2f883076284143ddf1f0617da074a26f3e436f64c8d1a32d8600b05499a1bfbf

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_df3237a04116e669a119e041bc2e0029.html
Size

71KB
MD5

df3237a04116e669a119e041bc2e0029
SHA1

7beeded6ca57292422257a7c2e51721224770179
SHA256

2f883076284143ddf1f0617da074a26f3e436f64c8d1a32d8600b05499a1bfbf
SHA512

57ec17a761c9068e20dcfb7623807247903fd229f7c707a214b7c897e533cd3878728a847503aaa8c2274201b8b4c1d34a52c316ef1d13f2cc0012e300fc345a
SSDEEP

1536:EPwgr8VSeO3zBmDEZX0toaaS6cgRr0X1Y+:aeO3zBmDptoPSX1Y+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
1928	msedge.exe
1928	msedge.exe
4384	identity_helper.exe
4384	identity_helper.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 3576	1928	msedge.exe	83
PID 1928 wrote to memory of 3576	1928	msedge.exe	83
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 2660	1928	msedge.exe	84
PID 1928 wrote to memory of 3212	1928	msedge.exe	85
PID 1928 wrote to memory of 3212	1928	msedge.exe	85
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86
PID 1928 wrote to memory of 5072	1928	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_df3237a04116e669a119e041bc2e0029.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99b7b46f8,0x7ff99b7b4708,0x7ff99b7b4718
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14082486015189580331,2498073354331359785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
4d0a129f673aa918c6b36f0c6a1b54b3

SHA1
1b5998db0684830f7dd9ca9195ed9b67ae41ae69

SHA256
bcf5af55430e185909efe68a77f35249153e4379b6cb3b5a047b1cd221ae48e9

SHA512
81170ee7b82a75d85ad9df8226d5d9f6f88b8ddc4ddbf4e0c732ee9ba0a49ffa687cc42a91d91b5fd4bb39cebbfe0711f84b0b790457fdef5e9e72b5a2cf04c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
52KB

MD5
f9ad6fffe23fad04422671cf2fa4a661

SHA1
b8366163961f1689411636988a73dbc16d13ff3c

SHA256
f0ca592df98944df58f4c281890809d30fd2117e471b8021ff138314efef5dab

SHA512
e9d95f4f0eeed04413a1d798161d1c20d876f5ea4440c13e9fa356a562e931f98d84b3f6a907d6541cf6bbbd7e84f0e106b48fe2f5fcce77d66f70e114834aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5107c16e14858c81ac239d592d653d56

SHA1
c29d7f4acc447f606119bc5ffaffc06790ad6544

SHA256
a539b06931e88d27c4278d78bcae4ba7d9c9f5f58330a9e00cafa1008ab3cc97

SHA512
1fd24f55302e389f470405fe3ec113037ad0dcc3912382f328023c93d12973adb8a83eb6f65ee3cb1ea53413a5403063e34401bd5d9fc41890d9bdd072fcba33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cb26d089de5c5562a4167004b8ff7a3e

SHA1
1c4c5249b9281da00aea19e97b2d4f99fce37373

SHA256
820b45eba03455e4c8b927637d54e263a276309b66108127ab26046c213f26c7

SHA512
3fc61569ac3b4420201150b0ca0c3f0f4f2c52e3b698ab88513c8f859ed9c41a2f17fb1bd76529e06267352734ad4c60d5464614e09ce5ad61a900345986f442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
904daa0a7acb2576a28af96d2d0e2364

SHA1
62d3bc67fb7b3e9fd9eb1231d1caa83852edadc9

SHA256
080866e9166eafb381be8056a435affa2653b5e15cd0cd4362b9bb06d9c5e899

SHA512
df162a81917be2447d71972cb52f7381209669eb1aee5e6b5f7b514d84169af10d9935d7379a9ef8e89b3f9616775b141a7c37ce5bc9dde3bc458cbd518b6abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b8c59868b427ec1ca03fbf0bf80a687

SHA1
9f5b4e380a0ecbac3123b436171070d275bf03ea

SHA256
1aa4fa06aec89cf07fc7388be6f8763e89aa8329ba1e67070a33adb6866270fa

SHA512
92556dbfca2ca2041e05cf722195856cebfabdfa774cda06c96e36120c11bab6010c05e85c8570f6d1ac9f9ffba737095ed8d032d469ee48f1d2f67f5d369f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bdd7ea042906c8fc4c1c0f077830300

SHA1
150567dab2ccd9f3f42ca504d0b8b2357db8fadb

SHA256
ad1bbce3c5f6298edce4b94d08848cb52ca039cddc662ecbf1d75fb4c9072635

SHA512
97ad84e1d34c1ffb509a6773fc31ad269dbb78ba96be90ad37bfdfc47ba27001b6142c4d255c461281adccfe75e975b1873cef4145dede79f9c0586e9ea66db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6f24a3d74cd8b9fcebbc8676d2ce17f

SHA1
6dc6a01e4797635edb89296dfd7a1adb34e4eb4b

SHA256
50444dc1cdc6c521eb6754abc1f0e9fabc40732ba9e2ce48791c008ed842ea2a

SHA512
bebe59fa816257229419d0e56420b38cbf2882c1dea53d20214faee4101eac3c47f68b4b1f7afb6678aab3120de3cb42d28d1d4a3e37a23cfec6014bbea07f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
452e4a716f4edb40c073431aa21bef03

SHA1
ce2f7e2ad95121c1d82e9f207e723a1d1472baea

SHA256
eb4920b08e6a259e3c3547ecbefc9533f50e0ad58bbc59f01580b81c05ab7311

SHA512
891d249aec6aff210574c5424d4068a287b60eb7150c19e38d738dcb52ffd1dc0e216d2b3a21302b678b3f4e9f5576477d0b893707cf24a7dbd82dd24228fea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
786ed561e94e263e17b4ebc910e0e904

SHA1
7fc829497b6d36c83c77802f873f8c9fc7595767

SHA256
30eb3a305eff0f2b512a1b20db35e0551d1bb3fd33825c669d39cad7d728c4dd

SHA512
e9307e2e458fc41dd52fda892bd9bbb12abbe961e70ffd642e1cc616e25a49b57b791df20b79d857220a92c631b89a5dcec94d14ba27e4bd7fa5f7f8182e0221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce6b2d69b2a6de4c64485533e05a6151

SHA1
285539303732469a4267cf78585e06097a918f86

SHA256
356b2ec3914350647107aced1cd726a591efeae42edae7ca13473d82109c7e53

SHA512
44221a37ac1d3ca99cbd0232ad54785a40744d785315bc7900d87b009b36731bfc76a3c984d6cc6a94549d5dee8a34596a478755b3a9d84e6f93d2e52fcb333c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b6b44bb0e699160d1ea712bcf10aea64

SHA1
584916da480bf785bb89a4b03420811d4a2fa363

SHA256
6c025dd87db2ace5d0bf82818a36987f4cb35f80ab04db01d425a2c5b820c87d

SHA512
3cda888088f86de182d5901c5c850a9492ef5acc7f5b01291914072abd907ce014c16c644dc6293641d252d7984cc037a79dff03662a40b50ea2711fc9ed0098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
870b61aeed338eb5157902e615563837

SHA1
7062d8a4072a86e7b2acb1818e7e7e14045e0e2e

SHA256
468aefc77751685a65cd1ebadf72246de485d07d09598e05d949fd33badeab7b

SHA512
96638827d7527834722bbbe433bbe48d2e9d8acb0d9fc1f7156db5924edb2f63b1d8af9533f2bcd8c76d43d5f0744ef8dd8b6a9f781d0aa9205517f9619b702d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
bdc0518c7a0a0c647f10881299c86cad

SHA1
9aae6b31ab2b5503de1178fb3538f16d9d35a187

SHA256
6a9a32229549fc96792960daf74f7f1c2af88f53e3ae6dfd5b885e9519d6868f

SHA512
66c0877e5ce7589dd07ddc566f299fbb2cd844bcd62592a2d88971503c7692344c1704622f6bc34b60ab4a5c6a18f96af52eeeb58fb1679bddef508c3ec6ed60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586d8a.TMP

Filesize
203B

MD5
c2fa02b168b7130fa52fedd859418c43

SHA1
9aa5cb7b7ebaaee67cba7a8a3d9655c9a9ee847e

SHA256
e0df24d69da0e31a898856fac5fb276ff917a9882f873dc11a1e035de0d6b239

SHA512
2b1948f29d957be883f0073126c07abb288e983539b2c9c0b76f5bbd137c5c3ffaf12a6f189fdea41ce306833ac353d139f4a3b3cc778da272cac15ec4469c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd504cb9-7461-4cda-93d7-66fb5d263552.tmp

Filesize
203B

MD5
a9888ba7bc88208033b6560f68ecc3d2

SHA1
fcbe7d46bc9bb30398d43ba394d436c32b73543d

SHA256
b93cc9ea24a4b7e1a36098b8399bc90aa8b761ae137904607053f1cbf4949877

SHA512
2eb565ba97a0541733000e9a9865508241ce890b9ee917ef94e0e41208f1c1c796dc5132fcb01073293ac4ade164e4ad07b4d50b45eda52ccd5796277c74acb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d456cb630aacbdb1dd6e03352fac008f

SHA1
2ae08e6ac4c81e13f765dd57efda66dcd9d057bc

SHA256
3de53e94297c4f212195db6423a956103776a74028e14b0a059e6059ec43f13a

SHA512
fe6c144582c842975ab17ad6c5c18fd4cf917387ede2fdb5773291d8bd2ead4427b941d49a0ef1c3b618d3b392cd21de4c739c30da0323946d59501476adb276

Download Submit