ed404489745c752dfd3dbe1f6fb399ed98b9e115aa46aa9b35b9d61b86d6abb8

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d0cae636ceda6796a1c7b97f54177d2_JaffaCakes118.html
Size

197KB
MD5

0d0cae636ceda6796a1c7b97f54177d2
SHA1

72cc6dfd9746a21f0ba3ea7b098bfeaee6b601a2
SHA256

ed404489745c752dfd3dbe1f6fb399ed98b9e115aa46aa9b35b9d61b86d6abb8
SHA512

1f97f041543c5ff0d563ab760eadea4bd0924c3e09db8506c961dd360921cc899876e28768a692aaa9244798adbbeae73a8461a243e680600c0f50e24ad76aed
SSDEEP

1536:dz5EapjHaQqiZ6agXOBHCBHvBH9BrMBH6BP2BYbBA6Bb6BPrB16BmjBe6B3CB56f:dzTpjHafVRqJDzw/hUTeOjiclj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
5584	identity_helper.exe
5584	identity_helper.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 1476	2456	msedge.exe	84
PID 2456 wrote to memory of 1476	2456	msedge.exe	84
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2512	2456	msedge.exe	85
PID 2456 wrote to memory of 2076	2456	msedge.exe	86
PID 2456 wrote to memory of 2076	2456	msedge.exe	86
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87
PID 2456 wrote to memory of 2484	2456	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d0cae636ceda6796a1c7b97f54177d2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e61746f8,0x7ff9e6174708,0x7ff9e6174718
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13173366532889537054,12811260718374203233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
17KB

MD5
3dbbf83b043c866df6d4a889ea0b42ca

SHA1
756810df056793ecadb26b2dee7f78ec5163b23a

SHA256
aa726a0da381d7247489a0e673ad39a48567146a53bd16b83d89242e186a180f

SHA512
6ee01eb9f3f7aa5f7e0af7a438b3a328d4e27bb29006d857996b2ca13d6a24e3f3be6d5d68fc3a320830b57e5f578e8badb8ae599db449cdc4680539ca6290ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
17KB

MD5
acbba8efd7406773a77ea92db434a8c8

SHA1
efc04737d4cdefbb2d0f6e29c0a6dd745642fb76

SHA256
66964627e2b7b1aa50e647cb7278d6a04ff8632cbc786563977962bcfdfc1bdd

SHA512
ecb406ef6b66490f88bad589660c819faa4887c1b6ea45e596859232183aa9204139a7cffa2bc969d9c08d59db83b0fd92c02fc8809442e02e4eeec7207f61e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
95KB

MD5
47ceb250999327d8551cbdb9c52d06e5

SHA1
46768652f80b7c347ac42472e432c90c511cdb4d

SHA256
120983da1fdc9d9bbde9e9d07b8371cc5aacb5cd8052dda6c401620a932dd3de

SHA512
d3f481fcb52b99a1550f1b27b30ef9ede97ed594fd45e9ed179cd20aacc661085c1cad4feef14a26b44d6c78f17c09b5ad24d3df3287d266dee70eae5d50bb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
46KB

MD5
b322e56a86b24d52ba6c2a10614ce78e

SHA1
9a990a198453af55e2c86f8a85ef6eebcb296f4a

SHA256
3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e

SHA512
0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
32KB

MD5
8b46159f0c940fc3e6abf99185f44f11

SHA1
1a2e27feaf823cf1a84a203d1bcd320a7f6771d1

SHA256
c77f0313cc7771a1dbcb739c98e4a8387669747c359cb59593b13c3891164979

SHA512
6e780c00db95c810b62752a5335e214d815aeaedaa220fda93a191b514d8d6a077e772665a1ba7f321d124c17b1d62a4f4b3837e4e4c65eb3d4e029999389560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
32KB

MD5
eda13c6b6a5166489f77c8d20050d7eb

SHA1
83d1706bc1bb4b7e491045b945c3b50db09f58dd

SHA256
6031816aca7ea5570e205613e1d9ca27f99dafad04dfaa478b78b7127acbb637

SHA512
b8cf001a29d1c1a1d9d075e7e695cd913d946ab657b77ef1e23bcb452cf301f7c6a7d7c6da921e49b56108e7794ec974ce44c0fe058180aa5c9e7771f2906357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
29ad9ea37ce397f90a9b0322792a453f

SHA1
e0ae24a29fe1daaecadcb6f6db1cd6e3d051a273

SHA256
e7ac7314e4507f160cd0c863fa5c2cdad5c8a0fe83d5421e184b9aea877c4a84

SHA512
444c3999c3673d298894d99c61d57cbebac28da2aa63826764ac8ec21b0eec81174b4e1483391bebc55b4a81e1b9e17d97702f3cd995694488f4821a33addb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2606a82f61e7e84b_0

Filesize
233B

MD5
cefbad3db26e17c5e2f1652a08333fe7

SHA1
98e46b847d2ed346ba0f812388c12dd04aafdbd9

SHA256
3014fc6f13b2012a27e1412406f69ff3c2f3b99ba03a80b16f0cc4f01e0ac8de

SHA512
d0c7d349659ebe8c39d84526f5ae35b62dcd27af68fa62f5d76b70698f52c6dde535c036278e968250822ef187e7bb84e3eb8c118ee66a5c7109e24b7f464c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
b4be616d5fb888f1084e2158e300f162

SHA1
0aaee2195492202e30e6f310d942b66ce62c081a

SHA256
2f4be8ea640568d75b7aa0cab93bbe6c8e933e7cd6211abfc4697655c8c132bf

SHA512
30281dac838bf5bc70a79675dd42ae1364b9c5ca1a1d444d153eab8b2665212553106a732559258fd524afbfbf4c6a426dd7bfaf97f7f290fd0fd769c7e648f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df7e9c60f3d52bae858d0118f793c5da

SHA1
8105edc473ea1e40923c816f0fe6bcad39d41f2e

SHA256
8fe4444ac575144dc80890593a415db97a5f732dd102b9468ad36f40d26d0ddc

SHA512
f241d626f220b9a1eb2a708cf2fa3b8afa55ebc0cd935328791043314a4e6c750f846381488c9023884333ff2820ae96ead187b0a653beac395a32056a5f0b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
817102fc0b6230f67b5c5d0b618fb32c

SHA1
5c4aa0443e5a37c6fe8ede46ce64e1b34938b5cb

SHA256
f94e6a059ece793374872f3fd3b0e469cb3853b5c156dbc656d9ad2220c92144

SHA512
6c99a1264e0d181f7adc50f88a4449570d5a79b2c2dab9eb91a1b8bd2aa6b7194b0ee5fdc1bdf6ff6934e11b7347c60b03f287d5d392089f62d86895811e8887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
df074c6b4193985c603d2a9914040433

SHA1
131fa5391f0eebe2b9e89dc0e0438e1fd6dbaa45

SHA256
e2b75da1ce72e0bfd186e851027466e9947bce66d16b90dca82bebc7fa310c4e

SHA512
0104eac5d671bf75fa8f7091224b670357cb9393369fdf032f7a00fd42d859e0ee15a1506792a5297da2294bd20a68122a767e7e232d21037b43c45613e10a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d70ef4055a1c6aa636815fad9a86ebf2

SHA1
2a6e62ac7728d9198eb927d6bebf3a02a547e6fa

SHA256
b36e9f9af415ab5933ef24f4ba4fe24d97a26b7db556aa4bd142bbb81bee5fae

SHA512
8d4983fb505771491ac31fd336c31a0bd2be0046504aba6e7b6a605c5dbe72e3c3a3a12264799617e722c4b554aa4ce0dae1b3764da8373d99cecf64d6937f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bf861345e4f94e740b5b20a723e5ed8

SHA1
ebba007c87a511abaa589f72505cacfdf4aa98cc

SHA256
32eac226ee57a1321643986208c3b3983da0dead46ee86fc09e75b7e46b46d0e

SHA512
be517d83aecfa5c090cec7817a6f9d676f0ee2058cdb87d198fa9d923b48c76450ca3be0020ed5c59ad18070d8c3d5b2a50ab54d188fe5494cdf3e7bda2f9362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d43aa4ddc7529e7c84a2585424124521

SHA1
624786941ab8bf311e57954a88cea015de2aa753

SHA256
d6448e6a9643b9dda35ee35578bf12149b3712e1edae709d9c147b6a7f239857

SHA512
006d3111289ab8209080c41d2adf7248c1485675b00b5c2bca5536a8a969e797189f71b6366274355f89cbd7d5447ad0661075ed027db3771fd615711edeef64

Download Submit