67be7ba68dc3128261e93fb63d1d9d5106b69d9b53fffd5ba7ca7c92a49b3d19

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0a7a5ecfc079fc1535c7beb088aa2cc_JaffaCakes118.html
Size

185KB
MD5

b0a7a5ecfc079fc1535c7beb088aa2cc
SHA1

4f831909aec3c237dbd9f15aa77f8a86bb453ab5
SHA256

67be7ba68dc3128261e93fb63d1d9d5106b69d9b53fffd5ba7ca7c92a49b3d19
SHA512

6e9bb605c66d78a7e5fb8c3de37383f9790094dfe55524f8ea480dfd0a2d3a551016646691d0a1cedaf5e9b7bca5a2b3ba88a90313255397f0034517a64e57fc
SSDEEP

3072:QRcVhIVs2LQegU0Dzvj40MZEPjLpUxAfYxslxNcl8CLcXmNRSxNdVSYNj4NOiZXv:ocjJ/jXmNRXOD+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
180	msedge.exe
180	msedge.exe
3728	msedge.exe
3728	msedge.exe
1696	identity_helper.exe
1696	identity_helper.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 4256	3728	msedge.exe	82
PID 3728 wrote to memory of 4256	3728	msedge.exe	82
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 2764	3728	msedge.exe	83
PID 3728 wrote to memory of 180	3728	msedge.exe	84
PID 3728 wrote to memory of 180	3728	msedge.exe	84
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85
PID 3728 wrote to memory of 320	3728	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\b0a7a5ecfc079fc1535c7beb088aa2cc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0x40,0x10c,0x7fffe1b346f8,0x7fffe1b34708,0x7fffe1b34718
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12861229049461113614,8422157301863699601,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4ffda3100b6f5f97d7bb21f6c1973ca4

SHA1
4eeff7c78ae23b12dac3a07388eb1aaf0382cb35

SHA256
bd6a12ce8df2ad8e394a375a1e7c9b78dc8be3f024c9490cebc632f61f0b4532

SHA512
b32639a632a23942f8acd5b2b1813f3a68e7a2b0287ff4c716603dd310d6fb41dcb57a6c19475905ff5c281bb67789f108efcc491d8bf1684e675710ed51cff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9b19b129554728bf13c1003513d3a8c1

SHA1
795e66788386acb77a56fe2d511db5c88ff40ef6

SHA256
a53373b803d36f79da3fa69685129c9bda66a35209f9aecb8df8092f095594ca

SHA512
03f5309d23ac57b5a0b8851f72e9d7c96c47ff1a8ad1a6bc37ecc29bf39ff5307b4e1c49f9288daacac73c91b3799ec90254afb9f9a55f99f900679089328920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6750dff989c9985156eb0d54659fdecd

SHA1
877f0aabd244309029a58b4ac14e84a4f9598203

SHA256
bdce6872b9f0aac8e1fdb97da8a4f6c9df66ccb08e0b081ad9ce51679ab4b2b2

SHA512
519a934ebdd5637af32bc2d376828ad6d2cc3c142d49b48292e20c0b5473a6c2a68067e9d514c9709402c5a088110c0e2f404f4cfbe9e43d3897a4c8c67872f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8a32a19dded64cfbff41a39f716ebcc9

SHA1
ceaf930a253e83d58f375887fb87da06b14554c6

SHA256
ff56031fa303a3de591d98eeca3a162c962bcf15f0965bc1ec1ef762f6449b72

SHA512
ab5ac68b27f115cfeeedb4cd6891d48b73c27e57e07a9941f93c75d1f156d845184c4a7eb0b6690217a8a0ca95646e82cd2a176f9a726da5df534f86d6f0cc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ba225287d6182cbaf5a90db0c90c272

SHA1
4552fcdc4930d44ec099b0b83de454bb14b07f48

SHA256
7d25fcc8863676621a496605f8e54f6ae78d11ed29293f881ca3d4ed41c7dd27

SHA512
cc99902b23f355af18d56d7543befa096be9b1921b611b312d0aa9328866e86253c243d24d88c49590cd6e0a52bae20207b3745ee40f0643ec22d3e5b9fe82e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd589668a3d32642e51c1f7e32f60c52

SHA1
d03200fb07b30eed0bc6b53b9cf44b404e282ae5

SHA256
cd9c93f181f9f3e2ed111a875197fbd97e27286f2dd68a3bb8b2aa5675c7afae

SHA512
5c550662601982d54d8270da825dbe66e08fa6d9e9bf5e481a6b6143dcf6a48ad4cc69d38845be7c10fa2fb1fa2286e2ea13d9986d60a3e28e123c4d2b47c79d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
463563e0a5ab9877281fae6f97a66439

SHA1
922823257eec0a8bd9a863526e9608fe066a8126

SHA256
027e475fa50ab0a5e45c7d12f2a3a6edef1d4998c3d5db252b9142991e671aef

SHA512
9406d1848376b599f2875462ebabdd7bc41ee498f4d441c88988080cd0392ccdc286467427b9fcaf26fe2c24eaca6175e55f6879286bf00a900f9b4afa387995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
34f0d6f0aa256755f9e1de676e38bf97

SHA1
a24b50654de6d596bcedb50c368bbb41ae99aae5

SHA256
2769fa651f3649db5d47d9bd5373995b0e1a2b8de781bb223f36e4bec94f8a16

SHA512
be1f3ef6f8a95bc00507e068be69be73caa27d25cda0cf148efafd65b23563e7fc4742fbbe1737e66103cae35f7ee43352377766348c05eac3a0f88f7adc6fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4b1c3eef197ba5039781a78cdec3e8d

SHA1
8a011be83adc566767988119c20b5aeb43c21266

SHA256
b217491a192241c99b75daf1e4935fa951e6d301df0385c5cfb0f3fc9bcb933e

SHA512
6fb2e2dc251262470cb72a5d6d539826efb7e82d652c5c866f10a86e7f68a05b5919ae4298faea8ff660a30af14d486ab80bd8b74acc590a9468721b5546cc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
47c95859dfe2aafac9abc3c9253d32e7

SHA1
b24857c129ca78821fc2c9a4e00656c88653edcf

SHA256
8921dc86d47f4c7190b6678c5ad0af1d5a7b0b8aef5c12a07ffbc70c65f4f5f6

SHA512
28b51b07bdd07baec82fcf97ed01293db882f7364677e026b02dffe08b7b1ac8d28f4bbc020e2340c813da95e213bda2880f71b0e2ba205563090ead8e23d156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
ce03ad108078f9e4e2d90cde9a352b61

SHA1
cbf380c10dc8f522460492301d33bcaf161057c2

SHA256
049c3cafbed23f6702226d3603ad48c1c0874d820829e2e3be15cf899411a352

SHA512
1d991be38b1809f170f1f17df50205f8f0d7a2a018c31e962a2997465011029b8ea1b0e1749b9168b8d98ac83913281f9a3234637e07e7bb0c47de1613c90896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583d62.TMP

Filesize
203B

MD5
8cccec3e5d57a5fafd1f386987ff202c

SHA1
2d75885ab171d275af899379d406c87d488e810f

SHA256
05e30a781150f5debee99620e2baefbd6a0def5c544f637f7934bc9bda5b57ad

SHA512
e0bf1a962acbcd0ec471649a973cddf278e7655b4c6a9cbc3d1fd22e4a7614bb278aa19ea466500880ac28ceab5481e01ed02c2875349b509a3e6801486e90d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fdfd1539-85ca-485a-987e-037697c0ccd8.tmp

Filesize
10KB

MD5
9f69796ac3d0b0ee21aa00c5c6781f8a

SHA1
c527cb55f71a5eba752a738f7773bde9d4c9235e

SHA256
4b56adb9b202ee6c1296da41c4381f6e26f58a78d63e9794c9e8c4e81b1a223c

SHA512
99759eab8676d3f8a0cd02a24aa83920b056becf9fb209cc9f26ecfd214487b1990c7a560fb8554446ba6f3543bcb5887c0bfee2d4988c2f88e4ff3d9ded27c4

Download Submit