616eb3b6a0aadfe9162da3a2ffebaa0e13317ffb473e94f2267ace508276f49c

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dac5e88133823140b9e8d42b3817d977_JaffaCakes118.html
Size

147KB
MD5

dac5e88133823140b9e8d42b3817d977
SHA1

eefa66072cf91f245353251e1d0517192325c823
SHA256

616eb3b6a0aadfe9162da3a2ffebaa0e13317ffb473e94f2267ace508276f49c
SHA512

f1e967d1bef60257ac0afd05c127ec52a5186267463407cfeac32ecf43daec55d40c79d755537e6e8b0678518bc9e4456cb0148914cc70511db4101ef220d7ee
SSDEEP

3072:JjY2sYJ6rHfgaToXdYKlG2igQ5Um4kJUWFt9v2lDM7TKd1EU:J4oaTo42iAH1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
868	msedge.exe
868	msedge.exe
1704	identity_helper.exe
1704	identity_helper.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 1684	868	msedge.exe	83
PID 868 wrote to memory of 1684	868	msedge.exe	83
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3512	868	msedge.exe	84
PID 868 wrote to memory of 3752	868	msedge.exe	85
PID 868 wrote to memory of 3752	868	msedge.exe	85
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86
PID 868 wrote to memory of 3576	868	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dac5e88133823140b9e8d42b3817d977_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff849ee46f8,0x7ff849ee4708,0x7ff849ee4718
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1996 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8524572554510680245,13485885943759974951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
897a8f54f31b25d0470ac911ecd6938c

SHA1
f1751652fb52505d98e2b5cf44680a767134c6d7

SHA256
6eafbd0a9a1479a86af48429fd4a3cb81406ff63cea7461cee49e212c3145641

SHA512
f0db2ca981ad4c8515d2897aa4ef40ebd31b8f2518ad4b4853eafbf72f8c020b92e6f8f968aeb0625c61f2754754ecce12adddb478d9f20d469be741d04c15f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3f56b1a1e1fdef49f2769050a724cd4d

SHA1
9d4695965d68eb5b6e4a9fc3f5cfba3023dea433

SHA256
5075e302af7c07164229326dd37d7ab3f833bb43994b05d7055b4fe5fac3bade

SHA512
c5afdb26ce7a1ecc8c87d11d64dbe8905594e758d8a6f3ff847d86f8fc93318b9003c249945b9c2813b03c88de08436d0248516cc0d94ba01e3f1bf90c208ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9399d7abc4c1683265195dec8e387220

SHA1
46ac659b9df51054d9b6eb8d7cdae0fb34d077cf

SHA256
70365b559344d37750fe5fb16a7bb0cf45ebf83d17668a6327902b695594e8a1

SHA512
0622a45cf572fc4113a2b603e03448ea0ebb13e5b9fd78c2d297825edecd851b5887ecd2badaf4dba782a5e5ce449698178cd8a46cb4d50303bdd107f71b21ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2bd0b53cdb9012f9126440e1b378cb8a

SHA1
9cdf4e9c488423f9f07c6e79bfd2a60579da80c8

SHA256
7bb5645c039cb5840f015d77af9b9131de8a79b3be699873da8219350abbc1b1

SHA512
cd4bd0ee3a4bf4d138953a4a77d7fd5e1efc0b3f4548b3143a84129188e0663d18b4d38dcdd6deb59d1fe49e180231b5b91b338bbeece9cf8e4779fdab47575d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3416b728ffbfe5ac6a0f5663cb118690

SHA1
0f4d060420258d18ba22db068d502311afad0ee0

SHA256
58acfff85aec933f50d534542541d7c350c1baa4bc7e6b9295f3a8b6b9d3de67

SHA512
128c19958aa598c6a27e509fb95b481c2039b41aa6db19a7e2bcade3dd4f5296e20078dd754f2c5ee56732fbf39ee23fd06a5555182e84e8a69050d171ea1e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
43c4e79545834fb30705557f0511136d

SHA1
1359f4298f0f5f621e33dd8cf02f83b564d0c4a0

SHA256
48021812ab5f4868a72607f2c358c2a5a3517a32e0f7d1f54de3271fd0e1c517

SHA512
3791057b8c462f0b9cfef0b24422d7add73797d472adaba88b4aacfcb1b703e769d608ec40e07f0cf34b59fb0a6c92456ed6f6806449eef788637fb56e55d23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
453e3627d56086629d49914e3da82680

SHA1
45a4165997b760eec3f9275bf8dbe2b59cd326da

SHA256
98a8ac02c65c24abbbc4b4ad39893bb39ac863734d7b62fefe31f88b235485b2

SHA512
7acd5faf469fc63b73c40d2493cf6220f245bb5432853e235fd2000b0f13213f89eb9baae12477e8f5e15d6169aafb968e275d1a992f934776d3a5a2a2bd7130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
395387cb96b867d020ae3dceacbcc2ed

SHA1
0de3285544811ffe5e8aaceadab92e6acc610e30

SHA256
59ff302333c10186bc92ccf4690b6a8e3554dd15b6f9786634234cd527a39173

SHA512
4a180d9960244b778c8d940ee6e4c06e0511de343db566f94677473d600064eecc2ee5fe092068b9e38ac4eec678422d6293e4b109f5633af70d0b65510f090d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ad7707071b474014b72c0e8b4fa8f52c

SHA1
ac299c23031e07e221f918574b5932fb5ec1c92d

SHA256
96961b998442bf62c52a4591dc8c36ee290ff401547e42dd4702603086495150

SHA512
67a248b641f12ba6e01e69a6c9fbc5af65e94623efc691535cfca035284bd7006275ae3be2e19d841cb14bae3b7447c1614478807be6c927382a45327f5804bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
bf5145cfadc655566e8fd921b69b49e2

SHA1
bd5086dbfc0b5ef4cd3c594a15701340d6fcd201

SHA256
fff5d1ef1bec23828eef54bb42896f8d93392bcbeba68e4eefade00906f72c3d

SHA512
24713d14daf32ad765ff443b80e50ce902965031d98f1aeb9c607673417cc02224e3c7f0a5eb7f3c85d82e6a21119251ff4b477e91951a4f1cdb07105f27cfcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
1e44449c62ca4deddfef3babd857250b

SHA1
65088dae1da14bb55c2a5320e24f3ccf67f0c141

SHA256
964abc08315f61ff41f24f9fef30ba81c211acf67958405befd2f6ccec01305b

SHA512
c6585e3efb1a33b1160cc6bb88e7a0c1aa9358d1b6110d054137536bfe85726c7751e7ab1cd05e568b0c3bc0349df5e4257de5defc049da39de986ad8f61ea26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e53.TMP

Filesize
371B

MD5
eee743d32a39c2d7a66be129e0153a31

SHA1
75c9253637c31f0ee9fb18b09eb55a8547ce7097

SHA256
31b208f70789f8019d18fc6a49c2ddd9a65652b3579199717c6268043dfe34fd

SHA512
d610514a6ad1d8919562ac536370168db1ed0dd6e940e329df0229f952b5a1dca86804abe6ccf66d99c6cb9d846f10559a3038672db1afb7d4fc583e109078bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
28ee7f2f1fcbdb5b216ab8730ad4a835

SHA1
53b318f0b92e10ef4c4393e01e19552f7cf050bd

SHA256
8855b1b080affcdb168ea672808117a239dd3aeb03b593d7ae579bde34602c2e

SHA512
a75ca717a9212fa4f3271af35938eebc1c009ecbe65dc8dda9462e028bd2f02db1fa154a80a74557d1b5db8359816ffa33c0285b62015874cf28121f457723c2

Download Submit