1640745a13817aa7c0b39f83b9967e078c5653264ab8aa38b3bc2753e7eeb867

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

969dd8d00d9facac99f06e835347d4b9_JaffaCakes118.html
Size

136KB
MD5

969dd8d00d9facac99f06e835347d4b9
SHA1

d45d2a63fe2de5acde162ad7d4cb204ba46f017e
SHA256

1640745a13817aa7c0b39f83b9967e078c5653264ab8aa38b3bc2753e7eeb867
SHA512

85ae8abefe78ec64d49ee864e37e5f75eae79c2c4b54cd01cb898873a38b993e38218297db444b27047d905469d2d140b183c0194be1bba8d4394b4b68a00162
SSDEEP

1536:JaOPblvgtZEe3+KR/CthsH8N79uREwTTON6Td1R5MghZ7AIZvJibdz:A33+KRCbsg79upTlTd7ZRibdz

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
59	sites.google.com
62	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
2940	msedge.exe
2940	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
2228	identity_helper.exe
2228	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 372	2940	msedge.exe	84
PID 2940 wrote to memory of 372	2940	msedge.exe	84
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 212	2940	msedge.exe	85
PID 2940 wrote to memory of 1716	2940	msedge.exe	86
PID 2940 wrote to memory of 1716	2940	msedge.exe	86
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87
PID 2940 wrote to memory of 3024	2940	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\969dd8d00d9facac99f06e835347d4b9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b18146f8,0x7ff9b1814708,0x7ff9b1814718
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3572596669135095842,8180380913637948402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
defc19d01893df91f6dfcda9a399da63

SHA1
190f1f04c2a9e83d3fa87a86b93cbc8d51328958

SHA256
bf52e8632f86644b426fbca27132a612d2838a41bdcc70b81359155364dec35b

SHA512
89d6d3a06589db0e144ea55c2a7e9589ca22b5dcf3767ff88ff325bb22846fcd064f80ea9add1626d5a04c8cedd07887c4175938e7f8fa8f7f1054693a9e1237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ea02c517194722fe7f281bbdf2033116

SHA1
7f201f5a13712b33f6d5b053f2eac6b0dfc0993f

SHA256
eecca5555c165cd34fcab5d8bfcbdd0a40837205bf91f8428bc274c7d7e90e13

SHA512
4298172a01bbbada6b2162fcfaaeec2dc9c96123d38346e7955ae58378ffab3547248e26c48d2c364c797e79c5a56cc46ebe187030dc707cb1574a0017a74e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
7b8a72d703695fc1d2bacb375eddbce7

SHA1
bfb429dbb0838dc722006ea881a718e0e10da893

SHA256
55af995dfbd77c4bb526c73f763159006a4978eecdcbbc7ceb8a227d8d5c8212

SHA512
e33d1b342f618befbbcb78999734928d39d78f9c424784e33e7524512525ff45788907d78abe4c03ca149cc1f84aa3f9ad6478f67a9d6b0e93c890c2c3d2355e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
ee581e038a0eb42f5b38c4d635828e25

SHA1
14e769997c6089bb3d52ab94c0208cbc53336b7f

SHA256
885381431384d89dd622141edd6a5a7c5e26dddd4b351e54fe4e60eae465f592

SHA512
a3a5404ac6d0be176fc8f03e047945962b8510f378ee36250697345b324dbac637681e27c34f4a77c64d37df7132ccdc7014684a9e3c86804e0f9280c9bf7777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
47cb937ce332e918b8e0098f0b0a5d1f

SHA1
686245c44492b8770e6b18c71fc88368640d5d3a

SHA256
6cb331d3a5935f5f73cdde7e012b0483603692de9607bf2eefa641eef6da1ad4

SHA512
7c369a5b65c924e110e080c3fb63f3441c936563d8b311d2678348ce3e6979d42831610cdc3711ca2f2cdaae727934ec2548aca03d4ebff0618c49e871ef8572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
507ceabb624d8e49459f3be0beaa8574

SHA1
53f2b5a93e0f7f050c195ff9c3aae10a8a29d3ac

SHA256
cbbe2ed765ab00de7db158335d8927accd168c9c1e289c0bbb73031a2c63a60e

SHA512
d44a3480004243232d66ba11cf2fa63986183330e010a304fdba32e7b9e4957476ce0d2b0a7a26842681d833fd9c3891cebd9eabb1d22320ce7dba42f685e475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2434b4d1a144e8a20f42b5e945d0b332

SHA1
d15f2d9146a028ffed44cb3039c446472718ad98

SHA256
42f4d89bebdd341c80ab68f87822ec6e226e67f1d4333af2fa14ca2132ffe3bc

SHA512
b3b8ea6ca6bbd8a51590c836a7ea927f00a508ad0bca4c3cfe3ceae09d2e7c6f896de645876405ab73e3cbe5214436411dff4858e198a081c80dfad252d49d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05493a1f49553d433517d169c16a0c4d

SHA1
1f9770547b759c79cf5982d90013751c3c12438e

SHA256
76e8ea0aa7ed5d6dd1b9842900c74cbb113939f11ee8eabf4fac609408629281

SHA512
77c404f9612dd6c8bfe16a70ec2f889a82bac85834de7e64d4645eaaf6fc0df7f7642f3fbf61906b15ea9ea919b5e78269a470cb27a6b65a7c58851a41c7225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ae91c584ddfcbe28e4afa3764a7de44c

SHA1
fb742400271ec141649762c81656424c5d951b96

SHA256
24036dc5bd30147077604631467853e6ecd1d07f2ce8752ad369494203769296

SHA512
8e12923c141ed43fef2869aab43ecef844546af5f1e2e6a796fe79de8130223c3a0ab39a6198b3965cc41e2306e28b8c5ef5143dda4084acebdb3ec296aed6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16d01725686c5c7131cf94ec7cd0167a

SHA1
6120e65937385bdb7ea260c50e7cce9810291d5c

SHA256
4aed3b48de91c1c2e07f0f0baabf0f034a03ccf91e06fbd51be329e9986ba5a6

SHA512
a112eceb481a6b815081afd89c57bc3020b081a869c0fdf23d32640d40323319d5f4b7132c8069ecbdda34848c46c2b68fbfe818ba6b9b088d4e3dad43a44a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d0d87b7645f8800904fd45f99f740f57

SHA1
300935d55a7274f168260d460c69b276aecb6766

SHA256
c3776b01154807149cb87dccf8bcf942da5afe169c2a4ddef20d324ffa522f0e

SHA512
398a40cf061f0ee6804412834d8e294ea3c934bc6769a1b974f528cab19d71bb291eb2ce1ce12db2210a36c287de52c084f56972e76b7248aaacb6a58aadb0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a1d.TMP

Filesize
707B

MD5
8b5124336b537879d9b6fcdf1d27e19c

SHA1
f2cb5537c7ad87b177acb7c3d41d9faeb1551a4e

SHA256
be0d7ae55edef056cd2fd296129ed2d3562514a1d79f98398883ba793e7bc03b

SHA512
64ecf95fcc5c325e8697816699b804d49385943ae2d66a71cfc6b1df9294cb9adf861e8ef4ebbe05200f40edfd3480491030fbfce91df464996f880466bbc6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f16b935dc5783b545c4af57947026faf

SHA1
e85a283a19af7fd48d430ef85d04ffe949d89727

SHA256
2f6907e8de648e30c491437fe338038b66f109090d0eb786c1238d287c96629f

SHA512
d01f0fd31778a16aca7fde89259371af4ff6be898d38dd09773c44a4dde1969f46d22efaeeeb3dad3612efece7d789563560a48d82c63122d703f9eb1b835ad3

Download Submit