8fe6d82bbbcaecd096545be526020042cb417dcadf45a4ff45af71690164d968

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 16:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0680a5ab0cf7e987af42f7102895adf1_JaffaCakes118.html
Size

111KB
MD5

0680a5ab0cf7e987af42f7102895adf1
SHA1

4758ff66403cf04f9cc11e7f880cc8ac866b9352
SHA256

8fe6d82bbbcaecd096545be526020042cb417dcadf45a4ff45af71690164d968
SHA512

c7269a8532800044f63f363bb0b6e1b0a7eb4fa4268660b3340f147c7d56e320043784b2fbaf16c8953f73cf2eb1c1297c1fc09e920078db94e311cbd44866bd
SSDEEP

3072:10Y2MYJ6rHfgaToXdYKOZyzuoo4/cDI7Wthc:1voaToj/cDW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2912	1912	msedge.exe	82
PID 1912 wrote to memory of 2912	1912	msedge.exe	82
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 4468	1912	msedge.exe	83
PID 1912 wrote to memory of 2472	1912	msedge.exe	84
PID 1912 wrote to memory of 2472	1912	msedge.exe	84
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85
PID 1912 wrote to memory of 4020	1912	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0680a5ab0cf7e987af42f7102895adf1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f9846f8,0x7ffe5f984708,0x7ffe5f984718
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8258990319687450071,2287089756339258707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
77KB

MD5
655df796e061ea829821f460623f6ec9

SHA1
6e40ee0e6e1ef08892eb528549249717890e15ec

SHA256
e52681a2d8ec55d4e9db2875e5c03b13e5fdccb31087cb15ffb677a7f452e557

SHA512
390c2f674064d1d08bc62f47d8b6013baa67fe6fda00169ab0c704458939b38d985315b9c87bfb4b0a8105be7c94dd85d88af41e61ff11de7933576f140885ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
56KB

MD5
b3e8ed98a41f2fc34559b64d2d9e4c4e

SHA1
8df14e291d2018377dabb8b5838b4b482e3a803c

SHA256
9e76933ba22245b1f36b87d4ed03b2ca622ecbb3609550cc4ef9310c19eb5bae

SHA512
fdd32c5b81d8b71a0d6a07fa733ca2b55570045a4798b0309b4adbd15cfd3b6b469749d8cc15cd3d890df17b5f83211871549b65c48027c66b2195ad04d9be43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
148KB

MD5
b28deb590b2d9270e02e4ad0aab826ca

SHA1
48b2c63b1b2a4547bd9264245744c609e99988f3

SHA256
a70d282f12dbb1014d6e2c913204766c6b10e915230316d031817516da16ee6d

SHA512
0462bb05c9948792ccd7ac3dd6209a65e9b70d7ff0e7466b38433320dd1a6b7f6da47b1157f85c0648b345ffa6fcd4770bfb5f44d76c6957accb7f9fe69aa98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
763B

MD5
cf9c8d130d405b86319a5133a100a1e8

SHA1
504d4c97b39fe8ac880a1ffbce9fb22852e55aa7

SHA256
e9596e4ff01320733f2a2be026e9d3b3ca9f862c8967b0e860e81b91410b951b

SHA512
92d6759d29222d6b9c1faa67bed6f7d498f4aa39489b8829159d936aeae36ed8bc33c6b24b9712cab1c953ccfe79e94582b0768dfbabe54cdb09733405c690c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
794B

MD5
d27a26f27b82c1dee8e477efbe05885f

SHA1
4ad404422756b820415b7beebbfcdf7f3078ee70

SHA256
c94edbc3a704d226087ee1f994766c77808f42a18eff80f29d04004d744ad599

SHA512
0fe4e3294f99f4d0e8e99e9095d5f5c3a4bfd23a551183523f5c441bcad14a0b223c255adcbfe77970a178ecefd3ad85f12e7035c0f0d128e9626310fbe83cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa582441304fc27579582450244dbbf4

SHA1
e6d01ce4cf3d2d4f116decda7545c8fc4ff813cc

SHA256
2d20a57203d847e7286428ec640fba2a72ff979eb768a39b9722f1d00719cd00

SHA512
77cb10fbc9e94904ebcd73ba7b7b412a2243e7c0b8196a1fd44b65281634ba367a8fa1f3f582fd3baf5e7d16d249408ab88e00c8c1fb02005accab5aaff33c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf03e002c2b4f5d2a959e8f74b83cb63

SHA1
afb01c3fc03a39caa99a49b1a13e4b69f318c547

SHA256
3f9b00f3d9eccd3857d871eb41681b65ca578a3bcade093520d6263684edc670

SHA512
8f0c08e7c0e67b2eb12ea998cbd3e84e0dd37344665aa0dcffae68d24497c4ba1dcad66b8e3aeba9c8085d377279b2412ccc8a87cbbce33defd97d847ee868ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07ef5bd2a0aa09c66d4961e1101f58fd

SHA1
bea5765bb8968f0c52b9b9ce6e021d6a01b8fc13

SHA256
de09a9d6fa9f222df00adbae47b56ee9be4860a1f8252f321c1a066fc388e56d

SHA512
7cafb205823e46e1b92c58ab0bb11b31ecb3f80e5398ed92f939a91aa55e8d5d7ab8b5c8ca9eca65757bd7af3304ff33bfc95dd52cc522130fee0643bb984413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a7dba266ba2388bc6b8fc47e06010778

SHA1
c91d19a4a5542676727a9adc78ecf6d96542bbde

SHA256
e824e3975fb04add258b11f577dbd97ab9e21432b7af3cccc0099a71cd66efa7

SHA512
2250e5b42703612fa065bb53d603e493eb634387a1bfcc8309e6b3bafab8e6b3e8603e48755346fffea84e1129bac7f87fba9622b7d3b5c29226da417f516794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c89cf68002ef570aa000f601d848e50

SHA1
f2f8c4c0d9fd9c69aa24592127282096e6c9d0f1

SHA256
bc353eaf86db0213f528e0c3c0f1d3b58684a62f80b37e44f989b8a600fe4014

SHA512
62b2a7c6b989078b1ae4ef26c8d562ec95d9fd3d8d0db3b98f5688482fc43cc9ceee592d1f59a997d035eebb50af4e3ec72aaf07d690ae6c4f5865b61bb5e3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af69bb57b7ed668c202bf82967f89127

SHA1
550260e615fcac41cc3014d9f7b86cff2f16f198

SHA256
8ff2256a32842c1282650daca1eb1bcd50e9ce30d2d61c386e774bcc9e039199

SHA512
3c72627d2b35ba3464ddbc6a7bd513e85ffe4954f91371bd1ff747e0a3f8545b2dbfb577f7553727a00c77f580e2013c6d1e3683ac80769d8830a9466eccad8f

Download Submit