232f9eeb5a64a1330de1caec851e2f310fcb426ac260426fcb81be0c28e54b3b

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3ad23a353bea22ca85a9b00c4a13192_JaffaCakes118.html
Size

166KB
MD5

d3ad23a353bea22ca85a9b00c4a13192
SHA1

69cebc59739ca1c515acd90a68e3b572fffb7fdf
SHA256

232f9eeb5a64a1330de1caec851e2f310fcb426ac260426fcb81be0c28e54b3b
SHA512

5d880d4a61b052eff8d3bc83d645695634e66b97d6bd37fb2487cefa87c14c9acb3a8946ee9ee64b9d7f7cfd1a8edde63d6e293f793162e83d06b59561bb7b76
SSDEEP

3072:qqrSkDZC05OZH4LNrVLRlJ7t8m5mbmr+Rvv0q9EySNm:qESkDZlV7I

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4804	msedge.exe
4804	msedge.exe
4664	identity_helper.exe
4664	identity_helper.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 2332	4804	msedge.exe	83
PID 4804 wrote to memory of 2332	4804	msedge.exe	83
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 5052	4804	msedge.exe	84
PID 4804 wrote to memory of 4432	4804	msedge.exe	85
PID 4804 wrote to memory of 4432	4804	msedge.exe	85
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86
PID 4804 wrote to memory of 1072	4804	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3ad23a353bea22ca85a9b00c4a13192_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e8a146f8,0x7ff8e8a14708,0x7ff8e8a14718
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7220 /prefetch:8
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16091959336173204005,7814967159017277624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
24KB

MD5
d1c8fc93e329cfdb4cef6b1363e40db2

SHA1
2d034d8d0056a8c1596714c7129fc31c74a2565c

SHA256
facc5d448f6e3267100a4c236f09aa98bea1cc3b19e2b2a0985501ca499c4ca2

SHA512
07434e4af30064d5f67158d10b704afccaa31f974ccaca5e76dc9f1b05d76106b44f124c3a94af93eb1b44a5aeaa70ebc33e0f9f904d1cd4c8386b281735d008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
a11418a49843bcdca6216005ca495446

SHA1
85041df5b5f5fda40e9c8d582d7d0b96b1889c78

SHA256
1474433460b5b4e87a07aab84989603c02332ac1e284a402b66ae3c5466cf0a1

SHA512
1c7d97c87fc5bba33c746b7e91935029d1016060e8a84d9705a79f057d67bb527474c6b5d3cc095474cc4a0aa7f71e66cb58ec223992d494c1725bec993202c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
eec15c43f24f65b144719a78cf070940

SHA1
b92359b286d923b1181190d1646c01151f2a6c91

SHA256
90f6ba260ad8adc590cd853161f0fd4e850b799799972fa6353620a664d7a196

SHA512
97097868b1ec179f9fb84066893216a2df9730857e84242b20757c7bba833697888386abc777557cce067499a60dde23f1d125481c8b683b4c37be4a1300ee00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
0315620afcb9773e9b40a15509a3511c

SHA1
254482a8e35359dbc9c0c1d7e10dcbf3eaa9a96c

SHA256
1080a1d5f8fd5bfac85e0bed6795ffda24c3d82ba9bfd8837cef40e6227c8c52

SHA512
7a8e6ac2c9e648867bd8419d2fcb5babed4e9711d91bb6958c90614c6d29c127909df3cf6a23d624a7399b4d464ff844e3b6a743f8ed4a06ef475c12db35fde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6427173d6b57bb5c0c6f1f03f270c8e3

SHA1
5784984ac42e39160e308842a6e6e88e5cdff60e

SHA256
32bb363f1a3f23805d9ba893798943f94be86440fc8a04469af9569ec4100f24

SHA512
64b058204ed44e03e8bb0d91539fe756c27478e19c43d71b5f4da874c0b73bb00410cc1ac21c61407a2bd4ee8e40fd67d2578a4b4941284af7a2e2ce67dea526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
95c4846f190b57e28b2fc22cfc7b64fa

SHA1
4bfd8fe188415767a4dd922f4ff89195b52a0250

SHA256
643171a04b2fc52ced051595a6c8344c9a1b11b3bc84e18b364a15db6862a4fd

SHA512
644ad4e8b0858650ba1cb8a51b5e298284537bf09acecd94ea94a2db183c3e44cf37f690b1d9b0b907662fc48bc8b3efe768ea0c4241668f088b0e513e17fbf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b488c064d1373314e64996780e9a95c1

SHA1
e02b5b82d03df058b8046c0b229ac4aac06e15af

SHA256
dc795b8af3c7af97d9653730b057f686dfdd5bd6d93dcb7799daf563b58be78d

SHA512
2a71d5698e24a23c2a1267b33b6107905768c9e562afe47997db6de58cc81ce3be20f25e0205f2c902e9694c699e5666c2993eb9e4e942278e20285d3c8925be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1fe0c4b2cb9b9e14f65b775b925db97f

SHA1
21f5d99940e568cf278c7a92b6b2d716dcb3cd42

SHA256
45b7de6d6b8ca6c4ddec4d60b73e6c17df560617b13faf39c8d04678a6873c1d

SHA512
df455725671d242219ff7531addee069a38ee79a19a52d9e6664f4e88b7b06a5955547a8c627ac7dec19aa4bccad088c9c06f5d45ab92ee41fc6f8bae85af1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6aabfa3c9153afdfd38e6fe7f01ccf14

SHA1
5ac66e023995d233ed60994164326276b0bf2396

SHA256
c9761833175196faa4d70e6f06b4d85de24136da438f0b0bb16e4e9f6aee8289

SHA512
714d8f649f063f1919d81a066858bdc329e9f2ef531d94c810b113eebbaaf94673a7bf216687104a61257cb92affb3e48e78641be6aa6df8f413b2e40a20b56c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f3bd48da04880c93430652221be67f2

SHA1
5fc1d81c3caaa0bc755f1975acc5ec7cfe14963f

SHA256
6d8d3265b7c4337cceb243111ef954f2da1ab238d9c00c24e6c7e1ce8a4f1e86

SHA512
c57bafbca7deb15e40799c9cfddabfa385455633e0f7471043ebef74f7387763a5f422117fa3726bf49f5524111cbc7f2e9b105a94833cff8d8368ca7e4407fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e36017c7dda239406f1029356995805

SHA1
2444498657cd57dd4db7fa6921406e5b4e38c556

SHA256
964b228baff8259f3c0784eefb03df0ecc25cec3c142c75cedf1845ad2a9a408

SHA512
26daa9b83f2793cb5ac62cc8d24d69de0d974548a995f2ede08b73e356645d4c9b98ef128d7bf4b97a208d3ac825cb7d2ef81e30efe59aa51a46e0e7aa15659e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a7b5be22d59add5f1a4b37885ddf97e

SHA1
60faa42aa9bff8c059b584ee576a0a6275f5195b

SHA256
97c67eb1767c606d0d61a8a09f2db0d14522d8e8d08ad3d12c41299cf73bca11

SHA512
b553dcf13ee37bf50f66cd7d71a057f9265d533bb71292d4bd89212c2960f7f4ca082fe0aecaa84f45de4ac7ebebb09c050286e28e1e6ba5e1560de8d95a6574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586b96.TMP

Filesize
873B

MD5
1efbf6309beb5091bb5cdd3e8650a9c1

SHA1
e895a2739fc74adc1258a59dafd4e1d28b1df15f

SHA256
59c520b3e7f0a3a8a321a4043b5f49a62621a3176ad63ee9df9f14a60367cdea

SHA512
ed7ada4ba31c8be2d7d9579acc3fe9955cd7b5f3136f6ee4ccca8e0cb2918f324904d127583f6a0e95d8d5051dbd63086397b390fb504d2c8cc03dd61f951b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
77135f921d05154bce2625adb67fca24

SHA1
796d8100bb47594defce4ebf82a1f58028a0f805

SHA256
3a4427f7444faa50641fcabca911c8008b835974e7f3b1a585e6a79b05a8fd8a

SHA512
c1fb211680c14e4a243b36fb9aa10d748513a4109a568c5358a9bdeca51fa6d821ec85953896d73c7991f290261ea6b4a16a22dcfa474007c54534b9181f7ca1

Download Submit