cd313a390512b7048e2809aec216bd92a68b9a25798d6a115aa543a13206a4e4

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4dbc06af08a14478651ed1a29a36736_JaffaCakes118.html
Size

49KB
MD5

c4dbc06af08a14478651ed1a29a36736
SHA1

2fd808413c39976df7478cf19be03930603901f7
SHA256

cd313a390512b7048e2809aec216bd92a68b9a25798d6a115aa543a13206a4e4
SHA512

8ef44ba52a8794dd4d1647a6b3fd8f537cf84c460a5256d355b8ebe8adb93c94e01be968c514cdfc993fe66a65d43f5a982213d9add8a6c18b197ac98d8d132b
SSDEEP

1536:Ebwgr8VkeO3LUXniyXzqYyczhdwaS6cgRrYTpJg:IeO3LUXniyXz6czhd5+TpJg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
4736	msedge.exe
4736	msedge.exe
1196	identity_helper.exe
1196	identity_helper.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3032	4736	msedge.exe	83
PID 4736 wrote to memory of 3032	4736	msedge.exe	83
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 1460	4736	msedge.exe	84
PID 4736 wrote to memory of 3400	4736	msedge.exe	85
PID 4736 wrote to memory of 3400	4736	msedge.exe	85
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86
PID 4736 wrote to memory of 4936	4736	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c4dbc06af08a14478651ed1a29a36736_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb76ff46f8,0x7ffb76ff4708,0x7ffb76ff4718
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16484315310454178503,1078911246325742445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
1ff53dae34c4555156d935d6455b5e8e

SHA1
7b0d480ae156810635d33de2750d7de405c41c62

SHA256
b60890e621ee1f1885e164572c092e6dfcaca3d7c7e2b6cbf65b5acbfeb6a998

SHA512
103de10e245e4eeddd8611d30f62a74b16b364b5aa90c866c1d239649363e42cce013d83520b7e3fe2c17ca709421168f78736477e124dfa841dc021f512bd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
22KB

MD5
7444ec04923bf2e160d21243a249ae06

SHA1
d152e4d0ebaab0cd82a025689f49e4eb29aea7be

SHA256
0064b1bf70059d6dd91e95c1286dce2e9ee78d003e3ba3826b6f56785d11a1fd

SHA512
aaad28d8665fd09dfba07666b4a5a487024b5216b4a539c0417e787d0d657a1e757a73554660291b3423d039d72732d18f71833d2953ea8f563b99829d7db51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
25KB

MD5
182d00a4b1233638ba7f6e19acf5cb23

SHA1
88672a43ff16dd75a2c7cc1c479bf658d04a998e

SHA256
ead78e8a971651907fad03c09c90d4e3b015b5214a2ac895fe4b93f13d61b6d7

SHA512
c1f18d7bf09c7f8b868b6a263c79c774f05aaa3690cfd9d2a0e22f206fc31a0c1f384da263599b045d40470dd4dbce4948f010f2c71be473dea7c94875f26583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
42KB

MD5
29b23a4a62dc97ad6e97beb90c5cddd6

SHA1
0aa934ee2b480cbc04e020b67e7630fa583e3dd4

SHA256
7d5dfb1bbd85ef885006fa11d69cb5f60add16f3455d6d273aa3043166579ac0

SHA512
267de34e7dde23351c3ba914cf3c19bec181f468247a79b7b0ab3e3abf2ddfaf8d3317ab690750a99140c7bc29583e8f712bb8dc96c555536c6b477affad70f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
73KB

MD5
38cc948802cc65a5d010d9032b122cc5

SHA1
01aa6a0904fb48178ca67a7f12c97fca8b40265f

SHA256
e5f54ed5bdda90d7d33c62cda40fae3c123ee13431a7af46fa2d215563842e68

SHA512
35a53348bd22a386e150e2867861608cb8b3ec3383b2b84d473e94941a725573915f11f109e000da4dec65f3ceb3bee3dd6ce1ce7aca7b7fe07be23cefdb0c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
75KB

MD5
568a0a3b3744fda2519ecf60dd2225e9

SHA1
741c58037e3144629826178011ada1d54e6ad27d

SHA256
e99d39072f360f635821116c62bcc650b8d05dbeef71ceadd85cdadd34868cc7

SHA512
ea7459e9b8df97e35db6761699f37f61421f24dfee897200e997585e7c68919897ce9255214ec742e96040fc94ed71c513f51490f6cda291147f18f42ba28cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
117KB

MD5
30cf7c95951497d5eaf42859841ef31b

SHA1
b002ebab8842f4d02b6baac85c052e2a26f798ae

SHA256
9376da1091a6c4e7283e75a5672c76868064f90d9fea60246cd1af3e7463589b

SHA512
bce4b87e798dccfa6821b5e390245842eedaec4cb53d415ef2eaacc91a91a19a4848182971e4bef4e9d148c39b3316c353f37cb9e574392434af6b8cb20060a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a1c782f8dc35f305b78d6b3a7c5f6284

SHA1
c167fad4a15c1aabf7e8615341773ed8caffeba5

SHA256
72fbc53f5e59df09b8f5b3e669cfa57a85354e5bcf009e3fb3e928cefa7c4831

SHA512
795ad88aed61d1bbc53bb0e57d05c771a62d92187934e3201e90b7241ebb31e4e63049f0401e47fd042f8ce8d9244cd7eeac857179576bf9e5287d10aec7622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
0e4b63619ff48b1e6198605312e76cb0

SHA1
92046f164f33a12c0d068d39f7b9a8f9e0688342

SHA256
ede6a92f260ae376836404e54caf296505d664b7f347b62aa8ff052672a17eff

SHA512
4f04ce81bfb22f9bbc7c60b5d82952f741fafe00f61847b28c8ab7abac9a66b8005cd2aaac055039d8d184621d517f23398229a87497c998a62a9971d3e6c297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
bc81e311cc254e63a0c0a36e251ff88b

SHA1
5f838ade7a0ebb6badd0a0358348dd1d782b8faa

SHA256
557027d4828a618ec1d8bb48f23c5df40493bf2f81fd369f10a77d19fd1a33f1

SHA512
88d14378d11cd90763718de0ad0799b868e0320da098f98a6fe764d95b45767cb9560147de8cc7374aeb0e45a43c1d784934e8442f4dc8b1ac2268249fa43dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1012B

MD5
5b74993539f1058de33ee7b015f2e930

SHA1
3707cb63c9fe4e292eeb77202de477c488c61df2

SHA256
ca9b9f31c360efca79028be36bd122ec4c515796c5445452d68c69c32add6194

SHA512
52657e28db4b53f6ac18766ea7cea4556b564d26fe6e434b66c7b8daa407efaf07dd36d7986c9c380f3fc5db57ce26362e42368a9de495c0eb01d81aa9f74241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0622f6622db08d877fb05bba97681dea

SHA1
5a67ac0dc5b0cf2a7c799bf81cf1e24c7100431d

SHA256
6d7e68323f8c5776e4eba789d993acdf2c881981484e2d14d5f57f9c1ce2309d

SHA512
a55f84c2db3e92a9bcf91b8a2d174ec4bb4832035311fbb50e97dbcbdd6d05c8b850ea901deae9ea1daf56ff77d3f4a27c75c03a1dfa4feb91d6a90a42129470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
593cb82f43b6ff5bec8cd72fc753b1ee

SHA1
ea4e89bf1b83540a58adea3ebdf73c3b0e94093e

SHA256
a1be2d53bf66ad42a15e4521195ae1a6c3289e58a0a28cf64521368e3b9baec9

SHA512
5a9844c10c4c53c417fdd8b720e2f3a5de639ebe332d4e25a427c692cf3d1cdc022778d65a1d55dfb8ab27d65ee25e1aa4f9d3b9b6f6f8fa20a6fa7d0b853dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6c57a3766ae47c09c03f023f5c353dd

SHA1
0f4b2509520480b5a0f4e3cc84e9341fab0c6b5f

SHA256
d847f4ab45d28503f17ffc8362c8f9cdeb982e2d335a888ba7a4f9f5f751aaa1

SHA512
15566123c356f60d98baf8d3b27c4445342749df276e0c2350a9152b0ed668473329cdb8dec7f50b9061107b80b02e1173a5350dba6502a97328e9ac92a7ab59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2baa2f3eae5192d3e1ce1e6f37209cf5

SHA1
30cab3fea400889a974a9c96a4a893927c1a0703

SHA256
4518ff09aab1f37a524087c74e0938d6e803a96f680e36adbd98786f54b9b371

SHA512
c4439685dc4e7a34ac9c55d3b299e5776c37c7b00d68723b158d28b6faacd0795df1aabe2dc0dbff4ef6e483e17eb091d550ba9565d3ecc7820e9b7b02ac9fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
463f810d0658fd1142a37a5748faac73

SHA1
d1717304ffca163c935aad9a6ebaafa0d4975c29

SHA256
b7418975c872d7ab50d1737173c78e5822e1ad93dda349a9461e649fc1a2d725

SHA512
ce5a502a46c01adc2cf80ea0cb728fee2b5a6c6a54c285456cc9637645fe867b0a2a9166ea8ecb7c40daa1e146296baf90d9cc38ed8ea90033301cdca30eaa30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9e756db00e9474c130b9836069198e3

SHA1
967e6850d54ffe0bf765a7e317dc433cb47a8840

SHA256
d2c7369d5c70161819d9c904ebb12ad8bc1345d2dd9a3203ebc048fcbbef0fc0

SHA512
9df4180bb4e4cf9e0d1d5748b64d7c899a2ea5def7fa9993bbc853a063a05e64d252996237d3e9a85560920adda98e409c9783a736a81b6df65450279e633119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
898257c8c406eda8b4a1a2b59eda3bf9

SHA1
250af7d2668e8f6f800e04c7bbd1e07c831a9616

SHA256
077c254c532d51c119a40d722527bc4c868de6eb43061a997c379e037c4ce6e4

SHA512
98f25552bf1321b98f611f29a9a2f78d4adffc814bf40a256e2463ac93c35ce6a001504695373d8644d345cf3732744643001d10183e1963242447b6203cb4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
824449c26785a26ebc24d56784050f25

SHA1
5ee476f979a2a2b35ba4a12aabdc6d26315435f8

SHA256
3dbc146ae0dac67a75d77fae69090af36b3e27fb62c87fd7e022084ab87f9dd1

SHA512
7ee3cb371646a399e2f4cca992bd65a75cb81fd1959dfa3f4a197089bee8d34069f74f41d77dd5ecca00e09e93a94701c4723154d66f6d74c6c998f891673a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
794e8363663108c5bbd2228c69da7ad7

SHA1
ce6d2046fe5208f07cb31d196e916d2f0b6e9096

SHA256
d3646fd38726af15163d72acc475dbacbb86710318dd45924ff06161f454a511

SHA512
44a51eaf560cab52f7a64531ef25c55bbe035290839263980c833be9e327a818f7037fcf806ed1d9b65048483052dc82d062628290e9a15a0d730c112a69d9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5877fa.TMP

Filesize
203B

MD5
ed7cfdd28753f25df95d30112365b8dc

SHA1
1d702936cfae5cc667a344cc437aac7f00f6f4a2

SHA256
c477b3ba040835837d1361bcc05be43ced8ad321187d7fa115347caf4982ded9

SHA512
9a9d37712758f5141bcf300e73853c6bb4eb14c0c53165d9cc51ad4a4e478b3b47fea2e60ad6787e33644b2a322463c50aae59eb8a14058319b975c5a99160af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5ba8d42d74505c6a0e5ac9c4f23b9f80

SHA1
7d180902c4e7ad900112e76da0fae135b81bbfa4

SHA256
f3c53f87b79131a8171ab0be6d35ba406a1ffd9e3ae0554e16c74707b0d5aea1

SHA512
184ff4a2db11146953002a4691ba75bca8b504ed7c3ca7e962e9924955a973b4972b0db79f829b99faeecb7997218a193cbc1c38af56f01e7227aba4959e54fa

Download Submit