hxxps://patreon[.]com/JacckAttack

Analysis

max time kernel
71s
max time network
74s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 12:48

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://patreon.com/JacckAttack

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	4	https://patreon.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8e60cb2c6f8b6524	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "44"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
2892	msedge.exe
2892	msedge.exe
3468	msedge.exe
3468	msedge.exe
836	identity_helper.exe
836	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe
2892	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5020	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1136	2892	msedge.exe	77
PID 2892 wrote to memory of 1136	2892	msedge.exe	77
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 4444	2892	msedge.exe	78
PID 2892 wrote to memory of 1924	2892	msedge.exe	79
PID 2892 wrote to memory of 1924	2892	msedge.exe	79
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80
PID 2892 wrote to memory of 5052	2892	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://patreon.com/JacckAttack
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde3d33cb8,0x7ffde3d33cc8,0x7ffde3d33cd8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2810328480756838862,8141014571128624652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2192

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a16055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
dc8b6d0cbf21335bf51f43b0c91bacb1

SHA1
139772dbad2c0f9a0c641ce34be12649543f1a57

SHA256
8d5f678b58874f946604af73ca22add32475e25112f04cc06ca66239dba3e815

SHA512
e1b74d60dc005edc370eda1b138a8484ff811cbbdaf43de635e24129af214f32b6cfbc0b5fc0fb8643e93e6566a0c161c66f7c8f8ef6fd592c17c9c0af846308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
3a985f2fb1e14dce00e7f8567ff12f9a

SHA1
19c372bfbd7ea31e689644d3b0fb54d69ba8dacf

SHA256
3131cd34dc1c493afc56b2ac6bcd3fd2e4b5b21b7e9449e036068d2d35cdb57e

SHA512
ebdfeb00803df55e2a59f4f13d8697a12b0ced53cdc602b9941dc7118f31235404092e91bcc1403c4face7c4a031be3f1a60d2c6765b5984a20133be2aeaff5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
177af74dfded80aced213f109c6e2858

SHA1
5a27a95929b24997e71a1f23adf535cb84a39e5e

SHA256
065c7cbab51eb4cadec890144bff6844ccc612b23d8575638a07bb1680a1891b

SHA512
966168c0fcbf43590303c29af698cb20eaf73feaee858a00081697b97ea52e1ce4ffe00eb945fa321498d90d29f547fb9420159d3b93462a1218211bfe0c4200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa034b97d429dae9dfd61f6f34e49691

SHA1
421b1d7fe83ff006dbb843155775084738d32200

SHA256
4c83f56d2b85793d7b2fbd7c25a29a1ab590046f1a26ee92b20b3f55d1cea323

SHA512
b0d32d5fb8cf59d52d5411505c42b29e32f9d5b3d6a76ec23a3af0776fa80c282b572f2c9c4c5681cbcebf366278758a928a9589418c31211378b48bd4864077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44da8e3abd77b560db2b5c7db9dbc298

SHA1
dd360cd65e53f98c76a446f31207a543d959dd90

SHA256
ea9d2fbd12a5139e2b35c9e1b5ebf94bc559a221c254130653eeff0538dd1bf5

SHA512
5a542fdb577b6bccbe25fca2d348b227300001405641485e705b70bf253f7775b48dfef5ecdb26d2dce2b4c045d15d6662fdf91b6485fb8ec99f45c93cd35f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae37ead00be391f77cb4e01c40c80318

SHA1
1175242fafa3cc38dab131180a986ca9a358c3fd

SHA256
d5960e61a74a25b8dd34d561b710bae972c56d7ba77a57987e6b996aa87a7784

SHA512
19968e0a111a73f77f0b6c9929919722f29ede99ee79ee28d7c31f83616144667a96ed0b5b3fc1aa72c9fed9fba8191cf3184e7208a9d71b39cfd60e941271d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9dd7a43ec6ff5a9be4d6e9f26981bf93

SHA1
aaad27631908bff6f15f1937a738e07dc51cb250

SHA256
81c9abc5ce08e77e875fbb263a0c9af89201e465d9873e456e5f7e33ac738fb5

SHA512
1b9be8ffa770bcd29f9aafaff3b8bd48dfa6732c823ef17cfb6d1994763e3ca5ea82339044a218880bebb621092577de03bd1ce253a898d4cfeef81675955a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fb25817b2394abccb95b1c1f41af5ff6

SHA1
cb7c3b9e07d5df1a3b3f688cf82b2596170fd410

SHA256
bbf0ccdc3f92b21805df3463066e26c514a6e3f76cf5b97001dfaf9a120ee532

SHA512
ace4bf85474109e3c08a7eb7a98d265bff0232eb33a9aa694e0dd179a054163947b6749625811b53ae67dc297cfba7f87d923710e63021bfc40f5f2b7dcc0718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5501bd434fcbd76939b264a0bd7bfb85

SHA1
225caed08b87cbb2095f3f8662c95eb020a18e8f

SHA256
56f379448c741f1a1cb5792c3494d834eb4ea9941ff2ef1530c8b04aa29e9274

SHA512
713c9e996f12fa063afdb6ff069b891af8465463b6938d74aeaea29a8bebbf4902eee5dd6fee274372b103fc7f8c76a4a819fec6e0b0416a2dffc2da0738eba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4ae783110de82d58c3711f7e33bd1fa

SHA1
1ed87dd954a604e4208668c7d3168a5d4c3ea32e

SHA256
7e028f742e7ce680739e69d2145ab65c49cd11454e2c594451f63c2d9be81a04

SHA512
80dfed6787cfe384c37682d201a843a8e16feac6a0b20b0ac6b7571ab3b512cdac3b931a4980a19ccff1edf7fa80b1cc2a2183f4e62496dd6f6b7257226fd69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f2dc.TMP

Filesize
204B

MD5
9625e6209601accfaa38bf233130912a

SHA1
2189378a146c68d3f5ee755080d7bedcdd246a80

SHA256
4140f314cbd83a9128dd77cb761d22cee9fb389ae68e9b290b19526db9c3590c

SHA512
6bdbb4378f308ec839fae28bbf2a9c35ce9aeefbb915a5e7b87bf9445fa691a28345005d23b96d30ef270b077dd73e97db059032a2774c6df7bcc1b3a6113ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eea77758116083798fa4d4eedb6edf3c

SHA1
d1595c10aeabbf46007274b8edd7e4d2c9ec65ae

SHA256
86532149f925c43e085b51a0564e9017e2ace82516e581360e7e7ef37206c225

SHA512
184318daccbb8ef895d61ac63d67f015e5bd3a5104ea14c31f1a3be9d6ac4e778271ce215721b9d4422b4fe18da2fec2234d24e5eca81bab61aaa6633a594aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
691db609794ff76437761a09c9fd860e

SHA1
49afeca6a9fd2ac1fec9c804c1c89f35b13f8551

SHA256
903d62c0a8f5502d9953a8c3202b348f7af85ecb904ecc6f325a9709a93f51d1

SHA512
fe8d98f65f7512fe0f40f14b4de8f9ae9b8f64fadf3b0a994eb98c9a5f8f68e175fc2584ba3d346bd2da8e6fec8e1504ff37fab0bda4095bbd38631187113143

Download Submit