dc07c531289851e945cc0cad659630fa170818334f4dace1cf8084eec66c96f1

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b6ca4996e4c194f819d9943bc53e479_JaffaCakes118.html
Size

318KB
MD5

6b6ca4996e4c194f819d9943bc53e479
SHA1

282b4f8375f14a0e4e6ccfd96ee0b6fc48b37768
SHA256

dc07c531289851e945cc0cad659630fa170818334f4dace1cf8084eec66c96f1
SHA512

aacceded1f8af90288013f64e1567d63121a881a581e2fa5a9857e535235e9b3d94e4482f52c6b8a234bc637fbbf875302d0a31a7a7535d881d301ae13874824
SSDEEP

3072:FeO3IVG9yRx5v3x4ul5LpQ3DMreiEvl7fklz4:+l5LC3DMqiu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
1956	msedge.exe
1956	msedge.exe
2168	identity_helper.exe
2168	identity_helper.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 448	1956	msedge.exe	83
PID 1956 wrote to memory of 448	1956	msedge.exe	83
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 672	1956	msedge.exe	84
PID 1956 wrote to memory of 924	1956	msedge.exe	85
PID 1956 wrote to memory of 924	1956	msedge.exe	85
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86
PID 1956 wrote to memory of 1204	1956	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b6ca4996e4c194f819d9943bc53e479_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9584f46f8,0x7ff9584f4708,0x7ff9584f4718
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2376 /prefetch:2
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6484110199203039158,6801744864910303994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
34KB

MD5
4d6cb8af2405bb0519368efd221e3b03

SHA1
21532ed45d2c481e878b194ac30129f8c8b0f853

SHA256
175459d07b5ee100b36343cb374a02ac5f167d8511d0b17e216e05d98b9a8ea2

SHA512
b7218ac0f6f5b27f19b9a7db94ff2502eeff6627fa8265dd5c72513450b66d59cb34a0c08d33d194dbdea9868a13f213dcde07f01d90867e47a558d774f5a151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
e556d8efea637ed12f7ba2b9530cbb05

SHA1
f1b4ce2ca8a216dd1538f4a5ef8d4365d48040b3

SHA256
ace8f0058a90b890075418343ce3c8ffb63c266d70c52bbb878e2878571dadb6

SHA512
de44746a782cee53b2288d3672a66cc542c75f2f9bfbdaf9fa1874b450acd9b5e5e3a3d912f73ad200828e7f136e43587aa15b1dda08f82854eee42b580da560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
102KB

MD5
b079cc62b193d6e1bf1e01b38d5c4532

SHA1
7adc378c2e21c5e38a74d49a031c10c4b1ca342f

SHA256
10611c8afb499e9d05ad2d0a27eb40d111159ff86b240dc3000fe7d09ab7e9fa

SHA512
37ba668ac3234f9cc2564e74728b705c44888a986dda8aacff87996e4a9e3fd774e80cb0cbf6e92497b3c500e88991127bd637a5b966aa288284fa87eb972024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
152KB

MD5
174c8b05d20820ca82c12ee9404b97a4

SHA1
4cc4e2e34eccb585ed8efd58459dfae892eb78ad

SHA256
0bea9657e8824d0381cf8d8d61971d4551a9b2c6aabe6ac6ba5125255082fdea

SHA512
244cccf4999053843f245730696aeeb38e2c49d5e23c025ab2796e1eefa23d5b487d1d62384d3b54d908a1df87c597fd9d8f474a23b4adb68eb8e37d6385df1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2e9920a12331694222d028dcd9231b47

SHA1
d86963a687b05869bef67ddd267f8a9ec257d754

SHA256
c1907ef92f4f0939d43c6472a0f9a923f714ec10129f1da11366f82680cbeb1f

SHA512
9977fc6d9b28558b4c62020d0b2c7cc33a4734fe03329cb13fe1cd60b7ca1e5b2eda5e3583e7598eb922d59cd4f15c0363f7664ffd0848ee4afe60e342361a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e5c5ce2cf7803816ccacdb46a7e512ac

SHA1
a5f8d9e91240075b9e0008b063eccbf149b9da40

SHA256
0ebd4c32bedc0157c8ee1ccd6c0df1a103e388777d30c3488014a3a98e4d2ce8

SHA512
802bab0eece2599abb7bf9134e41ac7562df894f8dca75f569b41df8805802268c1b5dfc5676f52a9c9d3bf814dae5ffd801a11e51183a6b6b06b4a4fcf95bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8c0b445eac852dad84601a743f6ebc54

SHA1
e4f082b0aa4aa2884aaf73d4265de5ac9a7d1265

SHA256
cf7fad23aee238402df46c4b45eb3a3d25d587cdb9bba44e6755d895303f2490

SHA512
ad314d5d5fd83b4424eb162a0f17766301cfa714bacb6819a32aa9785cd5d6443d56f2f09850e16858e4084cb5ddb5ca2f60cae5c348e1c03961cb18f63d04eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
202c8ab6d92158c48e1ffabf0d044ddf

SHA1
8ac0ad23326f3d28f4c97341b2c96dab5ae5e9fd

SHA256
b35a26e7c98cff1a12cb5fd3cc17bf98b7c994b57cadaba27c42fae3a3bb21b1

SHA512
7a56fa98db0abcb3d33205ae89f2c9b46230c92f755bbce26100d83fce5ecd49672a9a8b10d19c61d91610507f662f621aa9e599d1985acb5f9c1771a556869f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3dd1c5b269ae3af72f5c0cd47739e98

SHA1
f41d79be13264a17bbc61dab97c542b4a920cfc3

SHA256
1d65306dbd2d9886e5ed490cdfc1557d6a30876696648c6581c51d675c9b3b1e

SHA512
e0f2690d446055bd881a4ec18902f1157cf25067948fb0eae08e0ff5e596afdf882caf678f36f2637059636f023663759d557ff1345005462be8652893da69da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc6951f8a203beb6993555a9ceb1392d

SHA1
e34559411d0af4ffb70d03f6e6d31d40af88d305

SHA256
411a040014153a7a084a68411966acac2ec47d4d0edbd7ff0f727ca1fdde28bc

SHA512
aa1528d7578cc7a260b5ba4f78cc570502387f5a50ba7e9b23e85d83921a0b69bb23fedd557157aa5f82352d91f48315db9a8dc825497008b4f9657f3a27f6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3dbbe208a12dc72d46c9399dd5e93af0

SHA1
e00f3fa56ce3a86d04a553fce6b25db52b52ca46

SHA256
17200f145b799257f5c170f506764d6dfac09ac809cb58ee3f1be2a424a25702

SHA512
13d55b7dda6d94ea4b8fe062964714e27921a0d945985e0c4dea286f5dad5596ae6cf88af180fdc9c880bf7d10a63ff75f464f82c14cd31cb5eb13fd92a7f366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a33c2c0c37adfb12da539676b2294c79

SHA1
370734d299a26a27b7325e6aee0f94b0ef3c7bcd

SHA256
40c69cbf6e120cb3c8584f9ba23a081bcb691b87dda2da7c78c5140b8abddd9c

SHA512
0640690aa373afd88dfdd2b13627c3c42030f84392ee6ee2995e159d136cd307bc6c9a5cd55f8358c1a8eac97c0635d84c135e6404e4a879d21efc82e09c977f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
deed606bf8b279a91ee298c3ea3c4609

SHA1
77c23f126fd246dc32de2232f7d76dc3f547c2d5

SHA256
5b60a7a2353bc00d8b5e2f27fa61c414a36cec4992b3c71a907a646187839145

SHA512
382c90027191612a78286a6d6579b78aeeb2c47a8739f27123a226325dfcaf17579b7ab23f592491e2f2282c05266bed1e7432f5f019948819e6f17d44b97d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
fecb19f189588591a9dc100517b2ecfa

SHA1
579d3e021f943da791f838ea9c90da7dac13b040

SHA256
624058c84b01597a612cebd1451369ad1324a73b82414462e29953abc1c06990

SHA512
3a22f135ee49af43d4e17a7e8ade1a95688728f68df19a50346283f2095a33edc4f30a1bb3ecd7ae648fe15111f534391e47e9bd547d9143e43a8f5e28013b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a5d22f12661255b3c6c101bf584641a0

SHA1
528dadc3f79667a566012d9fd3995daacbd22a05

SHA256
6a5d83e5f60913c938bc09f046c34dce6468a7613d16a6e6edc0cea30ba0b03c

SHA512
ed0eb7784fd8d181e3e65460da74c9e3d48badaf71ebddd46354f6083489794810916470b79b209ffb62c83f0cc6e3f49b91ff3f53d16be3896e74a0384eb657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f409df737a4ca785c0b82e06919bc951

SHA1
c3f0caf60e8f281dda00636725533cdfc241ca35

SHA256
e3a981cb262af07a34463d1f9ea18d6ad06d09090ec4b2539de6fa0698a44787

SHA512
672b8351ed94a2c5caf0bc50d9c2948fe60bdefa37af8bd44fa8c381d5e6fec07b810ea01393f0e6629084ef034c8766c348dcf674f960fc7121e6098285e984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e70.TMP

Filesize
371B

MD5
a0d9f2ec9511d120762ca96cd42539f0

SHA1
117b2baeaf8b36eb32653604ab77db956f873eb2

SHA256
7443e11ad31feb979f2be46a2d1e4cec04e19c052693870fb72986a0c4967d53

SHA512
e620438011618ec43f16f00b2dade7dd4f7b4921863a0507e2da311c7c8b148f11d9a2239d5d3e4c220129c0dcb4e559e22cda3c14e429efdd5f4cafcdd59b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2dcd520-ae68-47cc-89aa-b1fbc6168dc0.tmp

Filesize
6KB

MD5
0cf02d8f5d08a0169728e05e2654ff8f

SHA1
110422a768a61efe7214393dd5b9a6da272bf05f

SHA256
855253f5554e72c79e2cad5a18bd2cd523ee3a5968a3e8c89056e2c05222c36b

SHA512
dc20827ab65f6cc59f820514b27673eee40d5f4fd2be211e4e2f448a9d1d5791b2caddcaf6a521652a0e7ce807ae02d18e7cb002441556f7d5d52e05aed16589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1408e820aab551a9f77509e327b8348f

SHA1
b4838a89523b54aade2b70c9e79a929ff4ba86d9

SHA256
c0b110f33bf6134806f6ef4f092f35123b7e43428c0a02d04afe96889e685c16

SHA512
54a5cd07f76c296a830123f1f1faa6162103799768713646663f37e407fcc55ea6b12b4b6e86c0d82eb0f16cdf602283359e5ee6476bff362480d40530ca9f8b

Download Submit