190cec2b538e92c860af87dddfc7e197f71c1521febcb05fcdf78e14cfbde4e0

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6317c9cf8927e739d10aeeadac081e38_JaffaCakes118.html
Size

100KB
MD5

6317c9cf8927e739d10aeeadac081e38
SHA1

27aa816425bcd4931d3c9fb1008e063748fad159
SHA256

190cec2b538e92c860af87dddfc7e197f71c1521febcb05fcdf78e14cfbde4e0
SHA512

791469934f03b1e4cc65c36b546f4e8a8ed657371216d2ba5fcf681a9f1aa5ee4eebc32da64d35af89a8521ff345bc97868c0cbdff5cc90aec9fa2136278347d
SSDEEP

3072:60Y2MYJ6rHfgaToXdYKOWRbDrmeFbwNt5j:6voaToMeG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4424	msedge.exe
4424	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 1228	4424	msedge.exe	82
PID 4424 wrote to memory of 1228	4424	msedge.exe	82
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 2016	4424	msedge.exe	83
PID 4424 wrote to memory of 4908	4424	msedge.exe	84
PID 4424 wrote to memory of 4908	4424	msedge.exe	84
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85
PID 4424 wrote to memory of 1556	4424	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6317c9cf8927e739d10aeeadac081e38_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e2546f8,0x7ffd7e254708,0x7ffd7e254718
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1970639899284002800,17525127297112793433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
77KB

MD5
655df796e061ea829821f460623f6ec9

SHA1
6e40ee0e6e1ef08892eb528549249717890e15ec

SHA256
e52681a2d8ec55d4e9db2875e5c03b13e5fdccb31087cb15ffb677a7f452e557

SHA512
390c2f674064d1d08bc62f47d8b6013baa67fe6fda00169ab0c704458939b38d985315b9c87bfb4b0a8105be7c94dd85d88af41e61ff11de7933576f140885ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
a84023e4f2b18122ef7ebb8fcf280cb7

SHA1
ea620b7ab9208d15f8cec347a3613226db56d8fc

SHA256
a1fdaebb57e3f72a495240e2e4f72ec1bfd3f9fe9b2ad63982fce826290b0c7b

SHA512
d65050a5f78aadd58f6ad8d14e97bae36a734a5996f6c94bdeeb6b52357e730c7ea794dc77199e165b9787c95522dbf4b0087b8eb431772cdef8c2306748054e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1014B

MD5
0e95de9d1e6e4d09fa2ed941ba1a95f5

SHA1
cbcca32b1ff92085bd01082b8c7a0e082164c23f

SHA256
b9efa77736a0571466919ef8d94d0ed0f135068f1321841fbffd377304f0a44c

SHA512
34810f8babfd78ad0d5a6b633f92b98994936461b4dcc03cf22fe26ff5d39499070d82680d9e9e7130be745e16d23f5119154b41718b222f94541044e7351f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1014B

MD5
da18598db37be3ce78456d712f9c17d4

SHA1
53bbab3b543c2978c7e9cd7583d5cd34be0a5578

SHA256
abbeb757f434666b7a62b53052ab2fb394b60549f4c1c2eb068a33b327a6b698

SHA512
25754781ab5cc44acb2ce55205bde3d1a9149e89b86c761171654357ab88042655fd74dba32944e7d8848bda3f786a40218994ef3fa73049753f2b71de05e4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c427cb5dc521b918987d9ad87a3d61b

SHA1
cae67b4ce6daf8e465c94935d91659e776b4fec6

SHA256
e94a19597c278b525adde3fd877ed17b1dbcd7c2df4643c74d1082c8ae8bb26a

SHA512
b224c2538aa23081de0dbdefac3169160ca33ef2762ff67c077e659e44400526dc9f84343566ad62ba1c6872e828b80fb5a72bbcf529804ec5d4ce47c093a5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05d42dfb60d6d54227e2dfceddacb707

SHA1
c1f5a93c717ca7d439318ab295193447d05cf387

SHA256
35e132d60b309fd1797fa2511a35437c8381b6bd6c60c7a14a65109e6a860910

SHA512
375aad51fcb59052aa3af15746d3dcb26d5ee3cc3b5c14507698764c064a5e751a47730a4c497e71a0566bb0e8a0495ae08b4467620d15b0e857c012e78798b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f35fa50a4080680ca6d99d71b439ee61

SHA1
99055314b1bd49d5995b31a2a303971e4146acef

SHA256
06a7a38abc19fd5c9c407411a758dfc3f39bc9985a962e1723ce40e94446a82f

SHA512
873fb172659f1a1bd918cfdcda26003e18a0eb63ac7a1b122bec977c091d03c21795a4ce0c6fed306870f14ff6f374b7094fb5bd2fab39396a04adaf17c5c28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
851f28ffcef1c800b8556db6e5b716a8

SHA1
28f21b43c91cb0abeebe9343e7403a0a17887fb0

SHA256
fe2b1f9eed0e0b59e94ec0a0f287abc3231c4a6d6643b877ab3dfdaee0d3d0d6

SHA512
e946a4b9794b093d4fd43016cc7e3522c0b9012a1d9ebb77d5a3d5539390c502bc8d02b67cea1b1245ae6749fabd689748bd03057ce9a076d3ef07b882f61e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9bdbdd7-a048-4c50-b13f-8d6695fc53ba.tmp

Filesize
5KB

MD5
e85a9d72bc4759d4b18ba1c0db7227de

SHA1
bdc5cc3461a3f5a04c97b070db8bfdf65d55d95c

SHA256
8e792137d094cdb830f166a509d39ed1bbc0d0550678c1cd2fc93024f0b39fdc

SHA512
7d0611a3f5ea3d640902695d80ba47dd11da129523be71a8037ccc2913199469f82ddb6dc1d12696696283a00acc14f21335e2f213b63807a42c1a23b9a9f8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74c490066faa67f0c93fc2f5494570c2

SHA1
ebf20d05ddf6ff81856787d6bfa95972da9369ee

SHA256
97cf6b5e12d390ca9ec4a3d86a7578ff59bbddafa04b62b6efe800375d0f7cd9

SHA512
4d770602d39b1df9fc6f972f69a2836bbf315acfec880f1545612e5ae9fe2bf51e789bbeec373c899800c6a7ade9391e3a5d745414acff728b68234e5bb0165d

Download Submit