094a1c101f3782110c9eae7ebd6d1d1665683b6bf6e5d96f128b9737ce9c5f46

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e0cd1309a1b60e2da061e70382edc1e_JaffaCakes118.html
Size

77KB
MD5

2e0cd1309a1b60e2da061e70382edc1e
SHA1

c2936941e10c95ecdc1ce47725358b4ec023cb3a
SHA256

094a1c101f3782110c9eae7ebd6d1d1665683b6bf6e5d96f128b9737ce9c5f46
SHA512

fc98a02394da230392b9d0b643409861615d102ff681fc967d522e4136a095c98a21b012c54dac15f840415984fce9b8b50fa6a19dcbf55a819f8044510c2bbe
SSDEEP

1536:6wgr8VkeO3H5D1ysLMVIqxSYnSiha88aS6cgRrlxf1s:eeO3H5D1ysLMVIqxCiha8Nrxf1s

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
2672	msedge.exe
2672	msedge.exe
1348	identity_helper.exe
1348	identity_helper.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 4444	2672	msedge.exe	82
PID 2672 wrote to memory of 4444	2672	msedge.exe	82
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 3568	2672	msedge.exe	83
PID 2672 wrote to memory of 392	2672	msedge.exe	84
PID 2672 wrote to memory of 392	2672	msedge.exe	84
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85
PID 2672 wrote to memory of 2864	2672	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e0cd1309a1b60e2da061e70382edc1e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff62e646f8,0x7fff62e64708,0x7fff62e64718
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6670040568574664446,8445598029499894188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
33KB

MD5
325994b054fb56bbc44cff13f395ee19

SHA1
fdbbc190de6a5e30713b544166fc5500215deb4a

SHA256
088d69051572de54ae76189a3bcadea4937b714a60af686ce4e344cb8b754d85

SHA512
b117067152177e634d6ffd29aaf05ed281ac4d24199d72dd1bbf8d678f9c77fe4f299abbc62f2dfc43bdfc17ecb93e48e252bfd0fcecbf6c0964d4eddcd499cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
522502621a31eeb7679166fcc3ce06d2

SHA1
bb7a73cd079d8c8fc352c33f62af977ae74af51b

SHA256
af2fb87aa58032445c7a7a7b6465adaabcee921c3239815e65a4d278f0c3d7ef

SHA512
b6857be33675c179be673ef4fd070d22518f741b36e5f3ece37aafa8b699fcee353e85586c9c65a1499468e2fa2487575ec700e9c889feb2414a6a5628f532f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
9b51f1615991b9c0c1f0c2bf3db8aa8c

SHA1
2aed02f7adb7224656ef2acdfac63cda4ae3f91e

SHA256
2e55049a69c14e07eb2d7a0bfd0e4de1b2ab06c9f7a5352b778c7c5f5eeaadbf

SHA512
b16a36e186b824c01d8329c7f54ec84dde45c056eab1869b97d827d8b7144d4558b70c0a38c203c38be22931c0d4b66f97c18bb034078a7574b65708b0c9418a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4bec2111a1fa09b61fc087303967dc27

SHA1
176bcabc01399ad99d4d3823b1fb9b618de43084

SHA256
b86890ca2a489dd9cfc56d2b46558b8cd9ce3815aa427aba1d048f9706ae2c65

SHA512
bcc616fc316ad03b88133855d2df1994440de03564e36d169cebb940733313c4d6aee6545b0cd80edca55ecb154b34d17ef18fbe125ee9a2e7bb87dc3e73f9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
be581a45c3cbeaebda3d7f58cf6922f4

SHA1
d21fe97422e7648e0264e917fd29ef1d92af4114

SHA256
8c1490220ae2ec3b7cc9a49d49cd3ba8f1b52d8a00316f5613e1ded229443632

SHA512
b8e9da26fbd271bf82a976283a62e5dccbf9cf59cf056fd41e4ac4c348b0ec31c0e0d618d89f984c5a2e43b8261896614a69b28f4bffab0e44c829173b068f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f91d29f78ade1c3eb13e3b97cd0ce4fa

SHA1
37733b79077db328ded4e55037946f6210bb3287

SHA256
5d6d8f83506c7fe3c9d649f1597f7188560ca8ab5b96a622f018e5cd304ed902

SHA512
980535554d142b793c6b5152d972ced25e154fbd4eaf0baeaf02d0d3b71cce3e2621e2ba72c8185adaf9b072b0f0fe6535312b65da8a233ace90056856d9b5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c906889e5fbe3fcf0740a65e3e20722d

SHA1
1662b6fec377c306fef7f1b25eff39e3f92601d6

SHA256
f20530751fd2c86243f0f8310cfb45b1d9df3ac63681f3fecd9a009fcf3d95f4

SHA512
fca6f0cc187f079d507091b1f4e4cac38ce91737c9f550f6c96a8ff75a6efba82be1818f2e1401cc7100c3b5101794d5a495a35b8bde7e404147902c6c854dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef29c7afca9b9e1b572ed2ec4307fbb1

SHA1
200d59f3ec15bab9000332816272158a1ad2ebce

SHA256
0b29ed6eef932002a4cc57def782338b084d5e3eb5937ee0451f985a15c65ef7

SHA512
bf613559d7441f97d8174b88a734f2dc3cb2b4b041fe653f8d7272f7c4e965b93e3376bcd270b24c1bae09b0143cdb82714ebcb6c9517987e9f8489271ec2068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c48e6ac7d60e0b286b5727b383d1f523

SHA1
1320afaaf7bada0336d1c06edae8bdac35d5529a

SHA256
29dbc4a2dff96fa31535c34d42d4f60e4be0f7a7e70dddc7cdd21a4f51b76dd2

SHA512
9aa0baae719088b86d1d6ddb08fd547a637fea8ea9863e396af53a3b038f1377a7a67fa37dc8be05acda5be9dd973e974d0cd7f620acca7f37c916c060887060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74bee0cdd4075ef1af98111156b41c92

SHA1
462e9a4ff5bf90f45b6d4986a8a6700caa4a43dd

SHA256
c70384da8ca657c4078bfe538509ecb810054afada06534978133133e7768faa

SHA512
c250eb0b0c0bb38f3934aba9c54b00d8b0a2d571ec33b87a6646bda4ed7a0ae9103cd5d4b2c7438aa6f7ef1d8455b908674458546ecc9f2647a7e5f89d5ddecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
834e5d610421bd36b4f7b7cc9f589723

SHA1
99995058184cc54e424eac24ba7e9b0686780965

SHA256
ddb6512d6474781546fbbdbc915da61717e9d90636ee469d51684ccb68e964c1

SHA512
5ef7612f7b788456570529a31347da44d5e52def416b9a956bead1cb7a017c8084163bf5fc11d269c79fbba4b7244a24fc58366b95be0d2c26da82640cd6d7ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ddf6d17c2b65f7fb6de394014b1585bc

SHA1
b1ac693c1283d0f08f2b9327e414e21c02d49996

SHA256
94a551af060097b99dcc76e917eba8e8b89b8fe0295d1436793811e0d3e66a32

SHA512
4e176b38d3789e63b0e323195ad1fd62094ca01f8dc3eaafdadb7eceed9b3e0ab4ed05bdc68e2fa6f883a9b74cf8af1b627c587fef154f1eb2be3976d8de28a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0182e0fea9a9a8a07287a1159afa797c

SHA1
bb32d9a537a2438604c78c711b51a0699fe08a09

SHA256
b97409c60381ac92843a3063b4ec923f66e334c0eb8d37f3a494ada022912d68

SHA512
1638b793f6b2c01266514cb62dc2f4271ea7329faf3c13784b47f9560914e23c155b7ff6ae06071b5ffce8c4125c22199ceb57db2471d012081e062c18af41f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
2ce87c1cc8581ad29545533b05dc3900

SHA1
0860feab46f4c0b71876711d59f4a9f08d4b051f

SHA256
b594fc4de2f579a0004b8f49b41e7db324a89a5d9bf7bcb3d41b3d90dab389c8

SHA512
15baa464a41ca79c15a542039787f59d605e3c9d1817ac0dc881f63381d6a28182750d73615fe285538284d9ee65073c04abaff82a8f23b6e0a3176ab34db5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
74abdf8baadf82499fea2b6591ff494c

SHA1
bedf29468fe49ec1275bf733668695d64c61642c

SHA256
6d8cfe2f2f5bed8099410d402efc0236270b76e06b11c6ff009021a9418d4492

SHA512
67278bcc9895e04d9e67b5d80aa4e027f7dce680f3c8d61acfceb35c299423582ca5f9eed9e6f4fcd6ae0550baec9d69b538c40926cc5099aab3aad4f47c966f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582872.TMP

Filesize
371B

MD5
b5c52d405bc849a6080843d0f8669b99

SHA1
2ee2a60619506ce3e4cc0528eebbddd1ec8c0e00

SHA256
1ede73a72526c0ddbd5dd990e58c5a723f6f87f509c65b1cfdddbad64eada14d

SHA512
faeef349d135d08a2fdbd85b7750bfd65f8bda3a7a60ec78d48586b7a4ccf463eb1768cec25400028e734283d458eb8acc16d6edf9358d2c0368d86a22f38f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7be39fa814534f22f3f538dc43e8576f

SHA1
bbe929f3e6e345737b1d9e944502f6a9a075cb3a

SHA256
8df033673a5fbb26d449ba13ee02a8fde2a5953cc26736c25f538271d426a63a

SHA512
ec2dd4334c4b5b3f91da5c432a1aeff180a504912472108316be8ee74da266c2686fb3a1f50e9e6d9a087cae80a274c55e5bf09263e619164462ce0e9e42bd0f

Download Submit