6d132688cc5692e6c00ee488b71e44eb3ce016f4156aaf1ae3d8540785f6eb0c

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

361ea2b69020efeb8647c86a9e5a409c_JaffaCakes118.html
Size

165KB
MD5

361ea2b69020efeb8647c86a9e5a409c
SHA1

cf16e2788154afbc2e5a5d4321e55009e5525428
SHA256

6d132688cc5692e6c00ee488b71e44eb3ce016f4156aaf1ae3d8540785f6eb0c
SHA512

2afd13b0b5ed126aa167007be0dff2b2ebdf5b15bbee1ef5635ef1f079642842f3fe4568d43f2a257d9bdd8c13bfc68c1b55a4929ea95d941b078fbabe8bce69
SSDEEP

1536:SSOVTWIddNrYt93MXoN2kMmBoqO4pIgU4PCRFikC/NzMrh3YJ6849dnF7j4zUjXn:SjWMvrSj/BoqtpTCykC/1KfdF7/jXX3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{8077B48A-65D9-4A88-83E5-BB231597631D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
4064	msedge.exe
4064	msedge.exe
5028	msedge.exe
5028	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
5024	identity_helper.exe
5024	identity_helper.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 2812	4064	msedge.exe	84
PID 4064 wrote to memory of 2812	4064	msedge.exe	84
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 4860	4064	msedge.exe	85
PID 4064 wrote to memory of 3768	4064	msedge.exe	86
PID 4064 wrote to memory of 3768	4064	msedge.exe	86
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87
PID 4064 wrote to memory of 2196	4064	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\361ea2b69020efeb8647c86a9e5a409c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4d6046f8,0x7ffe4d604708,0x7ffe4d604718
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7456094021604976946,7953415743416318778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:1072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
80KB

MD5
b1b9eb3dc0f5ab1db4ce5421efbfc73a

SHA1
da4bfd1637d6c549b38f051a2092ebf370fa16d9

SHA256
1ad6705c8fd84cbbbeb9c6b8f6b6fe9d9e37997b8f6fae61a9d5cd37bb82d5af

SHA512
623433bebe8eaff9b5dd12064853797de3d09cbece7def33f8789594176ad8391118f5936b159b4c0d771a3688d9247b0fcfc4c3293a70f822e57885e81f457c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
248KB

MD5
be87923943e24cbac994ee3f3a21f668

SHA1
7716f489aab81e8493ccbb0fb553ef435d321eab

SHA256
5e08e57b4d0dc6067c50cdd6c261ab8096aa8fe8310308146864014f5825d797

SHA512
25b4c6462e190c18c414016edba8c7c22667f4a5edecc3e4b9fc6e9401009bd6f3b8bb447b46a03641f344002c32c2a64f82d543ce412d1111cb34e421de254d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
36KB

MD5
decdeea0c589af89c5ddb079fc94b39a

SHA1
833bb1d3ab9af39ebdab733f1977e83ef107dc99

SHA256
096465c7f9674b804e9b7de247f56f85a71b72b76ac9742d1942a0ce2eec7c5d

SHA512
6b54d514395760289493dd2ae06cf01834a80011c4afbb5588ada10dbaa2df6c6b77c19ff7883dd245220b183d957dbcf694610aaa70555c5d4e3a6194aafd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
f71c16e27ac9da3c0be3ac20889435b3

SHA1
c447f9cd63d1604beced4adb4cd6bc800d13b337

SHA256
86eb3df3af832c12b3f02825444c60d63420975313d8a79b2e17f3e8f4394c12

SHA512
7f40445729bc48674b3f823ff54f15ae1e2adcfe8bf766931ef9e283165aeba0c46f5792dc5d35433807bd354f445094c125e4babda0a4af7ba999fa1888681e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
72KB

MD5
81e955b1722d94104756466b8b03c017

SHA1
b4d81a806902e499d6174beb388cecccda56c22f

SHA256
916cb4ea140483d8e3b522d5797c7f70eb59dd29671194309b86d58a6e9280ec

SHA512
263a65aab832e7c6e0c9ffbc2718392974b4f36e1cf3b156df7177f3875c93f82bcb972247390a9e3a2db87007de5bf0fb2fdf679296a0cc02fcde165ffb3652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
18KB

MD5
ed01d6da28db46aae22fc851432adb6b

SHA1
6a8abfad4917d22735ae5778468e2b3a4c8c9d58

SHA256
42c6587a37d7878250e6d6d02ee86785a78fc2454add0607cd8bd6eb9b032400

SHA512
ba3a0c96cdd94a945173463e196fffa76109588a17d8db3938c134f9250a12066948a8bb0a13d6961761687d8babe29fe6df7d312475303f9a5d4ecd10173dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
18KB

MD5
4631b617856db00aceb3afe21e437977

SHA1
a95dbd2aa4dc7713667af27e567e50340b81a47f

SHA256
8a06f09971b657e7d397f6fe1712618c4b082c438e7e843b5f3d5861109a6ffc

SHA512
c653f5024b86bc1df8be0f009205b536fc806b8ec7245e5308539dc69bb493277f85d48c80225303d25c41b10793be7aeb35a1def7e7ca1a6670f8c3fcca1684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
c15f68c019fb60953f252d7cf377d40f

SHA1
ce54686b3841dc63b3995edd87e6e09355ce443d

SHA256
ef550e676dce139d1caee069c104c71fbe66824acdca1534c3af65b47ec0b77f

SHA512
2394611234aa405fe274205cd09941bbededf55794df1a2a932730a97c82616aea5f5548df8a858aaade1a71a3d5facb053c261e04a1334b97254666cfa6eae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
34KB

MD5
b60903d25d8d9d4d64d417f7c46cdf68

SHA1
085de7f753b9d0aa6c18f36911372513f4705cb2

SHA256
39d9f561fd6cec1202da5dcbf6e90ac40832764cffb73c2b35c5027709f30b45

SHA512
19c8e39d57f48bb8ffd9fbd7f7dad4aaf6fbe6dbf0262cab8fcf5417031a74dfae256956e7e32bbdad7fb8c9767bc9c61ca7cebd1564a8ba8f5da3dbd45bfd1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
17KB

MD5
d468bd068a6f62aa27ead7d107a7c192

SHA1
175c23a4ac4f49469a626581cb5ebbfeb197c5b9

SHA256
e8a9607a63cc017449f11930729a55c0fefcdee1fa77de0369f7b2a2e9fea1c3

SHA512
21ae564bfd25487aedbf6385a559d3078ce69123bd9c3f167e3dcf4303b20ab62ff41235033a60d420e69b49ca740117eea3076bdb9af7edf5bdfc4ce36e6652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
17KB

MD5
b9cc046a188a845a514f0399d6a3c2de

SHA1
e1e98218bef47646b3a6a544e8e361feb4dc0d3f

SHA256
818f5365a6338cea8ff10c9e903e6f4523caeda547465b40cb1ced78d65b1257

SHA512
575a682f04793430b6126898b5c460209c3210c128ff0c9cd69b32cac2f1de0fa31d6b45291121b9f25ef6629efcb2344d70c8b75fc109b6b3965864f1ba4f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
258KB

MD5
dbec75e05590e426663faa6aac4de82a

SHA1
74d5224eb9c8dd27e9394a4a6b84f0a3ebb33658

SHA256
8ea927b0b4560030bbeb968f3fbd217aac15db79a8a24bb66732a011dcb2ad73

SHA512
3e234732c2fde4e4076b047d4bd484364bc789019074572a83a4315da0acdcba4bb01042c14dc6ea36cac73e7b0e18903aebc533a1f8064f6dbcff39fdcb0d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
66KB

MD5
acdd7230f204bb525d8ac5610c50a60f

SHA1
99c1e41bccb68205bd83a7d365ad268d0bb78118

SHA256
5dadbe51b4d7069c891221f416443652cfc763c3d0636af3c4a39d087c725197

SHA512
6f066b2414255d1de8e5a13e33b29b18926d9722ef89db8f287e63efa55c532d68d97e5c329019bc5e6ac4a9d2016a393424f7ee7308a4269eea0eb5466d71ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4b90271703bb0305367a6ae825d51bcc

SHA1
b055fff3406791a626c0faeeddd20fbea0dc8115

SHA256
82dfe6c0eee3fd74a3fde4f80e73531555554ab1e653037b0e605068e94b6da6

SHA512
d2555e4acfa56ecfe31315af8d1f2b9d2a623dec1a5a2f79efe9b96bf59cc1e129daf13c981499234a27f8eb221c2bdbbd0e25019171f1b7d7e69936f5b4f186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
db5147c01a938e78ee1500bde974503e

SHA1
3bde9d146704c3a5fe823726f51474445aa417a8

SHA256
853b1cd6c47b8f61a93fc8aed867a404b048dd933227dddd278ca80a0a010cbe

SHA512
7db53e194e5e798706ba1a7d32ee8eff65cd552320591e59d637fa68d8bafbcf435a564d68588b91a4e89725de19f279e936fe2cbca27444111bcafcd577e1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
73639b3d10f751d910f21b0c32517f15

SHA1
095439e175a4281cb652a303eadc1a9cd3eb0f26

SHA256
7c6be41715c9dce8333695aa35709e75a8398dbaad8eafd22f51c49f0f03cf17

SHA512
d0aa31462d1fed23195016ff895845f09b173b2c2563096fba95e9197e5ee06738f043ee7f3c795dba13502e49c736e30b9e9bdaba916940016ac1cf73871812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
94fc2e47731464e181253e74b60905d9

SHA1
2ff8ef20a514c7a4d990a8f5d8191bd2d3d12586

SHA256
8d8b5ba449e076a315352b9d896ce1229fc6a04e233a1c4cacdd2a9be43ff82f

SHA512
1102ced5ec92a57698979fcf2ddd9442e25f1ce4a39194b5809623c810bd6669550f34f8581ca3a9b5812765ebad79df46aab8c8dc59abb9c6a80c3086556ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24b16dcc4e56311bba9de8dd727692ad

SHA1
e6c21c2357f744bf38ef9eea04df92b4c7c0fbc2

SHA256
ed289df39f6e776b881b8534892b0ce6e766886e5900a2532a4c47972a2e19d7

SHA512
e9e12125c3287ee3f065175687d434259ee4005425992dd88c71a068ab4d8946cec7fd66f5c8893e7452225d401e9393ee927247becb74cca66c3b24822058a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4dd281be62abe8cc8cc4c354f05c05a9

SHA1
259e8100b331a32410ad763320bace6dad78be01

SHA256
665e2199c482301ec6a63ee01c1cfc62a5e3922611f9c2748a90614ff80e7fca

SHA512
b0c5dff0eecde73469a794dd6de93695b641eae2e390914ab4e4c377c04e48ff778b0f4383983a2e648644d1453940dca66bdfb4ca9f9ac7b2751558daa631ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
434d6f194750006d4c13ed274363c396

SHA1
b600d80739c9cb41692efbd056fb983c3f739192

SHA256
0d69a1b844ba01a8c28a59bcf4f8ca3fb65428630c1576627b64e6decf89ee04

SHA512
34b0780c10b77846182e2deef8c0d6b18d6a1ed2ae784c6305ce92c71854825df81313e7bf0f4893a8f904d80147ace715c54a021b356a05bb59ca6fb219a540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fba3cd55496abe4aab2ed09a359f8619

SHA1
0a4f884f094e9da4f5158430bf20e2919774ea90

SHA256
83e50df1d4bfebe5e5d1d88c5e9b1aa787957eac759008a259ec2bfcd8909873

SHA512
00cf7a487d3b8cf80e4a40e0b85600b8fcc4c44c6a9306c872fe4af4aa91b35fe3961204f17a2f70ae9bf35ceddf512f070ecc7b2d2876b1484addfcea01a7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a28ffa4db35a3208cb1b2539f42f6d7b

SHA1
f8f441fe48a6ae23ab3e86a32e82ce23b6616c75

SHA256
2d8a42761a6782131740da78bfdf7ccc66eaa5f92cc80d80ef368b46ccc71894

SHA512
992af11c1ce20bb35ab2e0d7c02073d4f643d24ccc27fef6bd333871656d6a4d9d5a6a24b77dbb2d87becdd8d6cbc4f0ca20726ce305cae3fec2fc5e2b80e41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0fbc5cf31413c8a197acb36a0a085852

SHA1
102ae25ffdd39a4ec8cc2aa0ac3bec355664e6a5

SHA256
5592207aea6423385d353f66f44dd9685451e7030ddbee09e6495441a97a3f8d

SHA512
67f4ed841da65a673d362041c195fa777ce1ffbbc0c67686cf6e38a5b956ca7d3ac20998517a7f4a33994cf355c7f73a5214e5002bc26eddf71f6a41cba92f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37914e48967f2c01bc4f52b681493e7a

SHA1
a2bbd0917f3f13f73092651a04aedfabc5063f77

SHA256
a8bdbe2cf7d609038a78cd0f2aabc6f643f9d4a2343a83574d92371e1466b3f6

SHA512
4a157e5ef688f0832d50466939e02952af8f1d4d30b6f7aaca04ad75d5b96d72ab6d041ab7eeff82108ccd89d839eea10d2fa40c388877f0e54ecfa5cdc3f704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90fde04357c35d92303f680da4e7ea36

SHA1
f1740be0856be46b20cc4970612507c4595c0ab5

SHA256
e601a50e1f00342601b0de76f2f55b15811cae7d1229bea171c24ff3de4269a9

SHA512
c2b2083c0bb22215469486a8e7ee32f9c9535c0b7ede5ad60fdc14d9b394a3838437218b50249d39f9046a0642b98ab14d780cc6d142437d4efea2c684cfd4fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
97151958cdbb523b88a35e0248a85932

SHA1
99ed688624e25d7e3e0394963ae4c19d2f85a388

SHA256
3a1477b185c38fd5a3247fe784f10dc24a3e85bed9592399a33741f494de7030

SHA512
5cc824ea30f58505889156abd9136e430c9e830a0af3fb869f58426ea663c0fdf62ea0fc4b8cc0e21b8a70781d15b51fe92618973007f49222c09cb1637f43ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b575.TMP

Filesize
204B

MD5
11d8c217d34ba28ba2833c0c441c9571

SHA1
a95b6c8599d9021968f9739dc75fb9b853ce69b2

SHA256
29ded6aebe6b44b6e6cb06127cda2a215f0bfa135a9041f7eb6af7faea5507dd

SHA512
41ccff9ed349e75f4f0e9c44a829c3d0d1df80ebf375bd5326770b4aab83bef4b162ee66a90a807394637e2cdf6cfbf2967fd1d5a97b40de519b71f57e6c5a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ddec50366c4cffffaf25f2bd6c707b3b

SHA1
301b855ea22eb38ca91def5dc886710b9e2bc04d

SHA256
6bdac2692aa20f253c2d9122fa36be31cfab393ed13c60871c3d4591d9735a10

SHA512
65e7561c3c222533949d58d671f1ea46fb1765d192e890f2cb8edf2d55a088d422a158d50545c604414d207803bc5b86f3b262d00ee3dea84471efde0f0e598d

Download Submit