25bbffe889a3ab31f199736802dcd2e747318e69e01f87ec3fcafd4a4094dec6

Analysis

max time kernel
146s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebb0a490b58db48aab15c430894a42e2_JaffaCakes118.html
Size

32KB
MD5

ebb0a490b58db48aab15c430894a42e2
SHA1

8ac9f9712932940ebeeec6aa21a761ca3c2eaf3c
SHA256

25bbffe889a3ab31f199736802dcd2e747318e69e01f87ec3fcafd4a4094dec6
SHA512

bcec07addf61983a853faad9a65ad7a76f1d206f067a1cce73f0d7afa2dc7b99bcccc3afe4f851603c20422f0b6b8911c6fead80bf77cbe93acb67293364bc18
SSDEEP

384:ZIOgdb53Yk25vgdWrHR4eOUa20/7DPYdDMJhD:ZIt9g5vgdKW/7Db

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 4956	3852	msedge.exe	82
PID 3852 wrote to memory of 4956	3852	msedge.exe	82
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 1004	3852	msedge.exe	83
PID 3852 wrote to memory of 2576	3852	msedge.exe	84
PID 3852 wrote to memory of 2576	3852	msedge.exe	84
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85
PID 3852 wrote to memory of 4984	3852	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ebb0a490b58db48aab15c430894a42e2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d6646f8,0x7ff84d664708,0x7ff84d664718
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15051754925956638077,1532859538718219098,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
23KB

MD5
8dacefa7bb352d2b95569393f3a5eb5f

SHA1
7ef7578dc6124de19dd7de01ba7b3be794496aee

SHA256
7862aaba2bb596deb55e5d756d15f3d5594934dc43fca323d3af5a623c277463

SHA512
955f24bc7dfd5ed62bbcc6a3d6406fb2611c16b1a0ff7525a130f53b19bca1cdbc7f14b1112b5be76268ecc90ea1707c82caa6a8eddaba09fc0dfa1bee82f75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
52KB

MD5
676788c91d675c449dd026d5df4781bc

SHA1
5a2b6c10eae03e1e830ce6f032d1f387265598f3

SHA256
daaf2bf2fb0c92d4760ea62a377952157e567ed50c776da6e7304a1044506077

SHA512
7aa15deb36a90dd97bcfdfe72ab01dd55028feffb386c9d9b25ac5327188d8d357b6c29629a6fc91bf840c0c985b7510fa9848c29f743e9b91e9310564391fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
281KB

MD5
e3b76d17a85226896c92374e48c38d4b

SHA1
6aab3e5019e2c64cfee1ddc0600565ba018e61eb

SHA256
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

SHA512
e1a5a793ce70f470c23a050c547c6367974ba4337fb2c31f1cecd292963e0b67fc93f6b07d473b9fe3834d3e503d6af2972ca3742b8c916981a14b5172e66a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
16KB

MD5
72868ba31f4691b6d144b6af96cb69a5

SHA1
93741dd4ce810bddb6623c7d16d56e937832276d

SHA256
3593aa7fa063c69be329d92ac988c5815073d0054b834b61a2f75445bc9e72ad

SHA512
0e9447c6565f9b2311b47accf5d88922722c18c50348b12bf5c4043aa61d3dcbff30bf9ae6f345f0a721051f2f3f4ff68499af257500f410be23fd56cda27191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
39KB

MD5
7fcb4dd99ade1b4e73a213fd95c71691

SHA1
a6848fb652823ff9b28e824ecf4727ad2979fa84

SHA256
60013ef59a31f0d8a95f74c47ebddfc78c3ba536bfbca1bd9eeb76973bb9e2a7

SHA512
e82f822e2708f8c115bb2f3d9da6a20303d3e8255ec0e2eb023856e8f82c7e40e20c08fb8d9f7d9d424da79d5edc5c070088741d41c86be451fd1dc5daffb30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
454bdc82957d987f0ecb120aa002aa46

SHA1
b308b04fdbbc4649e20d65f7dcb98e3ecf2e42ad

SHA256
8841d817f593c32e4e17b9acbba15d69be9c786d78eb6465030f97b4dc1bbd30

SHA512
01b7edfebe4b53e497c6be72203b7b2735f523e2bbcfd77f3769dd7243621ebb10c2824b08df644b57ec38fc6298904e496a6331f476fa043212d98bca4574b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
05414a90e78bd9876ae34e63e6ee60b5

SHA1
7438e0931e6b62c7b0047be94ba3a86358cf3140

SHA256
a83e539afc1fa9ff7e117d06363563ebc9160cec1727d0df54e42a80c3721481

SHA512
975fbdb6b9d71588e2bedaf28b1355ccd79d749ba0127d97e2e17b97de30b8af40b8e725823e8960121fac3c8d7ea81cd7ec78f887f81e7c4efbbe8d43bc7906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
0d0e263cdb3665bfff2e1c277669a4a4

SHA1
b1bd8cde6e6335dae4532ce5619deb0bf5742815

SHA256
42808f686d4a7d32668a6b70485684bcb7d9a372c3c03b8139d4e5dab3504796

SHA512
15721131aaf50b873b54f3f7a610b359978c67ea3e6ddae400e2f62d7493cdf4580eae20c172c877ba2fb51365dc762ba1d867b38572f578bd245dec24314908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
17KB

MD5
c6b5d3992429eb8d405cc8ad7e3e0273

SHA1
22d7d26fef24e04d864850c8c56044ffd44485bb

SHA256
f9e0b4958fc7f416ba16fdf5bae90773e1d28496005e9c9a0e4992d534572dbb

SHA512
7db0490f5b9bea5fec2cf2e44643386d5fb3e02dfe130864833a772cb8d18d88ec3de72dfa079a8ab0da2aa7c27366b9d7b8ef1a1141aec3915e6fc0727fefb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
16KB

MD5
8911a682253fb0861aec725affb8b9dc

SHA1
4441b0317077694570601d422ae5bb0ab7c9acdf

SHA256
edf90e4284c1567ddea40c5a5f70e4815b3eebe1f4e582c56ee15679cfef0027

SHA512
3056b3145f63d7de9a5a682309480c8a09a5a31a78c0e2803fc932cfa43db62da09c4f212150ab2e7d3fd3c7924cb277919ff332c7f27005d09f0ade3f6d6dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
18KB

MD5
32beb68a374e3aeac00abdf9e12b84ea

SHA1
b5d18aa625e8696dd9d07cd0869337717b211ae0

SHA256
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

SHA512
8fc41038b4dc2fc2465422fb3144b71c2acd2f4552607369314fec9b7f561b7a3919cdc4219df2089395241168ffbfe29e67ddda834e66c27e4c88066c8f4496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
759B

MD5
78545d13cceb48f1b60fc62f002c2173

SHA1
502062a55820098e16a1ca3f43aaa941e4b3d091

SHA256
d1f8e1b0584727fbdf9d8ddbdd94efa0b05748107a67fb88cc1d62a0cf30f120

SHA512
f6f0d840e964a85a1ae2e71998747b47660c45ea6e26f12a9be66616b8fa4c0a2290375bab8251d9666334ec9731fc25a83d124224099458f4d0706f11d9bf80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
790B

MD5
c57da4bb9749f72ec0283a435950c8da

SHA1
3db4c78e335eba92c576268f94b2db3a54fdd2a2

SHA256
972f8368cd6dfa03c1edfc7c4e349615547ac6741084b086e2a778b34ffbde83

SHA512
73f1f7bc1531431095496ec9e46e42a8d3bfa84252b9e20a7bc74efbe0c99c44a06c7400c93db8e8dd3650aba7e72598495ab61cee6546eae31501a2f674d848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db962b6e74da24336fb025581dbf533d

SHA1
66881f888a4f0e25e6647ec7dda449becca68c56

SHA256
d5a5018213bad275b74e93533d9a9f7fefde0b5afddfcf6d43ebb4cded92083b

SHA512
dcbafb21dda212cb402faa7e183e3ee8d9820b2ce0c23178e5666ada2c5142c796a50b2dd122204689217afb26b2c0da2fd120606b3318fcc1961997470e67bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
932b41722dd4d364f610d6ec55362537

SHA1
350e43aa036423d17a6b69e948912121fa195b13

SHA256
c50f4a0e0f745ae47a7b479f05358cd544d7724467f0c9c8dfd291c64d20bbee

SHA512
f04ab9d236a84e8defc56f110c96d0e00d9e320b85c291bce7020f09324c4c4289f67d13d805d5cf8742a7e0e32221c455982e2b5dd844665324f8538e7e6dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f026c65438f2a1a54253b41a0e62902f

SHA1
9ab85e3aabd1a739a527993c1e48750cabe56311

SHA256
a4012a7298797da0f1280addc3b8c0969b8ee16260a54ae1a24166db4e69a8a6

SHA512
b66f3aec81568254723ee9546f10386ef8887466f65e008fbb407a392c24125e7387d3fb4ec63f87152b842d69cef3efcaaab5dd28eafb417b012c94d255ec6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c806340d0f39d41eb3a769a1eb4034a

SHA1
1565ac34a50c3a58f68d78efe09cd35386593dbe

SHA256
08a72b25e292cfcb1aa8418a82c6547003162846e08c1f0be66698c6b2adab21

SHA512
663b9abb2938fb4672b3972d8e12332da11c44c7c787091fa048f3bb94fb8e062bf0384ba0942541331bf6f7acbf40c73919e622213de9fd3d7f4e7a7f1680da

Download Submit