aa018eb5faec6150ba144b4fb3e33a0d4c6220057a06467914c5d3ac1ecbb90e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8aae5554b018d7f3bafa9bca14d57de3_JaffaCakes118.html
Size

218KB
MD5

8aae5554b018d7f3bafa9bca14d57de3
SHA1

ff35527534652ab86db588766f0e85b9c5fe617f
SHA256

aa018eb5faec6150ba144b4fb3e33a0d4c6220057a06467914c5d3ac1ecbb90e
SHA512

dbc5a4c39e7e39c141f37e9d0611e6b12b403ae6b5435f04ebd13e777c599c77085d32ae32eaeee71682d5cf5cb8c27c38ee04d525f9d548d34f358a7d7949e3
SSDEEP

3072:Q0Y2MYJ6rHfgaToXdYKOlvWhsiss7BKMtEA:QvoaTofSB+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
384	msedge.exe
384	msedge.exe
2508	identity_helper.exe
2508	identity_helper.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 3456	384	msedge.exe	83
PID 384 wrote to memory of 3456	384	msedge.exe	83
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 4204	384	msedge.exe	84
PID 384 wrote to memory of 952	384	msedge.exe	85
PID 384 wrote to memory of 952	384	msedge.exe	85
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86
PID 384 wrote to memory of 676	384	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8aae5554b018d7f3bafa9bca14d57de3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2484716140343960076,1067729043082820390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
77KB

MD5
655df796e061ea829821f460623f6ec9

SHA1
6e40ee0e6e1ef08892eb528549249717890e15ec

SHA256
e52681a2d8ec55d4e9db2875e5c03b13e5fdccb31087cb15ffb677a7f452e557

SHA512
390c2f674064d1d08bc62f47d8b6013baa67fe6fda00169ab0c704458939b38d985315b9c87bfb4b0a8105be7c94dd85d88af41e61ff11de7933576f140885ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
35KB

MD5
6199d66820d319b4c775ede9fc7b6ee1

SHA1
4fee1e4da9484d70b249e1baba854ef299545d31

SHA256
e2cad833dc8c2683c919b79df8b99ef320a786bc2c99331f9f717f4b68d444ce

SHA512
2b76d355d5db8f2cad15faf40ee05276ddafbe3954a3f2c3fda0416b340920f059df3334e92f95c9e733a17cb402ea50d746bc95ccb7e39f3504b376740c927b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
cdc9f19a52e87121bdff5faad76470dc

SHA1
61786f32243b3384fb8bd1f460070465d32ad556

SHA256
fb5b531776f398b46eda13ed3ccddeece8fc54653f27b93fec45290a31cd840f

SHA512
d80755833280d63ee7c894510ba25d1ef4ec55757798126bb0a2880b9d0f90489c0d5f5765d90673ee7d6670931be05d38c42929b938aab3d6f643e5cfa0fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
55KB

MD5
3edd3ec77c16893c538deadaeca7c5f4

SHA1
3e9f1e516f0041d71b36fc3b23b310f4e92bf703

SHA256
cf65670b49826403201f36e9c825fbf4b175e8d502ee83c12c73089969efed5b

SHA512
8ecd954563db0811087417312b1771681a4fed5f3efa600eb6d78bd793fec798c8b927c690359e696993cba0da0edbbadf568f30442e1986defef686be4f7b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1019B

MD5
1296a5aaa36856fc475269453c50ca8f

SHA1
7c17a6397fe12b0eda5867b0d777c47d19309fd0

SHA256
7a3afa0df05a2513722cb66fd1f0d87abdf09fb4433734323362237773b28dc4

SHA512
0e9070790550045d99be1ce2a3aed26df394e55e90b95696d306b2b5c07962b955f812001605b22650628e47ff8c5ac37e16ab8d6d0e600dcdf442ad4a489418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1019B

MD5
66e80ab935e0bcff7deb0200382b2571

SHA1
ed2ffc4757c8ec1107f2e7318518d852cd06f75d

SHA256
a0ef39b01c28881e6bc5cbc3e9ff992acc7010af00da06c5c50ed32ae7d3b3d2

SHA512
23abbb6653f854de044aba6736befbe02cf57c4c465f55b89d54162c14e3cda07c5bbad068c07c7daff0a4745c5f56622c0dbf47f4b093ea3d6cefdb43ee52fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b84c3388898748a8d5fb7f4f475d7f0

SHA1
e148e850cb14a44d87eb7b423b0b2ce9d184bd53

SHA256
7dd6a8f43d93e2a8231c72545c374a59a383fc0405cbae1981245770463b6ba2

SHA512
261d44478ad962fcb62cdc233ffdfac4a774842c6f3708d4efaf60971c3881049870ffa61364d76b7ab85ef8fbbcbe1547492a53727d9745c9713d9751c03f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4896c14bc68915c87ca45bbab1ae9a1

SHA1
9ce6758e6dd2f319572a5897ef08b498a0131be6

SHA256
34d978c769c53158b1e50428cec826889fdc75e3846afec0d8845424f4da371d

SHA512
75e9765bbc6e1eb407fbfce8551845bec160d53ca6ae5f1aa3555a57cc877b355e090f4f3fb52fbeefbd93c5661beed760d06954e555db7f0b36dd3a35ae6807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61287ea83ccebd193ddbe84d6a633b55

SHA1
76f06f0c2fa6c975e53b2628853f1676701521cc

SHA256
5e7f204f23a7186eb5d9fca5ebd99f48478dc48c31fe353047436ad9fcb95cbd

SHA512
c003dbc42752c47e1efe99ec845f86c1b32816d6b0e371a399e6664fd2ed5b8c34642e123371af3a2a66c050e9395c83e151e42505df218aceaed522544c47a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c25c414b8dd837160f0d572874fb8fd

SHA1
109f899489378ad9ce9f093161e57e3817f76454

SHA256
5916af2964fa594c86fd7a335da2ea186e5a7670ba5fd82d73232d47e39a8b90

SHA512
fe7220064a7422d9dd5c2f4a69f46c27c4e5eeff26bd43ee163100febc28e89484932302a151b7cdcbeecf84155558b9953d727b90ba5de07b3c532b3224bc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8be17f5b6e8fedd20446de9620b4adbc

SHA1
7d949f02f38ccd9b719a4fb87ad8d384dae21548

SHA256
920ed67aec7813a3bc427299b93fc452055ed165d82dd483772e4b1858241836

SHA512
509d0317f5afa6d0d8563987158798bab14d84e600689d4e5e4615e2eceabfd63e8a16cf46ab14115c7baab10190efe1350221f32c8aa67c5bc736d340cb35a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3445651194e86b5c1df4203f50977908

SHA1
35080e666667eced271a423e52a5be61ba59e114

SHA256
19f81dc0e90aa13f126453123a2015eaf0a03907974a16e9b79581cf68cabf4f

SHA512
85f32defde89e40231264554a6ef5d1f78e89ee6f25d3401e659e31741ca22c07b0e477a1e51ff45d896f69dea7f871dcdfbcbaddbf6063e1fb58335bee72cf3

Download Submit