a3a10e814422356657878cf584f6afefd580697471fad910ef74c044f8fe9110

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de4e7c51ed055803af92dff924debf0f_JaffaCakes118.html
Size

60KB
MD5

de4e7c51ed055803af92dff924debf0f
SHA1

04e46f904695314e4e400f792dbbd462684864e0
SHA256

a3a10e814422356657878cf584f6afefd580697471fad910ef74c044f8fe9110
SHA512

2b7820581464809500c8f362eb3ee589a6305c11730591874969e9c3b3c83a46af79d8a38da118c60cb4f2584432e0faf89d82ad4773fbc0509dd3e16a39a7cb
SSDEEP

1536:Kwgr8VkeO3S+GzFayYhIcvZf2koaaS6cgRrb01VDA:ueO3S+GkyYhIcokoP501VDA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
3764	msedge.exe
3764	msedge.exe
2428	identity_helper.exe
2428	identity_helper.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 4152	3764	msedge.exe	83
PID 3764 wrote to memory of 4152	3764	msedge.exe	83
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 2240	3764	msedge.exe	85
PID 3764 wrote to memory of 4368	3764	msedge.exe	86
PID 3764 wrote to memory of 4368	3764	msedge.exe	86
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87
PID 3764 wrote to memory of 728	3764	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de4e7c51ed055803af92dff924debf0f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c0a46f8,0x7ffd9c0a4708,0x7ffd9c0a4718
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12407030315085363040,16300055762865240958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
d0007015af7e55b5874b6f7711e9ab67

SHA1
fd514e45401ab3c27d2fded42f34024260086150

SHA256
95c98d45b7481d60c8078e04973ca86a67833927fac958ed6d8c28593454aef3

SHA512
375ea404a1c847f5b5e10803277d6a54fcf22ffdde3f41a06efbf4732858d749488b7ac67ffd9461a3d0b7bfd8f18ad465946cd4123c54383a410db6e699a6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
56KB

MD5
1affe2accd04b9ca38eaec2c1a4962ba

SHA1
2d019f5944691fd31d407338eb124ca54beb4686

SHA256
52cff69204aba9de35b3e7eadc3bdc3caca4017eeb9b71ace20488ba6d8752d6

SHA512
93061407f3778fd9eacfefdfb6291b8544630aeb09fbcedec333a039eda460877523370f4154b6c91a5cfd97d6096727e0be3ae9e04c582dbf9095674d161859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
33KB

MD5
0a2ed8f111be85af12614299f7e3a184

SHA1
6c57a4fd5f9d1ea9296ff656667617b088316421

SHA256
1fc85f0c48bc7a2cbab61140ad4bdabbbc38f9b83d9106eb9a833df12fb6ce1b

SHA512
30ffca5d57448f36a93eb39f5c5f1f9840080e8b642bdaf0b259a65f42f7847f2f04965c8261d221a794488b91b3fbd744cf612b8e21a40e2a9c806aec8ef0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
e4b6d2411d1fd5fff092e365cde70a3c

SHA1
10e1ada9a4d09ca9f3b1224463161e39aff3b6b5

SHA256
848b866fe78ae23ba8487b1eaa6dfb273e682a6b9be0474049522fa9be70eb85

SHA512
af514fdd71e9b6ab3099cb8f9e78463e26d7656c7ec0d04a0f4b1986acb0392584aa52fe3d70e77cd6eb5755d3a1980095716e2b9469b3837d15273c5e0feb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0af3f93ce43f9dd6fec09af03a35d0f8

SHA1
d51921f70938e6641152cd68caa53c70ba238e8a

SHA256
6a08e9db1d90eb65d05ba1775fc6f24a8d8eb164558dc43532e2b1a13fae56c3

SHA512
eb0e0e49a1cb73a419738d41a39a647851abef05ec379358f56b165e9724a56b5fa577f4864bebf3c7686df1bdfe2b087c8e45795721b365c4be9a394515fc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
87279d594e51100ce43dfde0c04b526c

SHA1
0a290da7fad2b175972fc49a524638103162c5d5

SHA256
62928dfe59de3c14007b9d65f0af626b1337aae7c19849271a58e1f9ae68729b

SHA512
272077438ce7324284b13a9325ba0b50481cc63cc647cc294dcadddecf732acd9189a7fefdcf4ee0567a735ea335c45ea97690317f90b689d011ee6dbb7206a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
975ebac8ebc35bbfb659a0a72540d470

SHA1
ae3dc303b34373b513b2d0ebaf3d2f5763d6f8fb

SHA256
d2230296ee555e868244e71048ecda0c8fd524a6a24a489e18e372fafff23100

SHA512
48d89819f42f151c24f1c7d7863eca18eca16a8ea1048e2e68dd760a258721e99abb5d8e9335e7d9f4a861db7520a11bb6cced465848862c53d03fc9344669a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e05b14912c3d45b15da421491a21cb1

SHA1
dcd165ffb2a487385cb65dc2032f17481c49940f

SHA256
7621c55f5fbdbecc3de3dfeecaecb4611abcedc41b8c3451beb060f134ab1ff3

SHA512
fbc564fcc479dee62698bc99c1e5ff76cbf3805f5860317c8e38122a27210520bd0546f62be19667b4584aa825c88bd9048768b31e40761099b21490eb50be22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39116aca0f6efd29c909257d23f359fb

SHA1
50544f22e8dd4a26145267c5b909b8c84757c878

SHA256
1fca09fde97bcc67dfd26d05eb9f50f47447a28c36620064d0055d463c4457b6

SHA512
e6a48c7da14e57bc011314522267a416c9b82b72f7172ca03b9de89d44555db2df690d3ade2f78c8d2dc8fb590fd091cde7f7219dd8ee565a296c6b1fb43bc30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e664a4408a3fc64a80eb52a996a448c8

SHA1
79f49390447a1562d43a528a13a98835686fce70

SHA256
68a2cc093cf0e1d9332bcca01b94d0a4983a7e3633c741511e072233b9e01d92

SHA512
31ca157c5c2edf5e5d8060dc432dc31cb3b35f3e696b4eb013a9314a45770ff013faa55956267cd7fe44ee1e7e753b7b714d237a9415fb3348214fe1f31efceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5910dbcbf900d382df6bd4cc3e99cb8a

SHA1
c7ff689de91be0358a6bf4c1d91325266d336e38

SHA256
c18e0171bb10876d81f29ce9c87442460d6517ad35f5a1968633bbf133a1aa9f

SHA512
a9da111aa220e313c60ad5c5c1d7a9e23e2c40000ea1460e762e884d161371127afb9ffc897cb13d2bd472714b7c4dd120cdcd8f6856feccaaf0de43a4cf16a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f9f75b03c381f47123da837bb03a2004

SHA1
070b551203e6c54e6e69531fa30074c51a50b6ea

SHA256
93557edd74e6de2745065b064fbc167579d7c1be955bb74f408cd5b0d418171e

SHA512
c68811983888a9ad53365ac8d4463a52f56b5abaf2dd31b60c3167dc28664ad17c538f9d2494117bff7cf87b4afe956e507b461519d1879c7d6cba3e7d638391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a54fc83532043cb1647e9f70e5ee9ec

SHA1
c98d66513139ae8ba2cfa37893e8ee200f2056cc

SHA256
667fae0ed0b24441714cc72acd6591266f8c061edca6e6426738494d1a15fb8a

SHA512
2c3f998bf744454b0b84e6834c3686258837059f357e4cfb966ce05df62dfbb59ff5f6cc46c398b8d5734845ed5523f8c98d8e48e50b7d0df260d8f6afd89f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e48b9777fd08b59b76c15cf0256a538

SHA1
98c9d850415c5940d8abfd7d0eeab4a1c28eaca2

SHA256
8afec686c1b8258725f82f917bbd19ff073ab27aa6976a44d98295d3938c527f

SHA512
10adb6383e672453a6779b4f94c11fe77fab70c42629f17915c3871e58d57a3219b57e1314a544096b6f4b41f97938d9c5eff727c52a00804f85d0df1f6fbd10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a5e3d7263bed8eb2355b5d39030352fe

SHA1
3cc0a18cd11ae94d02208214e72f63c8242885f9

SHA256
2b7e21e240193b965c21693dec39df455a4ffddd00ed95d39a5840d2cab12c59

SHA512
c62763a12e029856a5bf47bd56c91232c227607861e4fcdd266736055deffb68fb7723aad3d43acbd8db2afd99275bc120ccadc05511be34cf4580ac2cabe26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
75d9fa746a39527e64f49371c60ec863

SHA1
6b3b82f85479c9dffb7bc70c0fc4458bff6ece1a

SHA256
5138c71d316f8a5fd52f102657ef6a6b0f1609bfc14eef3255a84b747b3710f0

SHA512
7d5056bd14f6dde5a71c4c2f6508622f786ee4a13a891d9b0b89fc6ff69202e42d93a880b53131a558b4a2de62c82bcac79510036e1339a50e2e9f3f7dbd2fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587692.TMP

Filesize
371B

MD5
7c61bd7da5d1136d3a85737a0e7be23f

SHA1
db26db81dcc9205c447c5b6109be34d8d908c195

SHA256
3e43f5ed718e74dcb883f7f34fc881b1f42a7fae59065dc66e6ee61601f94192

SHA512
fb18923c254270b6bd21724f6a15fa97b36c9c909608083fa25f4ae0d879728320daba78f5abb47bcba64a360ba550a46910d52d896f24c41e3775abd5627b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
59adc0edba4bfc15a912c8cbace69cf7

SHA1
6d5e0746168b987f586d9d7a79a36dca7ccc9322

SHA256
3c0bb98eabac3652c13930f3b157e9c6fac58a9e8165d3b518eba2334381f1c7

SHA512
e983e952c2eff9b84b0f4b3971c2574afa8ab6121390e10a2cf0549f134fa88f48e70bf5bf28816f9e806b0f43809b401c4aa12b601b95d3f5b7685811302aa7

Download Submit