376c838250b58d7d80df9966e54f7edb10e09776a6067a872e1fe32043126b41

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 06:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eabf0912baec5f33bf1d7103519150ac_JaffaCakes118.html
Size

103KB
MD5

eabf0912baec5f33bf1d7103519150ac
SHA1

55249a66e1d25ca749bc6b1207272e3f55259740
SHA256

376c838250b58d7d80df9966e54f7edb10e09776a6067a872e1fe32043126b41
SHA512

7d4ee6a9243c7cca097d94ad58663552c3080c668395410fbb33f6a53e43c577742581f2b522e920b04805aa956761cfb13b60beb07cf560c1a9cd57c086d9f1
SSDEEP

1536:IaOPblvgtZEe3+us/CthZHjwh+aCsGON6Rd31R5MghZ7AIZvJcrdc:L33+uSCbZDrazGln37ZRcrdc

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
54	sites.google.com
59	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
1464	msedge.exe
1464	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
1760	identity_helper.exe
1760	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 4612	1464	msedge.exe	82
PID 1464 wrote to memory of 4612	1464	msedge.exe	82
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 4628	1464	msedge.exe	83
PID 1464 wrote to memory of 3480	1464	msedge.exe	84
PID 1464 wrote to memory of 3480	1464	msedge.exe	84
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85
PID 1464 wrote to memory of 1252	1464	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eabf0912baec5f33bf1d7103519150ac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3b0a46f8,0x7fff3b0a4708,0x7fff3b0a4718
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8044 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13184121893092974281,6248803640382492176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
  2⤵
  PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e2bc73bd23765ddb69434d4f9bcccf3d

SHA1
d8705d50bd2f921358e138db0852297703542c1c

SHA256
61426ab3a83172c84cd0e4a1b6184a6a294c2f35aa1520647bbb97497a94607b

SHA512
a767e38c0dcce10d2b06a6799ce903422604585a487847a631bba14958289e1c7e6452d6bed657063b372b6647206547b994a0ddd7571d92789e235590f67045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
04a4a897a9e87f8a96ac604e4a5cc05c

SHA1
65552f6412e4c75ce078ab202910165ec19d8ffd

SHA256
7277f347ea7ecb84ba2567b5364e3e6f0ff48e98f4dab0c800e9d54f0c1e205d

SHA512
20cf93789686457eaa83b98d8460adef517297168edb148edd2ffda7bf398a2688d79117c99e3f538dde996523828a37c71abd5b082cbc97bf65287f5828c068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e78e040e6d556af655bf09a6df0f5615

SHA1
97a1126cbfc377b37ffc897a8823a665345278df

SHA256
95d60317711db1b87308ed59a4a72d44856c5c00dde5467e903b177ec565f628

SHA512
aaeb38722aa9f76cc23c4c602d072a9b9976df3f245b284c444292e3b32716dede47d26213716867fe288d2d7d4e068cf58e1c9d7b17f4af71166d7d6b9570d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a86ad8aebfdb830a88cc0fafc8a28ed9

SHA1
47af15681e1b7aff15d1e547a7a0bc8b31f5ab09

SHA256
17c163e9c22e19521be69163d29124d3a2bba48d24555a38e515135662ce3aff

SHA512
02ac2fa0b97db556f80226dd628b0a091ab2707c1520b30607fdf7b70d9a20ab2ce2e6d0f614b0c74ec0b8b7c8006b0d2b1644327f22158f5ebca99c6baee7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7546083f3eefb39d838efe97e46829bb

SHA1
924feb5910f96e265a838d7e34881e78b6cdc844

SHA256
6e85bf175e096d3ef1ca241494e3f1dffbe5432d067802963ddb1ee9dbe9ef50

SHA512
39509408f3e869a4c91ada6129895feedefabf895eea1ce8d5eb0309481795ed98e66196235a2f6f6171debaf6e1c5979cb411b146855aa5792eb25dccf61f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10dd5ea545d4a9cfa650dd086488c815

SHA1
eb1481b5c6aeea3c54125281d9dbb67f0c172831

SHA256
2b8573c2056ebe2799cef561883380da2ff1ae2b035fd3e97146752c75501ef0

SHA512
ae22bfc7b3f59d178b7fdd5cd4fa38e6acae54a5e2b27c228418c351af1b5c1b394827ff2762d4149bba1991028af5990b267bd6c423d031e7a4eb262c7777b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
db2539c66450ad043003b82879713d74

SHA1
9181df29f13cfb08e9be67e61c4f19bff079e7ac

SHA256
b3c39633e3a332877eb22ad96a08f539d0846570e128c044019b688e6b50aa1b

SHA512
e6ef6840477e6ea186b5f4422ef652ef1e4335116296fc121602598d96c7615a97d31677ab45de73052d1d4a634043f36207b90b4775319ab179ad4722efe6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fc6c9c321304dd1778fab1a09d9f82e7

SHA1
2da74521c27ffd66ae5dcbaa6819908b82eb2620

SHA256
b4a86b6306f3d0d47d93c69bab844034401737cc8f3d8c22d0e6dcb22a7ac158

SHA512
aa4de71836c18ec6f56cfb411680b46d6a8cffae030a957b02345f955fb50dd39fd77f372dd30972569df7f7a260b4c499ce373d3cf9316747841914be453ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
374af29f8b8bb680176d3a57f7414cf1

SHA1
420dd5393f832bddf0bdb95604ff8bfd250507c4

SHA256
c5c68884650dc5f74f1b6023567b3dac8208f4714f6526e1627b20fab4ef1c0a

SHA512
3cbf44f321474bd7eb012c5babf6906e638c14bb1a271770c01fdbcc5d621cbba14df790bd1af543d5b5dc7fa0dd1b6ebd76bff51b9d9a61a79e67df43549f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
976139e447d41cd9bbd019b0eea81d6b

SHA1
3818b2ebdcb25c26098247a1eadfe0cb23652cda

SHA256
25c6306a66d8655f5ffb03f35df95177dbe43aede3f2f69f82a95d980b44d0e3

SHA512
8d2dc7e8fd49c51921761c0e5c9d78ba0b924cf5c1976aff47dcd945d7b03885e31707fa3125cd6ae8115c70edc27dced189f8d885a85ae49cb513ee2ce345a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0d269931bd3bbbdd20ce2fc23e44f8e9

SHA1
7308b2d70c3f66dc16f0dc6db19bfe09e3478bfb

SHA256
e3bc4cf9864b0ad640293d66d68d2a2d2b40d3cc92f13512dd71c89d93682ad1

SHA512
6672e92043efcc3a679f9386abfd9128b52eff6de12f60858c24d645644400caba7a11bdf544f0081aabe4fd3c6cd389f7c1e6c94f44f99fbf35600afdd09ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cca.TMP

Filesize
1KB

MD5
6a637b9f293dce55d9ce8b19f8c7f3ac

SHA1
98d14b90585b0c0d5953e082895e5e58b6f28127

SHA256
aaa9c221d9e6f56955565b41a1248e0aeb5624615d687d300c2c508f437e486a

SHA512
b237abc60f3efea86bd6053904e3f9e2f5c33b41bd535ab6a0f7bc7b9e0c0c514d8ce64938983f4340411983115bccc3c3c3c49b1b3ee5fbcb6174636df89b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
890e1dd2ee9aadaa60f1077b8d530497

SHA1
4a8a430bd0a6f8b20e80bd93b5dc1955b6f8acc4

SHA256
4a00aaf71978f6200337f0b441212068e5bb6910ce8c9b7498a69d446abff2cd

SHA512
35c5226d8717694d46a4c441d3451e2df3beed6ed2971f547dd3e42d207dae9838935e2ee71c54547634d81fbf6288a1a6663c1abf6510bc3fbea088c3191481

Download Submit