a8bba688b4707ca308986460b50083c8666423792dd66821dcd426b4b0a99fd0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48dd24a291a7feb19b50f59da87a412d_JaffaCakes118.html
Size

122KB
MD5

48dd24a291a7feb19b50f59da87a412d
SHA1

bfb83947a52a6c18c503017e9630454e06af80bb
SHA256

a8bba688b4707ca308986460b50083c8666423792dd66821dcd426b4b0a99fd0
SHA512

39e8640f36c881094ab6b0289d54de155328ba3f8eba57859a7fe06bf4a9ce1b74d0f5bcd068233552c18e96a70edf76f271127b9d65db3e364764860529b0b2
SSDEEP

768:EqM8fQO8bKJ8HO75yoZoH2BMPpoviQV3Wh5tgCr29Yy:JM8b8WeO7AEoWBcUyztXs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1492	msedge.exe
1492	msedge.exe
4272	msedge.exe
4272	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 3592	4272	msedge.exe	82
PID 4272 wrote to memory of 3592	4272	msedge.exe	82
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 3160	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	84
PID 4272 wrote to memory of 1492	4272	msedge.exe	84
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85
PID 4272 wrote to memory of 3540	4272	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\48dd24a291a7feb19b50f59da87a412d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a4718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5544 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8903949920542977054,4568989188460642069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8e34ad19-0429-4721-8d80-e4c595df8f9e.tmp

Filesize
11KB

MD5
7e3e82a3e2720f9598c8d36548751f39

SHA1
453e2dc54c0b5b6b512a4cbf1aa991395035da88

SHA256
b182d8cded624d35ee168f5f53b4616af56373920ffe5d5c5e26da43acaba30e

SHA512
fd7fbdfc9c2627353035752e9705cd4147e090074c69f29a16dd1117f70644c30821399d57c588b985b8e6bb1b873981dfc17290743fcecaf33f9d18c954176f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
33KB

MD5
430d0f52546401d2f8c037bb84952ebc

SHA1
446c9de67e5cc8c01e2108494fa0055693dc6993

SHA256
fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696

SHA512
6b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
46KB

MD5
a601783b430a8f930e3f10d74cf5094c

SHA1
79528fe1bcb67c3c25d6d813a9ff57a4c7eb8050

SHA256
8c94a9da768e6bec7c897a8ee08c1b95191970f3f3091a891ad472d6bf5305cb

SHA512
63d97e76d40f989969d0e11c13deac217adf5c45ec3d93c80169b9292bdda5fb585aa91673ba15a06fd33a350d16d73856c0aa52ac093fc52456e303b86aa6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
dee1b62a9f4a11242ebe5b01ea59e52f

SHA1
966e5e523d64286c55ef55b756d6fc1a3e7acda3

SHA256
fcc0692fc2f997e201933810aece674aa6e07c295e58b16fa58c4b2a17a6e23b

SHA512
cc22053c68b4ebd4f2b892739aa7595b22f3a2b8f34d9801df65c172a7752916ef081db7a6fc18b1c4bc66b7caef39269914fd6ec3ea2fbc21c250aaf3664906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
34361a339037420489e6dd84a4c9a126

SHA1
ab3efc2c61f5759d8c8fe5920ca827512876c25b

SHA256
8d1201ab4c0ceca91e13672662155e512d3b73bc46f1bcd0929e25ca5564f75b

SHA512
e01b21aa01307bdcff27f0b210266e85d3908d3e2c5638cfc6af6a96162917ca71e6e6f4774958f32df9d24a605f0232057ca6989eb02e150a09820eb913188a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5f015c5f5cd2f9f7daf28cea8f547b7c

SHA1
bc858cbe2ff8819c9a32a50d78f46f086e830f7e

SHA256
2bd40ff40691a2e9bc71275a9ff9ae26c77831267a239b9d0f4e0440a4ac5965

SHA512
f5f9fefb830254a28b6daf4c368f7e618fe298df0e012fc37e8842d575009d4265105e3ec253d7aea21625abdc23997ad1e2b582c21cd9bda51777bbbfba0e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1018B

MD5
d42c71345e59e6a374231de3f5f849ca

SHA1
f01291684be5f0f570276405f94e2f0366fdd36e

SHA256
7d223fea4d22deb063971a72ca8d95dd6ea9ceabad4ee9418b066b071a530aed

SHA512
8b33832611432199f6575e2b489fd61e83b335ce2f38152a2ab3b941c85382b20daaad6ef4230e5aeedcf0e0bbe2c775fb67f0381511e1a65a4c4932fb05ce1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47122f454b8f5449d665fb0ecb6e2bc5

SHA1
9b6e9c8079d7139bbbb7a7e5405c47d298624444

SHA256
062f0e4c18622e5c211d52efbae1a17ccfdb99bf3dd471b4be9a01a3858bd58d

SHA512
41e02b32207ed4d2513331dc7f74196bd54962b68cf4b4a46308e61a8f1f3b966775a468e5da61fafb546fc09d2b9a3d4bcc2e03dfd52fffcd9784779726998d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f140198dbe88805a6dbe694ec05d11c

SHA1
7e7e0fd40d81deb5f80201a3bd7b715527360a33

SHA256
a63215cc87f482da6fde94c8e8b51b98f926034f4bb28446f5518cc9e7a63020

SHA512
81583daba2d5a293c6e7b79762b77f1f80d7fd92cbfbc8fc545e35555ba547a90b01db92615634fe46cbbf030e8694d0f9da83ecd9dfafb0f70681c035d8a7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6199bac6194ecfd4aaeb3b36a1ea6984

SHA1
c9076cdbac12cd89180cdcc88d20ea98df09f66a

SHA256
0b56f40745e5978d88ec493343d0815821597371a476570f1ebe30585f745540

SHA512
7abfb7e4f378819efe288eeb16c400870aa2e3fd25d214a6d39dcd59b38508675fda7b50ef49c55e014850119ecb7780a9bc1fbd6e22c49ee8ec3cfb957a1945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f38145c5a26e5fb5e4058b7a71e063c

SHA1
be5c29a5a4a3ac57ff6c45934a66830ef931f604

SHA256
431fd536b8645dd154c944ab04751e44f51cd691338782c669226d45f460bef1

SHA512
ba51260c8007339a04ff93b83698aa9c9749a0a463f10541c471679dee874de37ff79e3b8cca4d9f777d51a9a00043f31f37d076298862045797b736d5ee438d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
74bb447bd3ad1432d4b00cf9d504bcbc

SHA1
897260bff365224463b92267938fcaa5803e3c8b

SHA256
455c3a39eed3e5a199b85218291c13311fbf729407043c39a42f8fb1b5b01535

SHA512
7b33f59bd5f59e3921b7cea318ce4cfeb1fee6072affcf3e0037fb038bb8c26cfc868e4950ec4cf3a6d4344bcb178e9153a32eed9f97712d60ea297f5da9681d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a5c8f4fd43c5965d97114d521f49a4bd

SHA1
ccf4332bd334672f32c30ad082c7d6b96acc98a8

SHA256
b65d0f024e69beb501379a185c87aa547ef9c0a8c5cae25621ed4d6f1e02d962

SHA512
db451be79ff8fc3718e837d53195bcd275bfa989f70bfc8d6873d13a743b274c60576c40ae3f531bd874cef79a596ca2a8cde32987529255ccbde7b29069c144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
ef11edfc9487f6d1b9301fc5a3adb506

SHA1
01bd100f5ea6e514a5e08ef59e1a9b6df687276f

SHA256
daa907d03d4b76485f021eb8f42270298018c1b31347c05a7c559603c428ec22

SHA512
ab3d67761dd1134b81e972ccbfb954b3184c8b5d2c5a4ed385902938b15aa042b1b966d59fba53899f8b652d08bdb12c499c59f885de8e66df9fa85dd2b06c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5840bd.TMP

Filesize
203B

MD5
ce5fc2a3ea2a2c6f2b23267566f74831

SHA1
dd9e551c31cd47ce1cb00ea532a1a825cd2ab9d8

SHA256
510b766ec60033eda7793eb120616c18dc4a32d11777b309eb11402f9ad5d118

SHA512
b18970aca755be620899b3340861fcbce7751880506915c7f4c332f5cc8b6652072e9d084861888b8d8d644167c48c3b4afc150ef67c15e48903b31ef6ef6e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit