8fb6b0c3fd2d00b515e7fab1d16eb2da9eaddaf97f20572470a5666f91e487b3

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

225961ebcc5731d0aaf0aec4c20b218e_JaffaCakes118.html
Size

79KB
MD5

225961ebcc5731d0aaf0aec4c20b218e
SHA1

dfdf689ae45a1d7bfea7f0dd0b0d26a7b9c7c515
SHA256

8fb6b0c3fd2d00b515e7fab1d16eb2da9eaddaf97f20572470a5666f91e487b3
SHA512

33756b932bca5b145795e7e0b9b1b5b2e31ecc2be3534800b249f67d79820dc4f689586eb066ee204d2c5b3b21ee0d48ca512f6c90803bd262f8123ad3c0fde9
SSDEEP

768:9qM8fQO81KJ8HO7EhPa1z/NWyXC+MPp9AV3WXntPxQXi29YiT:YM8b8QeO7Eo1IyXC+cn3tZk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
4048	msedge.exe
4048	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 2592	4048	msedge.exe	85
PID 4048 wrote to memory of 2592	4048	msedge.exe	85
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 1928	4048	msedge.exe	86
PID 4048 wrote to memory of 2308	4048	msedge.exe	87
PID 4048 wrote to memory of 2308	4048	msedge.exe	87
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88
PID 4048 wrote to memory of 4900	4048	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\225961ebcc5731d0aaf0aec4c20b218e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdea146f8,0x7ffcdea14708,0x7ffcdea14718
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1450242303310717157,10203924105169154757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
16KB

MD5
0a91196d0b5fd1e399a7962647bf99c5

SHA1
793c0c945f8f03678b09a57315bfea25d04b7467

SHA256
714be0796b4a2e56f38fc45f956e842695d52f9bd522d6c6f21a4b8d1d60d202

SHA512
fa3fd37dee6b287692ffb9c3421c4dc4ac8c2dc1a86b2e0ac05c2bb7fff769846ce0941230f6f1c77caac57888bc161cf9bdc38f6824931b59df4d2c36688a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f02b1c272548336ead6ed612c5e6c441

SHA1
18e7b26274f4bc2934487f931970bd1dfe9cf0c7

SHA256
4cf48bc50349f74af7703561358d425f72a103199b43514fb43020e0da461502

SHA512
58133a0e04407e88b603b32c55327d150c483e7c417ddfcfd3f6be8d5e5c0f20a30eaaed99c62b00c940b14d0464147571d16d2aba61f880bd4a235f0fe92e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
29de3862eadd7664175f3e291d349c15

SHA1
d1e446adbb8d756eb2c878dc1df6b8175d705817

SHA256
2b8635023a85b6f1af6be78181a7ae688a5cbf00faeaf0b63a96b4605e814d40

SHA512
3160fb45ffab50c57dc6641efad3e526715cbd5e5aa14f305dad9e68836d2eee0c6a7c6c7186210587f0d949e631d2687c108073759a12efb248556512fe723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
409d9c80042d38df1c0a32bffd7ecf08

SHA1
523726e32d3f8b13fe9acac6a32e55d8fc5d6d5d

SHA256
c69b5a294b13150ac8e7b1f6ce65f791426c6a5578dd268ac3d5b5448c8dcba0

SHA512
630109092bbff47ea0a7d091aa387b1cbf10ff59d7a3906a8c5cc97a9f00f8d98f589f1bf5e65ea07589d91cf9567e7961986b5045812c8bf757d802fc6505af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8b17a57c584a36a66908912f5ae6e7b

SHA1
dc0c7c0b9f9e28b170608bb493378ad0d611beb2

SHA256
d8eb148dfc48f7bcb5e726b53f518b9466e0b002dd757dffee770c0e85753b55

SHA512
398dbc5ea5c1df3c3ef719b6ae23f6d8db5b18b8474c69064c3cbc7bea252c9d3994d10ff194333410205bd16c33169a363b957a0fabd8dd7439c2844a78f0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d218851e4b34de5693acdb329b2b235

SHA1
97fef2dd778510c1cd7e8e75aefc7f5d84d63e20

SHA256
b0f7e66dca19bde94cc57ca4432faf17e7c0664891be863775b9d587c9fb0aa4

SHA512
94f36de55925e5f6bcf49272451219fca2b512c6005a68b0c40361a96c7f9125d79c71e6b00d73152fde2b4c56f79820b452ad5033f2b0e12d905d5daa815e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6ea760fd17dba7ca0a1484d86f3e962

SHA1
8b93c64194942678897078cb8d44fb4ca2135d57

SHA256
3c1e0e2997f09d0e8ed9bb186f3c8b18f9349e267608b5df82924767449769cc

SHA512
a0bb54fa34f00c34b20d4901c0242754b380222caff38bd438e2bcdb3f844971fa003864c6f0d76675fae98a596c3d01bf9bdfcdc5d96d733767216219731ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db82cbeff56df8ade2047b167c5f7074

SHA1
a0f8d1f6f93c68a3540acc522a0ac25d0870bd1a

SHA256
a454219ff50ed66c694e03eb28bcf83804e472435501ffef339acec260680468

SHA512
796c6a8770c5cf2cf45ca33b6802e41f645ad7143b8eb0b20486482b7adb51fd66b5d2ff13b8c61fdb269632653d8bf0861aaab0cfc03bb4ee069a49b349e34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9ea63c4f4372c6d58000a580c86ca04

SHA1
bd2a7670d6ecd6032dd722f8728a0fd1471ebfd4

SHA256
61df8c2d008bdc08df11141e867a7d6d0d7895002c2ba0fc9e7c85ea0d41b486

SHA512
fb01c10a4b7d7a3afa4f9d44222c652db2a226f2398a18f5ad04c082805dae4becb43f335c5e4d817b0a5b47c088bf1a505fd25bf8b999da0f550bec3bb057af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4ab8d15df4264c3ff67da7dafced4ed

SHA1
a9f8b8e28870e4deb64612655d23f2fe4eb00362

SHA256
ed5cc432b339ad16692ea4ef4f9dceca5c6863ab61de3bb7d96a3f2cd17776a1

SHA512
040b8696ceeac7d3dd518e3ee165efe1d3feac37d47a2058503de3721682dbfa3b32ee5e961843dfeabc12da4ee60d21e8b5cb569f2e6bf69c019fd737ebd7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40a178ac2912171ae4146fbb1a2afca8

SHA1
6fc4e2bfb24607ad0d02f6c6151f5a80f79144ec

SHA256
79909b7d1ddbf14f1d467665bc1d32e87cff61009aac556ee0ddf01bd370e5a9

SHA512
fb0ab162c354540770d9e9d612a123057498099dffe8dcb84205472bc2979a14543a98e127c211a2964e71095f27538ade7d77a226a38ec43b8fca75eac4ca39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8d4e9ec1a13333e99e02b0a6cbb057a5

SHA1
458d8c56eb27e303d1431ded2f7be03b2c9e5361

SHA256
06a136f8d2d5d22594b79f37194315810f91f6110d599308c1d7488de9a053ab

SHA512
1fa8a9ffa307bb5851f5519064403ec9761c9b391d63462b3f4990bce8cffd2015ccc09e1257017098b35e71751d54052ba7d8323e7b65bda22c891d31e84ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d5fb6fee295abdce0772fde88ceda6ef

SHA1
dc2bc0243df9afa48a73545a4832725c995ca81f

SHA256
673243ce704eb8bbd18ed9e2d2c52afe0d6808a253e35796ffd4ae45d342fbbe

SHA512
ab484e598451db6b8ee00b223362cc88d40c7c0975c7414782dd75da32a9231b4151b665b172a542cde46163e4e6860711e9f17160cb808ce2decf9eb240aa8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
86fd7d2527baaa063c8f3de502a708b1

SHA1
df957302834cee3cb7eaf1a1f253a5c7b86a31fa

SHA256
9678780789bc29ca7e46add4ae0b942c083223a02eb14928bb4be4c3b4b10b34

SHA512
41a7fd902920a2126c7ca0cd3d9ab208be6ef5a3da6fec93e68a5e0bf367a6e59ee9f13474d8ec5318c35e66db72b601689f5c0a5467971b0019c3c33b2f6276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583870.TMP

Filesize
367B

MD5
dfcde91f639e75d04891c9198e38a85d

SHA1
407f4a7868376368628e83effcb05c14e5eb2778

SHA256
b566f502cad6faa1c631be773f39cbbc00d4d19fbae4cf0396a4f5017cf91f4e

SHA512
560c245d244b93312cd8ef1db1cc0b18e8d3cf3e86417ed5900e1f97a1e0d5d4e32324f6f04577c6637225c443b0fda8a3244fa571e246a64782c19b7177647c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9129f155c4c0d586d8e2cc2d7222937f

SHA1
4653957ed497f0bd9d5fe0bbe729a80282a22dfe

SHA256
5e406863f53a17c0f49860c27134ee9aac8b9663105b88970dcc5faad417c4aa

SHA512
5f3c4a61fe296c9c748c3b1fee76799f9d742287ec1a755fb0f060eca0f964827a3951880cc3354934cab58258cd71f50eb72a247a31fbcc05715ddc70dbde0e

Download Submit