4e2e7388368755ecb204960d11f7ac249a6f08c0cc8005249511b6ece69e88a9

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0e66bec3bbd5a340147a045492e77ff_JaffaCakes118.html
Size

131KB
MD5

d0e66bec3bbd5a340147a045492e77ff
SHA1

3a7e2e49d75e94e49bc403af1855a178cb0842a3
SHA256

4e2e7388368755ecb204960d11f7ac249a6f08c0cc8005249511b6ece69e88a9
SHA512

da7478eddd81a04792006e093a7bdff847ff62cfa56d8b144ecda7d34643e2398b2a39401238f9d95b14732b7bb21e12b7549549e84adc6036a84fef4b740686
SSDEEP

3072:sZY2sYJ6rHfgaToXdYKlGddcrHSFAjivOfI/+D5Gus7HoV/H:smoaTo48HSSjif/+D5b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4440	msedge.exe
4440	msedge.exe
3724	identity_helper.exe
3724	identity_helper.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 3440	4440	msedge.exe	83
PID 4440 wrote to memory of 3440	4440	msedge.exe	83
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 1152	4440	msedge.exe	84
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0e66bec3bbd5a340147a045492e77ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc61246f8,0x7ffdc6124708,0x7ffdc6124718
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9418738775245708164,15251092093747732527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
74KB

MD5
1c7e1982bd31c4ac1f58bcd3bdde7267

SHA1
d672d5a215d6f3cd05138e121dc3a2aad8a584b0

SHA256
f7c3dc7f8feec3cc31ed8f65dcd3ebde31629c69e62c26ee44cb0dfc55c3de83

SHA512
33caa8d1f077129fc36e4da0f50aa8fb29b204dbc7e8439781f8e28a953da49a63a1057a83aeb1b33012aaeaf205ae62c34d1391b8885d375c486aa15ec4000e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
29b661fc1e9cf7368c9cf3e167cec1ac

SHA1
d655284f99581cc6a238f20425c33f83c18d5d49

SHA256
4b6275c7977f0cd7698d38c7726149bbb2a9902d33e7dd48a192a889c19f5ab6

SHA512
876d15b2c677a243b072b8e027d46fb66694dde10d8ef56d4ddfeeb56e352fb12aedbcdb57a5ddd13cd4795f1769a8775f083a73ced2b151acd9bba4ee3bbe30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
17KB

MD5
148eb000ac87b413c3e63a3f01d0a28d

SHA1
c8eff09dfc158305e99bcc027e4ecdf765ac0ea5

SHA256
28c588beea6f429e4b1d535a634d0748ab6303bfbcb020fddd9373fcfc3f7462

SHA512
f88df068ec82906d19e29c90bac2dd7b544b9c80005ffd2f06d4da4e8403e59eb9a0d49657a6f921d367028bcdeeb07c47caf3c1e322dd62980ca31f158a5f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
21KB

MD5
a034b225bfe79a194c3a85793084dc69

SHA1
e7352c4f4bf4762c78fc5d5f118ed5eeb123e505

SHA256
5cbab8a3cc88a046b211d8005c91023a04ecea77e397ca9d2a8c0724bc8d0dbb

SHA512
980138c1066eca5a94a37b18af869e73919497f14cd2bec00266bb662b69637de09d544a9b0993e09a66a781ec2e01c25d0ae299fce2faa1e90ff20c006b74fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
340d4268dcaade1063c814cef5f6a3c1

SHA1
57df31b07147802e38dde15ecbecc28be83d9bab

SHA256
feb715d8d678b1769afff51dce9d4924adbf9780d090983ac5ad03f41997afea

SHA512
33a897508bcff89542acd9f641f1a86708e3350a45dbb5d58eec90910c531aa1547d1c1c22282f565ddceb88e6955b4ebcd0e2ac9f861df21377e54a4dee94c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
6ae99eeb231ed88b79d0972e7aaa8abe

SHA1
5159f365608eb94f1a90d835886aaa81d47696db

SHA256
c4feae3dda96749501dc678f71dc0ad16be2f108d99dfb293f95eba509c555ab

SHA512
601195a53c427c5f59f3fcbf864e9f557575dc4f79743127fc724c531e7537365f1dca66abea2b0f0a1e8ba1aa666fda46bc8ac9d3d704050a418afec79327b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
18KB

MD5
b1ff64e81e4ffbd8855a857a6d5b961b

SHA1
8f623f8af58d509d329dd5386cf03223c01b3e69

SHA256
b61f33a0510008946330042ce39bd87f3e4e55b762bd11844fc1d26881c80589

SHA512
29abf59b3a119759b04304659a8f1e3f2d6a896578edb1b6dd0265cf0bddf42d4a5afa9a10d08fdf9844b34843dab4d95c6edb46eff0671ab3bc168d71bea6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
06ac0d4268e206f29b7f726d94af06fc

SHA1
7a01ee2bdd19a8b8fe4b4bcfa627bc31ae7887b9

SHA256
06d769bbc8ce99bf4fe2a5c94393f4c88ec9feb98b89828f08210d3a9daa4039

SHA512
5e4e106d5ac2ee00968990f010aa1d7512576845f0a14138038917396f7d3ef610c4818b7e7f94e18b017a967a08474ed7a70922fa412789e19a228af15a5695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
9c39018696cfc71661055b34a96c8b25

SHA1
efcc8d9f3d63ce5f0f4692acb83faa69eb25193f

SHA256
4e061747354f3d5a791126293dcd208a29eb31efea3da8d1fb5e0c7d63bcf278

SHA512
ba062386a9589319caaeffd059cc84516a57549d3f426262918d1292387043142e8dbd84fda29f7e7f5f28909a4a5a55755e55f26b893a5d08f43a8e06a393e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
804KB

MD5
5a3b9759b25a9d94bcf87540f4d3b123

SHA1
4fbc119613961f7de7ca5179c06a2b55d0eeb847

SHA256
6cd027ec971fb9e889baad355c524dd35f397e056282c5b4c4d5b5cf06f710d8

SHA512
c171edde241e6398f7894406029cbf00010176ce1402c366747a459a50ba27a8151daeaae57208c674ce605ab9d60cf0c1c53daabc61902f0a63532330b025a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
01cf0adf2be92bcd948c60418907d2a5

SHA1
fc653a9b41b7c3c1b2623c3d1547bacae77c1c10

SHA256
6f3f77740711fb0a1410b30697d0bff8c115cc22415daaf6fbca32b6fadeffa3

SHA512
7b93d0692247a6758b91265a5584fe161bdbbfe2d72087df23720f09fe0f46d9d2a841ea679ab4cb15c9836fad3f3815fd626a2ede8076ef41df8fd679bf3d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
f40ed76fab7bbaeee93a992c9d009038

SHA1
4702f116934d4234db4d27dbb3d8ed93fc19abea

SHA256
28a23a885d96f75d21670cbb74212bc9476773f8893128f0586de43fe3215cf2

SHA512
5df653b69c7f558d6a5970557d1a0dfaab1d8b4cc915e099aff7d7a2925446816b10d7d31f490f1f469dcf985761017ad696f1549b8420117650beace540f320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
792B

MD5
de2657c1b4b343906416bc0aa6baff26

SHA1
9bb4d01003b221dd67ea5b788e71b2e483392df2

SHA256
d567c94ddbbfdf8bd71529362eb59680597e07e8d6e6f2f8b2b8e517ee2a1945

SHA512
ed374acd953f7719b1f8e4f1af1f6db22384395817a51a33c0f8fe4589d132442b9fc9f7c839b14d98136ac63a70030e079bce1301dfef01fd633bbb8922a4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
792B

MD5
ccad737be048f4547667398ba778ba6c

SHA1
1c93b59143eda996891ec2fad186a3ab227e2255

SHA256
6cabc61838df512dcc44270219cad8be288d995698e49f7d138351bc30a1c1cb

SHA512
abcf6cc34d68bda5488b541f3e8fe045a55f8f5489d1345a473c835a37af752d01ff0e2a8b90b2ebfa9267a77c2d29dec75a47b221a879c6916212151b390f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97f405cd97f72e9bf4e5cff1561ef490

SHA1
c4a0e2aa6eef9f52c9f85a7f930b11d816f1438b

SHA256
30eaa78cb1c10f56199183756db0676d2cc27c70ef1ead3f4c0fb7b9bc027955

SHA512
11a7ebde7d7b341eb0f3af783974914b50a7e856a4aa6a42825c558de0214da8b4a4b4cf4ed2113e467ea5f07cd7e47f00f34e1992bec1dfa75a35ff38b1be5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6e046fdc1389107694ae90ade93cf83

SHA1
f6c3abbefba2b26fd419f96181af9b246bd8159b

SHA256
791f55bc3117410a501a152a1dc4609a4b15b05aa61b4a7fdb24c85fcde7048c

SHA512
dc5161cb224f48020538f36641597a6b0dde7dc2659d73d2060eda98de1c0afaf335c8f3e39b24b49bbbe4733e7809cb5199e909f82d984c657eccc2fd31c984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f48ef01baa7cad34f6dfe173ea9cbddc

SHA1
0d009d8b662a06250a698c41fbe5c7b1d0c3aaab

SHA256
54c8492491a4e3eee5d3c0695dd0527a70fbad674adc9482bf7a7fc5d70e89d5

SHA512
7494b9669a3d64e1239baa5600345bd7de041704bdfa795de6011f19f8150e5d4f4fd19d8f29d97681a9e779e823f3299998edd777f3bc2a95eefc233b639eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17cefbc7cbcdfa05e14d9e126c7b2fdd

SHA1
ac8b9e86b7f42d561083be6aea507a69373ce8b4

SHA256
4af0adb7b868397422ebd380417a03c0f1dbf8e577b03c7648f7c881f0a543fb

SHA512
f9533341df5f2e3ea3703da6200dccad7dcc02031abbf4447ba62a15653e80ea1340270b66c6f9ac9db68d8b1cd97ec0265d3a65ed8652f71e481dec33adc86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17fed516a4240d6386f614a7b801cad9

SHA1
33b6dc617c86ccfbfd77c72c9cdfa347c901cb2e

SHA256
a0ce41dcf9adad14f3b83aa6c85ee80e8cc7cc5ede9b932dcc1cd846683e07ed

SHA512
8fb25d8adb045811d157a0a7b097eb8a50491ac0f0c2ffa4ca29fc5b87c0ad3384d302a5de2d122c37f0d50075684739ff92a010b444dbcf5485f43c22a367ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
86212a611fdede6f77f1a70c912efafd

SHA1
5284bb480fd64c113fc97d7c1e67d946cc2e9420

SHA256
e282809fd36d622a78fd1b8fe8507d66e562fd416f052f32b0bcf41cce1b6e81

SHA512
e1f70482e5b32297d4c1b4690e1208bb3198f1e8fb219d8a31d94505bd7822b006f547e5bca0971b27a27e9e352b451b2aa24c855b11173fd0d33df84da7c614

Download Submit