5d1e5d57cb47df10c6335c07ddfad2945d61462f64d11bc48d4d5a88077c4bd1

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 01:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

379a5decb1ea0b2f38a4c8cf879242c1_JaffaCakes118.html
Size

105KB
MD5

379a5decb1ea0b2f38a4c8cf879242c1
SHA1

2f7801a39c8982b3d81ce2d01a14c29e348c3b20
SHA256

5d1e5d57cb47df10c6335c07ddfad2945d61462f64d11bc48d4d5a88077c4bd1
SHA512

f2de8cf380073510f12f7eca03048d5aa3877f7b6d9f6460e9acc1472d464ac3a250c8a5606366fe2c3b56fe8b9a3caea9db3e3646c6983713abd764aead7670
SSDEEP

3072:ILkb0T5ZmZmk6xNcwp7eNnT4mEuqpo+c7ZUfhOuExLREBrexu/o6HWcS+0:/YVZmZmk6xVieyfuhrexuW

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
29	sites.google.com
11	sites.google.com
28	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
884	msedge.exe
884	msedge.exe
516	identity_helper.exe
516	identity_helper.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 2948	884	msedge.exe	83
PID 884 wrote to memory of 2948	884	msedge.exe	83
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 4796	884	msedge.exe	84
PID 884 wrote to memory of 2808	884	msedge.exe	85
PID 884 wrote to memory of 2808	884	msedge.exe	85
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86
PID 884 wrote to memory of 4848	884	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\379a5decb1ea0b2f38a4c8cf879242c1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c134718
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7008 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6258335888617810111,17494980705230565219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c607999-0ea0-44bc-bb6c-23f71eab2e89.tmp

Filesize
5KB

MD5
cae4f652ba611b1a933b0922f36eef2b

SHA1
0fc0cbed6c802985f2bfec3777681ec73cd5f30d

SHA256
d3d0656802f1e8a7dc0ed219766f540e98903961e3d6012db9cb1b36f87aa5ca

SHA512
e51ae7de4769cb868701eed03e8c479eef02979f73e483184952ac096ac5d8c1cea7e4927ddb06c72234e683cf39178c3de7297bcffe7a16b04be05a58422872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
240B

MD5
c85f373efe2bb0b6cdbacb5fa17d3dca

SHA1
dabc0f08b7faa64a961fd586fbc3f14354a3f90c

SHA256
27fceca6faf270ec226ac2b8ece3a86b80799ca9a87d76c9ffebddf60ddfa7ef

SHA512
22c21933d6fb290ff7ee1ddfd33b6fe79a9b9505d9be2f188120c19bcf715e301b43089d5d3c6b16bc8cdfcad38af44a42edec8902592dc0c98f11a4c6ffc521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f81885ff52a0bdfde094f236e3516797

SHA1
e9bb8b8e3a2a6c9afaec96cddfb0dd0ffaaf3457

SHA256
9289b1a9015eaccebf711b59cd0029f6077f80d52576a04d0f148dddc05c3aeb

SHA512
688bd42a965e3e3a3ff8795746c36393c38a4d49881bb0e9ffe6a590ed3a7dfdb964a6da842eb663f6d01d02357a25da803ea777b265114e39d221e74d519cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d56cf69fd6fdf619d43ac570ee412cad

SHA1
bafaa392fe79c8fd4466b1741b32fe941b5b0a62

SHA256
49f35bd2a55708dd863e856fc24fd87f1bdbf3b873416a9defe7f4ff98ababb8

SHA512
a076b1328c89b4e7e43d0c286e72a24c952bd706abc8f3a49a0c05169da7fefe11f9b8f9fcb91b5a22bb6642cc9e613929697fe2674f56b1161038db80c43574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9845a6aad5f8e9e6ea54866c3d89e703

SHA1
af776ee64f2369596ff024b3c925594b2fc4a7ea

SHA256
5815b36cd3b3adb0d18828bf7f8fcfd2bb0646575fd98a6a7bb35a930fe791dc

SHA512
e8b8d3e0f5d14853711c9f1f03d892173b0a3f65fc1de344ad9e84045bf3f4431b83aeda5b01db9b3e18db285deb25761a55ddfa3e79b3909f294fc21b6131ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8b6b9b5aba476a081e514c7cff0a6fcf

SHA1
cd62023b7b203f474364bb48e09555b4758a6ef4

SHA256
5fe0e1b0a494e4249e69dc23f073cd0aa2b60021a38f91598f379ed2a42e59e1

SHA512
c816ae3095d16623f910a2a45dcc74b017f39202a4a4c527088d466a987ed77cfa75962308896223abc00708998e422bfca6308427bb8f216a1c335943dde0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
658234124096a2f56167abe46c387c34

SHA1
8cc48a159b03b441138d21376cc80b0a372d5654

SHA256
ef7eceb5112ef0d67f2fe37ecc7b7b38e46958179569c1b0b552e547ee52fd92

SHA512
0a575b373cfff9cd141f6bdafd163d2886064342a4409737ade849164ab22ac8b2feffd93d7778a37af334d6b3afa97635d915cb7ec90958a28b677c98807210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d61987fbc401c37b9e8a7cfc412fc2e5

SHA1
668fe5b661a77cc2472ab1cdab402de8c475bad0

SHA256
8d0fad60af78defeaea913ea8fa9e5cb87670e447474a0d240511c0ca6e278e3

SHA512
c4b978dd24a3018c46ad12fd9644863dfa2c6f54db6dbfa7e4c33e1e9da22e56c3cbe9d077359794604d6a9b94f1f195160c67b13829760baf1938410e23824b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
bf11671e2894d824a29840ede417dc04

SHA1
54e3997746e945a28dec808961528c7d1f5ce8e4

SHA256
07a662ad737b0f94646bbf64c8380a67e9959eb78577d97a16997f10fc929efb

SHA512
043426c0dba51f2684e42ddcd1515d544b60b9eeab88c1977471878f25eb9ecb64e975be33bdf1585f5b461fb1138730009a4c6e69b6d899c0ed687687795551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
1722355a83f34213db8c0b8f7662e374

SHA1
108b86e9116b01f9486e98f9e989dd87bc864c84

SHA256
4b13da8e4d97a29c4953053db2cd797c70fcd0582423a52db6b42e49ab2d053c

SHA512
9eb7f6a386c32504fba18c9b44f007574dbfb50207331cdd0bb5f4d3d0ebb44c1edd43882d2b1e5fb0df579cd342cde4a83086fa4bf1aba1c340adf936f07a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
d7718eb7dca70fe2db6836a45713c383

SHA1
81847276005491d75afb77811cca6149d7e85bd4

SHA256
587ede77001dc54be89aa84994e17ac92d60c423bbe4d1790aa122f9161996ea

SHA512
0e325e14cb452a3f59c4d91a49ace1512c03cce24413ccfaffad7392d8edb3c3c68780258ed87f58e0a12afec276cfec73ffbcd9fd834f6a06aaa25fdc11c68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d5de.TMP

Filesize
537B

MD5
f34d49cfed44b44a8e047d461c267e02

SHA1
a84849d901428383784acf7ec3e8e4941947b52a

SHA256
171cb92f5001a381d143bf1d93faf7e441427517e2c47eb18d1d65f8bb32736c

SHA512
a0946b0a40413e048da730bd20a7b5c6ae2108a2eecb49d9fd67af76f3dfe115fc936785a5d5a9f8df36556a742db3982785f7afc9d8791c842e46c468b39ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\adfb02b9-8e2a-4648-b8e7-94989a54fa23.tmp

Filesize
7KB

MD5
3e8f84b50beae548ba44a163a60b305c

SHA1
5af6fbbc37966efe99cebfb51d13758ef6a1784c

SHA256
436f1fcaa5e94c8ca99deb7a1742ae6efead6991549b279ef8540a6f0f59f2a9

SHA512
412b5c777cb197774a6fc2571d7a96ddfd6362096796cc34f8d29fb697a602f646d22be1c73693729c31cd1c7bd905875ac53badd2474b54ce5e58e4e4f11fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ab982b7c9000bdaad27ceb07ff65b36

SHA1
685b851353e135930ccd85c95674834495960a59

SHA256
47e7df7abfc093c3030053aeadcd33bc47ca1f984dfcfcad2d2d5096e69c8a85

SHA512
9fbafa2f43723d83198858eed433ec13b9ef215df54dd0943616189a53c4fc0298ace663fbeb1fd761ef0366a9db21039c03553bbcd010e3de11b58ff97aa5ad

Download Submit