224b4fd05f3dc0ca70b86d256b304ffa823141d9d1f13bc391eb62031320ca8c

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

827583e25b2eed1d7944aec421d0095c_JaffaCakes118.html
Size

49KB
MD5

827583e25b2eed1d7944aec421d0095c
SHA1

5322ad395025bf04c6c044477e5b5e6bf3c31edc
SHA256

224b4fd05f3dc0ca70b86d256b304ffa823141d9d1f13bc391eb62031320ca8c
SHA512

a126328a02aa74300df27b7cfedefddf06b6f82d2bb2a2915409919fe65a9cf9149b13ba06652682111f455e5c054738645bdcb36480237e444b2d6ed4f0ce55
SSDEEP

1536:E5wgr8VSeO3QTZFMYmaTNt/1y0aS6cgRr0Ajh1:GeO3QTZF3ylSAjh1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
960	msedge.exe
960	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe
960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 3968	960	msedge.exe	84
PID 960 wrote to memory of 3968	960	msedge.exe	84
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 3228	960	msedge.exe	85
PID 960 wrote to memory of 2424	960	msedge.exe	86
PID 960 wrote to memory of 2424	960	msedge.exe	86
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87
PID 960 wrote to memory of 4976	960	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\827583e25b2eed1d7944aec421d0095c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8df6c46f8,0x7ff8df6c4708,0x7ff8df6c4718
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9922499447219412429,12766736803393125887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:5160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\03a7c701-f6cf-465c-ad65-910614d22678.tmp

Filesize
10KB

MD5
ff18d30601a205635148192849117d61

SHA1
79d4b6c1d80d009ce6bf4d7da0f7a95ab1310879

SHA256
40b88aa0c7904b5e6298855a906deb0003135e78bdd8a5b757cab9eedff81300

SHA512
e2218f7c715d79f738326983b891d62de1cfa6ebbfe3b15b929ef02cac2748e6ece7d69f1e513cacdd656f944d0c7d19b74df5c8486ba0a0bc12d25e39137533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
beda68c7227c7a5a9f974b1c74d257a0

SHA1
8a03576d27c23e9612bcbb5b9e758e4535ee4c81

SHA256
e9b270df7c8655f05f8336e4897debbf71a38a69c3030f33031376b4257addb2

SHA512
4e178897f5ae13f1cbb2b374918e22b5b281a78e3362fd6125701776c8826956c06153147840b52aaf4316bc8078059f83ee4758d84cde70190bde8f1f36e619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
115KB

MD5
fc837b1eb4bb9ea9e0a75d3719ffff75

SHA1
9a282823efeefaf229ef1f28e2441aedc5d9166d

SHA256
1de8d4023605e907d579a6c2d00066f39bfff48fc2ade3f03eee87df264d100f

SHA512
07d1f0902e9d67371860366b5f58ba3139c0e1d3e7c05cdf7ad57a1b5b3b2623d842b0a3787bb71b4f437667d8564ef2421a014fb7d0f398acd77b30e7ac04a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
42KB

MD5
101f2295c59a6c129b95bb68093aed06

SHA1
12f5843daaf99bdb874dfebaf10660c54ede2120

SHA256
9b59525954d9da17ff56cac0c0cda55bb6c4df6b7550fe68565fe0d24a963ac7

SHA512
f5e54b7609a1884253f1d05d9245def95b3721e1163ddabb6d32f5b31f824a218c60533eef25a6f91d8ae6fa314128ae258fdc341cf9a4f36bf378e874b5277f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
79e9333cca0f9c0c57cde49b7b29b1a4

SHA1
003cfa87b33da8b601c23f196832f847ad391728

SHA256
c1609bd88267d917451e3be3e425a186bd370e13fa376ba4ffde908dc522c344

SHA512
dc1acc8b85d59a1c3567a71ce2732a610ac89179ee8023d90297844579e0885ff50c91efff789022d6dc88207a7b19059d2044902c4109b3c1ca4a539227ce02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8f6a683a87b9c218dac52193f0a7bdd2

SHA1
2d3f7403399339ec532e845693851b7aa282f4ac

SHA256
f4bf654c98158215545f39add902a994d5e8496950af1b610fe11f3428c9071c

SHA512
cd7255fb6b0a1640d5cb31f8b6730da5bc704fef989e6c35e847f3351d5d7c22d16c4aa664acc41eee456e84d8adc69d7d0c79a952edcdeef5811bc32bb676be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
b3a93acc789feb1d6a93ed5a58efb89c

SHA1
aca1f90a94f15bf7e476ef67f23e65b90d169d70

SHA256
0141d83931fe9ca5719ffe7472ad43a18d0e2a47b40a7981ff89888dde225b6e

SHA512
0f6a68560d1a1c5b1197facbcfed2f422a56697527c16ea067caf6637c3f3d591d90067da3acc71555bcd1549a41b703cf5454bd7979bae7833b85eed234db59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1012B

MD5
0be0b15bc0924ffdf142bedc1e52907c

SHA1
028d7ece525bc254abcea5a1039311d9cabe14b8

SHA256
e31c25edd3207e7f50ad8a466e316dd931a7f25081450fe59f0070ac5bca7a56

SHA512
5c87e25816ad56d01e2a7930fb8f899835843546119625bcd414f17cfaf4be3413cdf25690d1a2e3d0d9fd193f54bd872064da682c2cff782764cbf75ee89ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82044f2b6d7712e7a6d091c5c9c3da48

SHA1
53cd3e2b21d0a065d97a5028232dbb2704f22861

SHA256
2f9ce6b023a964f57cff5cb455fd715929d23013cd0f4662df26b3eba0595d93

SHA512
f86a687f3a43d61415f2170988be93074a812be4ef97653d5ec89973c1d4bd4b56cc742dafde135732aa988613ab958fb3b2568ba181439b9fdf3c2d86a589f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93a310950e187bd660afe88fc6fbdff2

SHA1
ab2ae026d7ff3a4c4a5730375c978d5d0aaa7a06

SHA256
68dcc1d09828134946f8f6100c9618e9d20688a6eeaed20596f74ad0bbf336a0

SHA512
b1d20bad5115a351c52c0782a72e6ae4270c7a26adc328d58c7728456e6694c1e59a77a804bd08b94a05320cf1df0dcce1e6fd30b95cd063e4abd4c780efb8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46827daf2ef99954f044cea3e6a8227a

SHA1
b77fcccd348d38504082388c0d0b9236330f8e6d

SHA256
d0f2d65c42b878b31cca709602c80708390cfa94f9f4260f136bd7db22d9eacc

SHA512
dcb7b9c390b90ce7d86c57a3d39b898150111115edc93f41ca09770c07cc825c1b42440f6f4920563116af6d90e04b16409b03039cd122d3ab9251ec8ab32fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f55c64799a0280423b724e2c437c325e

SHA1
c1038bd83a96074d0cf8fa1b79f9b2805f19f585

SHA256
dd7fcaa71249cec51415d6d630e5cc395fcda1ade84968bf9b34f00d92c07626

SHA512
8773832a813b6e5bd896c9656137fa90fddc69c2e32c64a682cbf032bda7b3634eb80e02c6ae55cc0d8fa9af9e1b888b5f8c843c6996841f060650c511d2a118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9c6425a16fd0e7a807e4950d243c0f6

SHA1
5cf3765bd39861dd7296563e783be3a17d0e0bd5

SHA256
48a006ea991538d16235d4a6821dbe48d595eea9c1ddd4ba37ae1f7bea95360d

SHA512
55102499b0d1fd1399141cce4b8f1a65da03511959967d11b1bc4738f84dd049e2c9ae61a62580ae7323b56d3b30a838859ff662cca3f95c5e4e98ca82155da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
832c72b6eb00c6851a0256574ad8cf8b

SHA1
acfd66a5ee96b9ffcfa273ddf3427ef976ab0e92

SHA256
05a2c5e71d75a037c42fb2a463bfd36c9c16efe05c95439338c206fab08c24e3

SHA512
eea08d52f0adc9655628e8c1a288f5798b8a6bd0b66b92021b5fd3913e27e36a0c7912067bb93934bdb304a66208525bd6968c79bc093bfebed5d83757a12297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5495e80b0dd87419ce018945126ec26

SHA1
9881978722c700262af6ee2b222922f4caf64d96

SHA256
c55e16b7878ce4ca6275d5c26437d4d7941ebb660c866185218ea254923af1d4

SHA512
0e542e3380ba7903210951745a42f3a9bfd7e191812a4246e95dcfa0382792ecdd5966e7dfa35f44e16677a21329e8326485efa511e14675d7cf271936e029c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
5ffbdd5405de31ba680b582a6cc6e438

SHA1
21068ef4ebbe9e830e7e02a267a8c09e9197fedb

SHA256
0f38bbc41d030663da11e0db37ae4792dbb2199a01dc461a8573eeb7eccc0fc2

SHA512
a34cb89c44e6fee7d636cf614aeb50b08090dac6cae3943f378252a70324ec3ced173d58cda5bcc540b5a46f4df5e97339b779e2ea25ab163757211084a8fc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3fdd770e41918fc1ccc6021d409ae5ab

SHA1
a72cedf01979eaa838be1aee74cd3ca97a2572e5

SHA256
b56201c5cd7dd83e841677c76d5e40961790abfed2e1171fdf26009713bcc75e

SHA512
78f17e1aecc5d94cab4af63cc4ad6bb0dbb95a98b79c145bb19c116f15e610d93431dbb236ed6ad4581b01665294dcda88a9de7709b47555270d4106b3cbc222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e0dd951fd678e5ef117122f732a7fb76

SHA1
729cc99f8af054709adedcef9cf45036b3d7c6de

SHA256
e7eb066ac6d225e49e3176371478af55b9d896ee9f88b25b0e69874f0e447120

SHA512
b6eaf0f6e68eec5f9f73169d84c4538a2bb9815812140995e428b520daca8a340a69797d3e2f8f747e05e9584d27621d9d384aa17b4d7b56acd712de14025e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587598.TMP

Filesize
203B

MD5
33c8342c5735515b4013a31335491ee7

SHA1
997f579f6c48fe0512d2e40cbdb73814b42c01e6

SHA256
d173293b8db0b8bb7d46daf3c007d6c0917f0dd6dcbd5b06b3b7a5dd760f8e7c

SHA512
2b4e2b0be0258874113fd00df6fc49a50d6b034915008f45b0b2b85fb5a9f6b6306370aeee36e1fb6b370f8e96109555158f4492f4e0706213a3232f0ac48016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit