8620e877e87439d1af5

SHA1
5cec39a7a452aabd35caa4f7165949047cedf86c

SHA256
a8e454898ebc85634099d9685e5457a17bb931c5c87a8be55ea973d33cda11a4

SHA512
fad2a383a980c9500fb9394e3ec8d757773883577b5ca8c6231a22abd0ac7a92c2cf010dcec7a323b316428a945efd1fb862c60a5e2d8f29be67a0e11283fe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a29a331f30983e5a50a29968db23ba82

SHA1
5043821ebd9ce632d785eec13d55a44d1585146b

SHA256
a2cf42e3e117ccb30add4cc247f74b734a3a4a49c75f8cb69e5ed465c04c55c4

SHA512
4a5479a5f1bc00cd90cba44df6c645af2b2137e842d70886d03ab3c82903e2eb46ea0c8587c01e211c962dad3bf0f04788570d5a7d153930e41717907a5a2015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9008de08b5978f6319f208c435108b1

SHA1
3395347e2b7470be0621512bfaf8e933f1ff24fc

SHA256
9fd22cac7e229df111a2816990011c0e4abf774c8d1bf4f502fa04f3a676cd09

SHA512
d37e11e0f577e96622306280364e9bd626ea320ca110810d6840061b4c227a744a89aac884667a858e6de0b2b3c27b6877a5b1e93ca9ac3d0ac4af6baa36db57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a84948c227f96d09b6654185b507e42

SHA1
ebac83f50acfccac2e0f9636ec6c4bbdd2026909

SHA256
85d5c433515c7a6ae1a9d55fd09972bc392eebfe56efce8ab1f3a38259f1a600

SHA512
9b574aa66008de791fc7887b1432f503dba5d498faffe58af9bc25c4853af03bbfd73b35f8e6190111259e91af2371575a48f93d7b7af85c12793873273796f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0b9314b6ff04ec09d25f46cc91fd74cf

SHA1
58de8f1bd0f52bc00aa8ea5c29ccb729380b7646

SHA256
bfd119d23a4e049ea5aaaa9f48392801007fd6fac704d8844c863199c6c6ff7d

SHA512
6f7ccf29374e86c2cf68ed031242f46de710731d5a0f962285549cef6307c30f10a787ee4894e0bbd593074a050789db3cab85991fe18494c6018409a2f3a551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
51bca69c7ff890598b04149077bffa33

SHA1
f42db09041fc0b60b8392015d2b987c2a3ab4643

SHA256
87c29c6a6419dc48e1a99bcd81601378b74297d0e2165801c9084e90a9e5ff88

SHA512
6144eb164787ba0b3d8a18b8906f507a459818ec0549594449fe8d1bf0616c06bb3c7bb31c182a73955296e6696d2364e096c225f562bed48c9410e75dfc33ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
61af3ba91ff371f659898955619be931

SHA1
ec9089e15081b53cd85af877aa7a0f8dd2042a60

SHA256
dc964bd0c26fde676339ebaac73c19fd909d4dde2e6220edeb1b1093507abdce

SHA512
a1739a756f6c042bc10e9cbcadccf5119ac2023d33d1cbbd03a71a8a018e3776c76a9511d24aece6bfe05fe9da5500d29e8ae9a74bfebe45ff234c0c6a42a854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b6cd.TMP

Filesize
204B

MD5
08967c081ae03430fac089a717b7e380

SHA1
29aaa79789a1636eddb934dea77ad5814e732f4e

SHA256
f4225266e0ea9d430db742ba47e8960501cfcd03230e5e7cfc930241b8a1a7cb

SHA512
37cd0a7edf0fc0493e0c25ccd0a31d95531d3d355c4592916c811a02c64135c8d35d22854854f82f8b383f1cc68f82c9a57eb639203ffd2c5b284560c727d8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a884498f5e0158236e7979b5c0282b63

SHA1
4225365d35f63683019ce29b7a200911262d4ea1

SHA256
e95814270e33ba2efbb28d71568e1901f3b63e2c1fb70c2db19b71ba7f3c9d62

SHA512
28d304552dbe4802d580a715327e15cbb78a0106e99b392367edfea87feace8087635f8065b5b77c1cd428417b227e0283b52a059ef9adaee2a2985570a8c900

Download Submit