7d85f68c1dc968e3f00b8c6adec45f1c3566ddd2fcee3648262490b30693a273

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e16f72deb1f3bd9f215e0fa70a3cbf83_JaffaCakes118.html
Size

94KB
MD5

e16f72deb1f3bd9f215e0fa70a3cbf83
SHA1

f995be72dde307029a599e6ee5666d353f98eea0
SHA256

7d85f68c1dc968e3f00b8c6adec45f1c3566ddd2fcee3648262490b30693a273
SHA512

fba754cdd2283cc323fd51688b21bdbcf73ca8afca46c7faf4dc8b505fbb7b038c8d25f253598d82c8878584859b66c39b396f0f0e0a0cf40fa788f33439d3e8
SSDEEP

768:xkdoMRyPgCw1YR7ngTko1zv8SFMskDRTx8agL2o7pqtW/9w69r1dv0lRS2hcx:xt5Pgp1YR7ngTkqnUcAeylRkx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
4668	msedge.exe
4668	msedge.exe
2316	identity_helper.exe
2316	identity_helper.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 2392	4668	msedge.exe	82
PID 4668 wrote to memory of 2392	4668	msedge.exe	82
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1448	4668	msedge.exe	83
PID 4668 wrote to memory of 1496	4668	msedge.exe	84
PID 4668 wrote to memory of 1496	4668	msedge.exe	84
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85
PID 4668 wrote to memory of 3800	4668	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e16f72deb1f3bd9f215e0fa70a3cbf83_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2300891019138087014,2313102951656120915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
61KB

MD5
eb08e853d18e6f3e095d18e4c97b73b0

SHA1
b889c9827ca009dcb3479fad26fbab3fb4137b6c

SHA256
97ab0b5f30a922505ff5be37aad0eefedacdd14b70d33f1357649ea5a9e212c0

SHA512
b968f81019b653083683be2e1858fe93c5f363cefb84b14f4a7e9c00f262183ce45e37a6f410a92663146d9ba07ffae6d71d39b659a0edad11959d7d773c7bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
102KB

MD5
4e3b6af6455d4d44be1c63a654bc5079

SHA1
ae1a035747a25df844cc71ac860a9f5ce7251a23

SHA256
384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6

SHA512
ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
127KB

MD5
c77f64c9719c3f0d0a3703f277fcb90d

SHA1
3fb2543751053a6dffefcefcfd0b41273ff60f6c

SHA256
dbfcdaab8ffd0ef1982d7bd4f4c735665857267a842d66516dd5b7563c859e34

SHA512
3ac1fd38f5538f074b5595112d6b3058e5b0faf1ec0d3974e3fbcc2dcfd631faedde99883bb8c946a91b666c4c40090535aa33baa6305b9367d26345d6b488a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b4300d1a2e24a12_0

Filesize
290B

MD5
aada85ebd8247def39c547a401d38333

SHA1
e6b02d5add420553cd75aea594687775943294b1

SHA256
787d799707cf329f97cb934ddca5f923fb734cff53f536d3d212eb4b14857c8d

SHA512
7e46604a24e55003980d5c2b25d41f0749a7b828e0187b7fffe20d4f97a4ec757c68e67fc424fa74032de8efc86230a7bc5fa59d3254521d06ef1f9d511488a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a22ddba48641638b_0

Filesize
19KB

MD5
e1dac693df6791ffa1600d1bf3f81b4b

SHA1
6c9ab09bc6c2720d3e3f27f4690a7df927aa8c25

SHA256
ff937b6ed71f282791b13d9fbf96db2c4d777b8cc2cb3f2943747673d59b4035

SHA512
47b1f9ecfcb01148986a0538ef56c0075c84956a7a203ce4220185c4edb87916fb1552258ce1a63fdb5dd894e5309a13b8f7f468dc76bbf2aef0100ce043a8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e710fe1cb6c16352_0

Filesize
437KB

MD5
fcef72185bb00e8001448f4fb7861317

SHA1
f19e9815d206e4fed64a6abb26a60c1435ad9563

SHA256
26e14ff5afb8af654b1eedbed26d56a18c19938a4517648de4773c7a2cc5d9cd

SHA512
7a2b22fdac769e49f680a9d085f693d9bcc7d462becb2e16eaadad1ac677241d59392d46dc2488fac03ed8e03a9a7cd2a4832780610bc81d004c2c3aab28e7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0ac9308cfa3012ba6bb3e8b0c33167bf

SHA1
c26d9ea7dc96bf9f385ad638928bce0b1bb0f38d

SHA256
8d3f8a7dd15695cb922e02e15d5443a2b7bdd4e596fedd6ad49c9d94e8178d9e

SHA512
3487a3bebd8182887bfd7eac9b8a79e9b1f0ca96bb55ee978e215028d0cc72ca87afba1b2f266c7b9f4ef7887a4722ef2a598d38b5805c2fdc20df36a2d54ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
acb57d19511b884e86bb85ef8abf3f2f

SHA1
e2ea7f726c7d2fbbff2a7a8742e6c38862f39300

SHA256
10dc393229d27bb4001b2914b2f9de1ede37f46a98dbe956b1c520157ce29ec0

SHA512
4343570a76c23cd4fc78db0e75e16faeb91776c458e9b5644022428970317b01f7bcac2e75f86e2d877a22cb8d9624a3ed4e39ae23c133e5bdd5da5bdcb94169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d5ddf519c138da4cbd6b665c49a2beae

SHA1
dbbadd7b2dd872f30c5129989490f7bba56ceb13

SHA256
81654f3dec33491aebd609fba8c29db69a03e9cb46133d84bce29051798ed123

SHA512
c827c3db4c13219c0e27695497acfb6de77c6458e570f810417c3c7820b328a4cba8c81db06e996dd9f3eda9cfc3a761ab74c8ba9d948c1aaffb089ce5752341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a14d877a1eb9e24681491d5998cfb519

SHA1
94d8dc99443952c719b780caf54552e23940a416

SHA256
9f6b508584633c711034bb0a184f603901328ffca170567a11cf94f2cbcc7ae3

SHA512
a8d2f772e65219a35243e3618adfdf2455f007b0ee9819f76f895e528d38009504119dd2aa799beba3fb7f3fae71b92a2d574ed7b9ef7316615f727a48af8c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
109f779c5a28a945689fafec8ac7a12a

SHA1
f0440b45255dc99814c2715ee687a3b7063ada88

SHA256
8703c062e549179fd6c80ff80732746771b26ab313cae7e47a055f1fe77dd1b7

SHA512
194645d78479bb4936f711435551bd6a763215c6c011c794927235627e1bde2152c9b35901c0090ffb2ed53799c9d1e6bd2ce522b0a9b66401fa91002591085c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b62484ce19760e69a61551c847e431c8

SHA1
9bf19ecc0fa1e394c8ba9ebdc7e8bf457e164877

SHA256
c3a7b66109cbfd060dcba16ed2f53683f228b034db1d17666e4d76c1c23a2a44

SHA512
f976e9ce50f2395f0e9c024be93db8840f139f9df19efa4639ed3abf74d443f9b31f0a9bcfb16f6c7ee60fb06a68ce005aa368dc5548ab959d202c5c7b4e5de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6785035665059cda4ffa128bce8e7767

SHA1
2e25e294c6596d121303a8d0e2e326fa3df9bfd7

SHA256
9441d1cc72c6d6b968686b013c53d29747306f3166db8da47ab337d87b6d2e11

SHA512
ce9ede833084b4e54b7ddf7256fcec05caac3b2ce402277527b13891689b601ad7b04fd385a87b7145aa7625b2a42bbedfe13b0308e27496bb92975988c5884b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e16579a2ffb4c0940b5da3eb94644e50

SHA1
128bcfb8700d11c48b5a312b0502ed1d0efb2ce9

SHA256
19a2fc176f6be9449ef91a52caf4de72a030fc4cf56a6ede458c8e18932b17e4

SHA512
03015114ff6d17bbf6c149eb64702b151c6399bd2f70234fc98e9106611ded6e8fa3ab95dcd791f0529b4c62ee42c82151448d10f69ad4dba4aff92bfbfa688f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5859b4.TMP

Filesize
203B

MD5
c5b292fe7fb4755c39507976a6ea63e6

SHA1
6c2a8c222fcc13ad68d45f75d01315031149132c

SHA256
19275df35e6be63bc1918306c17319dc6509e7da095d38d5c30a27a9bb4ccace

SHA512
5589eb32a22a98c98f46babff6c62500e9cc5311e55da380e82a33048a2b57214069747227385ab4802c3471289238ec8060ae9ae92a4efd37f592723eea58fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
86de226e1f9429ed28f09765d69dc54a

SHA1
1eef41ff990b465209a5ee45b5fa7470caf37f26

SHA256
6807a5bc385482117364803c767a3385e047d39312ad9b72bdf90833567f480d

SHA512
259f4842ad84b14d1c39f030e5d9638957329686b225368f4bab6b59fea407d9151ced48cf53d929f343791ee86e324bb08233d00a9370694e816d118997384f

Download Submit