55b644fd067e7b7e015d5e95ed1d3cabe46a1839c74e46f66bc8f2a7ab205cdc

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8628a81b47ef0af2fe50145593ca38da_JaffaCakes118.html
Size

260KB
MD5

8628a81b47ef0af2fe50145593ca38da
SHA1

e01054cef9ccf7a063bf98823e9d76e560a42c7c
SHA256

55b644fd067e7b7e015d5e95ed1d3cabe46a1839c74e46f66bc8f2a7ab205cdc
SHA512

be23d3d9b355682ada4d46e98c5fa3d612875054a3736b372ddb895a819ded6d3f4f2b8aa0355dad570b5720fe9dcf09ee7d4f2129324b4a120e0073f6764577
SSDEEP

6144:6rGyJAcAyeAcXpNmNgnWTq1vHSNL1UZZWxudysuGONGIw:LyJAcAyeAcXp0Nzq1vHSNeZZW4dyRNGv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
1980	msedge.exe
1980	msedge.exe
3720	identity_helper.exe
3720	identity_helper.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 3216	1980	msedge.exe	84
PID 1980 wrote to memory of 3216	1980	msedge.exe	84
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 4136	1980	msedge.exe	85
PID 1980 wrote to memory of 736	1980	msedge.exe	86
PID 1980 wrote to memory of 736	1980	msedge.exe	86
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87
PID 1980 wrote to memory of 1360	1980	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8628a81b47ef0af2fe50145593ca38da_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6cbf46f8,0x7ffb6cbf4708,0x7ffb6cbf4718
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12111665483324848960,11824365566941286135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3043379b-e12d-4a1e-982f-46b32922d418.tmp

Filesize
10KB

MD5
2a7db983a6d8fe77733662bb34d948a6

SHA1
2eb153f5b28140f976d221561312dc54db731a30

SHA256
744b71b040c11959df33d76a069ca12e765076ef66ecf400c020abe6f4b45d99

SHA512
e63fb889a6869934f2ff9eb2c432781dc3ff1db5348689a2d555ec051a887b9a485665bf8816c558aa0c867f3ccd303e80b2e3903443e98eede5211d38f73691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
135KB

MD5
cb98a2420cd89f7b7b25807f75543061

SHA1
b9bc2a7430debbe52bce03aa3c7916bedfd12e44

SHA256
bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

SHA512
49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b85b30a1b9909fb17257e32d78cb1dc3

SHA1
a84e66d7b566edb33d5856036d3afccaa05dc27b

SHA256
04b869f78d7d7ac4140cc2038448ac2c3b8863846321ac3e750b3fd59d6f0a70

SHA512
6b55a19676d897a244099dcf40bd52f6fc9427755772b5700d6137253cc680166b7b15adc2753683f2f7a1dc81134a41f91bf0316111180401c869cde264e0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f7393dcabd0ac529d841dc6764236713

SHA1
080c0974e7afeca8bfb8dd5b44c2650b10311131

SHA256
82038f65245a3c188b0eedc66ede628209426c23ce9eb9dfc2c95be92fe2407a

SHA512
c39fd726583e22a184adb7cc48c88bcf572c447a993c66df70edf8e31d9c15795dd39a4d06423abc27544734388f59fe795e9cf33d64108248eac1de0f39c396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
66500e04ab8a943e538733d82c8487af

SHA1
a2da8dc84b935a38fd481e3b9584930173bb5947

SHA256
c83545b87efe9ccbfc8748ad8d4ef24eb18e6807831d1b9a9f32468063e65d93

SHA512
c86c2ea9e779e796c93314f9a511b9fe75f06f151a69d7bc981552a0ca303d050c636d541fa70e4a837a5b0be2a215732e3bc64352f942a1061c6d901f337482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
90d58dfc41c5e892224ea60ae1364bf1

SHA1
fc452ea0350b8bb2b8cfb0fdb2e5b6ca9b630184

SHA256
92425f65c1dbc7b42cb308d9e2155cc97c0195a7a15072632e336799e2fe04fa

SHA512
c71bed06471bb6f25daa4568c40fa3397723f83a814af9e65247166915b0b94a29f3c51fc4ff1ad277e2da4e9deeee3ba76055270aee32244d7816d64956bc62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abfe408df372289c0587d221120e1b92

SHA1
526242765d17848ff03575beb498889efc976be7

SHA256
acb6ba641c2b8308e410b920994e546a354b64f97bc31e1f01616807c15250a0

SHA512
098f9072b8e1952edd062f952c2204b999a0ee2327f15ca9734c720648afbe5dbf567708623c87c0a17cddeaed5f0d7f06149a447dad1630c2c609c3cc0dc740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba17116c7cf06f2bc066d755c32eee2c

SHA1
3bbbfb311651a26f0f532f0aeae6f9e67dc9b096

SHA256
9ab180e0320963111fcd928ac43eff653816d99367d5fd479640d326d419e8a3

SHA512
0850f2f97914cdce7d22787a985e68f549604086ca3bceb1f0d4fa983982bec0c05bcb40eb03df1de6aada5c6dfeccb74a715422981d655a3a8594e46525e6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
858995564819cbf6359c956692da055a

SHA1
759cccce417dd8cb343383797c098791368afc1a

SHA256
2841d6bf6d3b45f7ad8c9ad010642224c0d76b2df321a1688931699e97cf0fbf

SHA512
0e5afa89060e455b58d7936f0c1c71b43d959c4f5ee5294976cd6f6e115afdc1fa2ef95f4fb80f510358a23c47fa49a21c9e6de3d6b9aff1a0eb32d74c511cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
179edb6f35e4304e6c14f1f140acc061

SHA1
26a3c946262096743543dad229e73cee80f67af4

SHA256
b86571d0ad7cf3ce5d60c25bdf999b03856b402ef14bfe55f9d7f94e447cd954

SHA512
66940b05f1680410561b4ca5de5b2b56e2af2f4a9e047cfe3235d120102ab972397dbd5933f07e8d572ec773c7eebb8183da02862ba515fd461079fb3868528b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0d16db54f13ee30df24cfb2a512501e2

SHA1
a172d65e4429cae6601d22eb17a9c8e3c58d2a44

SHA256
c887334d71d013f3972ffe4676baefdf794a884535ebfce50d0180421f46983b

SHA512
b1070a74b4869d10eab3f476c6e68c75ac6eedb7c21400e38064f86c5e2739382e7c409247328341a9fe78fdf1cd85313a8901d86f9bfb9b08d3fa5987bea316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbc49bb4de51d13fe45a92d50acd9789

SHA1
1541c7a1ce422c7afccc2d54948b590ef13585ca

SHA256
9c44fcc559644ba6bfde6b4e53ef7b9fa956a18c781546e796a899bc787b1907

SHA512
bdbde6f70095454fe4910ac8ef007098c46f4131342b93559dcaaf2de2ff10a9d41a96de4a9d37684311390bf3fcea50f55c6a847ca058720c14bb61fd9139f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580887.TMP

Filesize
1KB

MD5
69c05f5b967f5fecd7bd74d445b5f838

SHA1
87d4942097b787a00328cf6d8e3f06ef2c86bc37

SHA256
64f84b7bb18f8e735874eab67c2567e2452bfaf30e81c896eb099d98008d5f1f

SHA512
1586b99ea16b4bdf5de2dc4f1c7014ebe231ead53e19e8432b4ab90ca9147e06091b6d4709b5cc782e0c1899bc1b5682052b530326f2393305caeb5a5fcdadc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit