12c2fe80f1a085ce01cda34fd600d6c943899ace7d107c704684360e7b158b41

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f8b6ae9b5b26a2a1252325998a222ea_JaffaCakes118.html
Size

182KB
MD5

2f8b6ae9b5b26a2a1252325998a222ea
SHA1

84a14c0e0d8932b7fd6838b66a9d7917e3b2c84a
SHA256

12c2fe80f1a085ce01cda34fd600d6c943899ace7d107c704684360e7b158b41
SHA512

3efddd21351e0d37bb926d79522e51015d30c3fa17ab33ba11578de8a74d8b007eac66763c08b291748aa66f18e6701b7fcb10b55d46d30b46fd05d18d5bb514
SSDEEP

3072:++cITclgtyOSFjL2tuPtu1Da7P7atJtuxOH+IDC7jdR0lod4hGDOc2MzEltKKyVl:++ZTcX+kPk6xfL7jdRPKyPNrN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
3572	msedge.exe
3572	msedge.exe
3480	identity_helper.exe
3480	identity_helper.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 4592	3572	msedge.exe	83
PID 3572 wrote to memory of 4592	3572	msedge.exe	83
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 2064	3572	msedge.exe	84
PID 3572 wrote to memory of 1296	3572	msedge.exe	85
PID 3572 wrote to memory of 1296	3572	msedge.exe	85
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86
PID 3572 wrote to memory of 3988	3572	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f8b6ae9b5b26a2a1252325998a222ea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdc9046f8,0x7fffdc904708,0x7fffdc904718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4373929534752846906,328165999997511594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
7839475063d3404f334ae1e5c3eef61a

SHA1
b36326d60b46b46c612719b2171accf17ad1be0e

SHA256
bffcf0cde0eee913389cdd1127ff1f227c53cb69ffdebad139959617d90b8aec

SHA512
85d221697161d714f7aa296b78bd3f529f7cca12ec5bf320d61faa2b6d5100a3fff12ad0f5856ea0c2f69327ef76b2f0750ca60752e2b0714796cbd9cb007cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
47KB

MD5
56a44607861eed852e6334bab70443c3

SHA1
1fae354a2e2bfb95bb5f8b71901ed3bd5ebc7339

SHA256
4c28f57be6ecf8568c9d2c1509ecc2cc194a2961e2d2638a70842f0315e5a0fb

SHA512
b190d47b8cfd9c482f445afaa9e9e2e112a3ba83110a897da024de476ebf41e14801d29daaceed26f1be12a398d50f7ee9ef558f0f2e706daf894cf93a9c0f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
98KB

MD5
82934e4d876b2b0d918437893542c869

SHA1
3499a9827c7a4922d801c64ee245fa30110e9a4a

SHA256
a873c919e4a5725e9fae2f5c856258b53b8d9007799d63c90eb2e9b55167d386

SHA512
d68030ceffe52527f8dbd092a81633c5184414cc52960870a0aa0ba817ce121b965edb666d3abfb5817e12bc6d9e4540b4580e71cf324e4e48b6a9c4bed7bf3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
609KB

MD5
34dd54ec579a217b1aa4e481ebef6933

SHA1
7b758da946526a731bac042a7097c6ba75cc698d

SHA256
90e3ffdb856ece743ce5639cb817d62d3b7ef3c70da77d04d052b1d6ce59c6f7

SHA512
cc1a36f84cd2c46f810afbbd7892662b7de1e267fbe8e8b4c5ed8f94473ac266611689f8aef44c24ee2ba065a9f9f45da299db572fc6ae74c9e221f05283d06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
32KB

MD5
4b8bdccb091e9975d1e6ccb365f4f7e0

SHA1
32a804789d0bd3130e4b847f679d6696041c607f

SHA256
d874790a56f3189368e5c59ac4fa890eb5db3f3c2d67cdb437b79e2f19074461

SHA512
758a6732e18fb0cc405f72166062df908a74cb64cc3dccc17ca126161adde6a02b3baac52150c3f7a9bbb7ffd4a29612e87f09849c224744fa2a5a0a48f6712e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
1891317c1eed0e80ac7905f8d795e46e

SHA1
0567c8fd0133553ee5d795fa4fdea9279df2cc18

SHA256
f209b3ae7b4b18ff2ab86911f3e885456a553b689362a4895bccb47175b352dc

SHA512
14fe6bd8388fc743cd6739410cacda034581f99d00e3720d85880380ec504906bb01f83bf1857e46d7dd4ddee6b40c0e5a0c4a34110c3f0ff2f02d985a571863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f47ee882073e3901ebf1a2f0cd63b5ee

SHA1
af1b5ab73ae44635966f3e2ce45c4a2e86583454

SHA256
cb07f20549b6949f335631d9a974f8835ce2a15db855dd93b1ffeb6c930379ad

SHA512
8362f3185c5be71ebc9e20eeb7320bf846c08bc8d9b35e26a96d674ac8c91a9617ffc1326b80edf094059adab042f56a81ebced053d08195ae5791828a26aca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
226246ff1e62a0c00f4599c703dac589

SHA1
61c24a595799ce904b9a791068461d7e9a64a904

SHA256
51e039594776893f79a65d1c8c8fc01c8491cb4cfbcf116363cb222f559eedde

SHA512
775c247e6d69b096fd8701be53baa51f0e5fa6efb59c952f90b4e4f9f3ffd06d3ff0c8d2ce0e3dc03c15353ca4670f1ebf5ec3b066fa1d39479832134329f374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1e1c859f706ca6e1abbad75f9a0013c9

SHA1
54bdcb3583200ba8b1a03798d1de1dae07c8accb

SHA256
dd57ef313bc9e145c41d42e55d0e09cfebb036583be57694352b94b534251f5e

SHA512
4afa41ab6d1430c8a6cdf3210f48623ce29ab3a96598c0f53901faeceaeaa9bbd5274087a5a60d38104dde0607ae96a624b414f14b602e8bbec2b4199a05ab13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
408683e39a0fd605a3f2604ef28e49ff

SHA1
5abf2487469a98797599361af2a9df8b6fbdbf8f

SHA256
0cb72dd9bb57d4a16ca85743375cbe6453ec93eb12cf90599053b76bb9b99655

SHA512
6516594cd8cde8f268dc9255fca5a2e9054e58756897bba8c66e59a8042639506710d1b7c2b26ce2142bc4597efdab0b9e2730efb7c565d119667ef70b4fc794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c41a8bd943d167e79a19e6c845f08ea

SHA1
9a5e138e4b1d168afe3f3b45ea1b925c34e379aa

SHA256
0f413dd3c5ba1d8b924457c7bd85d537c9a870d528fc3e34a40ef35b8159fb69

SHA512
9886794598b3a23aa532b55208c0d8a58416b0663da425ebc34a84d1eace63eebd8d5bceb52c7cb3aef1aa95ef7096728d6dc9f72467bccc514f1cfc85a8d275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0437c7e59aaf6968d78b2b6ea103b50

SHA1
c9899b337a56cfcaea4027e31bd9179ddf0e6e60

SHA256
9520f45a3a4f9c9801f44ca6cbf7359a125368eaedc74e28482d3ef8e16cbec1

SHA512
f279906720e638baf792f6ab57480fc231b82297606d3a742ad538452f475437d34fd8f6b85c9585ab932e852707229b69f932f31b6cb8dbe4d62e573cc2e847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1e9ecff12dc354b8aeb12da31a555a9

SHA1
75c3094d2a735d0f717175fa1fcd70e75b391bc5

SHA256
cfebf30bc0841f9b1c63b4e0fbea19cbb362563723ac9c3729b76d537e55f88e

SHA512
1e74d3f9f3433ff665a196eda48a9110f4b8e159bcbfdea6bf80c36b4af91802cefe8bf10dc8af8b8d73a709078ffa31dc698d4a0395f61d764c04afda910a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5856c6.TMP

Filesize
370B

MD5
93cbc823a4ebdf9b5311918e1ab5771f

SHA1
43a398ca9d9ec1022fe3414c81940d8f15f58a9d

SHA256
430807a46c42deabee7a604421fe66eb8f208259c43ac8dccf722042298cf0ba

SHA512
8ef9ac38095f9ee7021cb34a872413cc4f1a3ca2f4a1dcbfae592f7d6f29a053030ae58e899252a1b883ef99da7e1032b666ad96e1e4667934af8e224de2438b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c264aa8e-750a-4b6f-ae11-cd63839a25db.tmp

Filesize
538B

MD5
cda8d62f74f3a960ab9f3ef7a80f528a

SHA1
401c84b3d0498c44b1b5fcb3e2e3f77a9a1df79b

SHA256
18aaf94ff7eb81b40de13afcf3db8b9e8d57dc1008455a267ed819a551493570

SHA512
ea8a4fb092e8f4b1b7fe9312e270e631b6fa213171dc866e8d3a0f570367875259e60f17c090f231169154060e82d95d0459c00556a6504f8d3ca3a84336ae59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c5aed0aff3de5c3b3e90051c969bd21

SHA1
bf3d251579e015bd5f31cc81e791ef724b3e27c2

SHA256
d2970d62ad9c1b972c166f1619a0b4515574e7d6f094e58cc6de9ff42496282a

SHA512
64956325fbe6385c5e9ce1582fb9a887f0ca80094f2a7078a3b097d3fb5b28f65343235d6462a745ae51ef8f842e04c8efb53a26f0581787b7bef87a2db3120f

Download Submit