135323581d5bb21c41ec12a4b8b9b176e396acd2d3e9473e83b6a69133669e69

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea68d677cc2cb412a22c20a69606870f_JaffaCakes118.html
Size

56KB
MD5

ea68d677cc2cb412a22c20a69606870f
SHA1

a76af2146069ff84883fcf2db2fa518112f50a63
SHA256

135323581d5bb21c41ec12a4b8b9b176e396acd2d3e9473e83b6a69133669e69
SHA512

c3f66a3fa7c594f0787268fee3b4db211800a5649f8265f8c3398323f14c6ddba83f32532a56e6dbdae9b44ccae04a675bd6e90f8405fa198c2247cca4e1590c
SSDEEP

768:E7q08fQO8s4/KJ8HO32YjQAb32AwYCaS6cgRrYqvU2S3m3gM:EO08b8VSeO32YjQJAwYCaS6cgRrYqvht

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
2748	msedge.exe
2748	msedge.exe
1664	identity_helper.exe
1664	identity_helper.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2380	2748	msedge.exe	85
PID 2748 wrote to memory of 2380	2748	msedge.exe	85
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 2356	2748	msedge.exe	86
PID 2748 wrote to memory of 3496	2748	msedge.exe	87
PID 2748 wrote to memory of 3496	2748	msedge.exe	87
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88
PID 2748 wrote to memory of 1216	2748	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea68d677cc2cb412a22c20a69606870f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffc2d6246f8,0x7ffc2d624708,0x7ffc2d624718
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1609089132835380475,12785764826264042142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
b76d3a263e01ace54b9b3832dc1d7c72

SHA1
3bac9a0a20c9e31f43e6768e8de5f2d83692541e

SHA256
85c3165562a7ed1b5a4b9e7daf21605283cc3840eb8ca20d3af9cd5567695bee

SHA512
fb1974ac839b3a05fdb47fb2716383d17ac8d0ff14663abf4c11b8050b63e25a19fb37fdf7199ec84a13429a413870c46ea8b851aa4cc7352922447ecb748934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
54KB

MD5
fb4ce13c747a697f298a81345a65e8e4

SHA1
b8d0037aa663439d82336048ffe5f43d323fb62e

SHA256
9849c2508936b96761c57c5da0ad351354259df711845847dc7b8c42f63e7313

SHA512
5c3921b91b4a2824da414ed4d9dfe7dac4fb37083f47893dc6018db7829e247ab02da506409bc24bb16d244990725ef29365f94b318343eef51c839514146ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e2660ab5de7edec0fe193e265e598b10

SHA1
46866b76a1899800b83e76de2e2d7ff552ad6fd9

SHA256
f48a85fd35d982c74a5b6899a125186c8d281121a53c85f778dc407b325dd30c

SHA512
f321ee3c1e0e511cc7e9c47abfe3366994a48634c18057458149dc693ad57b09fd7ad43eea9a1099aa6ce8822d4830baa4abf5dd665308a934997693d9aeb207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ec48fb3a5926d5b43a1202e18900acb0

SHA1
bcca8a683552cd1c3e717f9b8f90110702d1276b

SHA256
aba27ea96c0d6b1ebe763000ccc645eb6f504b807b6ccf1402e6c4bb45f9d875

SHA512
ae33a71bd5e204edc71f8253b3ae59f2e616d071a48881e22b68a602ea45ef9696fa8ea8c845e6dbf93f90f385a0c654583721a2fb1ee2a71024bf8c26149ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d34ef0e638bce0472f64b2a162963704

SHA1
5a2f1222bf71b21a530b5099735d7937f3a88fb9

SHA256
b264fba3589aeb61b1eac147d5a2721b17f3dd7377a9961033f33d3fda684a17

SHA512
8100a938c477851b18a4d8d7c052105ec575cfbeb7470b4b5e8c818f14956ddd1bb7498091a0e2d013d68444d30da2be36c6e07f416b045af32d97a9a029b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
737a59fc73a8a6a2b61681c66f73b4c1

SHA1
a069d9cf810ecf492e3598ba4306288b9b05f2bb

SHA256
a869f2285ef9297160b43606d63724fa8cdd4f6abbb5a5bfcf8f931e5b56f7c9

SHA512
170546344b9c39960d01e3e85b473dc3390bf4981bb683efab4ce8c4ab4bf03ea59343c3a9c08c850e98bacbe5a6add887ee24462580a6d786f493773f449329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c98357277fbf70eccbc5176cb88d464b

SHA1
de03827ae9dd2add23f8a98441ad0caa99f8fdbc

SHA256
8e079227a44f5cf9ebbbde6876cc482b0d794426b98afa0577c8ff69bd2ab7e6

SHA512
471fe144dbbf3d0d425d488626fbfb33e81e329dec89d89bba2d6d58e5eb7a11464290181df6152a3c6a80e9001843f1089ce2bb148fe6916e1041d5f75cd876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
818B

MD5
4fa8a1e754e905730db024ebd3ff6989

SHA1
a2acd82a21ae3d9817885c7a60e32303bcfc2caa

SHA256
4933a86a1f0721e0511e8d358e071f346e8dd965792e2413be94e87e163cd1f6

SHA512
1e473528702614f142572c532e1b87348a91fb1c1e8884cc9d4936e7c5e453fd8dfee40d28008b12a95f8a7ed23c6be1743611c8e3e788f8c12caac4a6a8c149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
849B

MD5
eb7a4c5a41733c02e95d4d013de26dab

SHA1
6a3dded36748a2297df55e76b7bf58dae216febb

SHA256
98a6c01eadc629ccbf3dca301b0b63466f7cc5a23202441dd2fdd6ab91db5b17

SHA512
34ae088c8e3d5f6d7aba1f6a0edb2284c32b34a7e0fc3665ab7209ec2c8a3e7952c9dea32ad06ece24af5e3b06e0482783f085d2d237427a6a4a3a8ed5ca3952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a008ee31027804d24f60d299ba9c4ddf

SHA1
16c050c27f950a3d47c60d33e53ccb16e2428bd1

SHA256
cd60cad27830c903e34cda08754bf74ba0171a035c5696aa1a4d5b96b3de22c4

SHA512
214079204e31868488e65c41cf76a97e0248c0985da76e9af4d06ea06c42f920eb29b7ebd61c24a4b17e5e973758e7328f7db0b49b56da6d61ba17a5c64a98c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5e4b8c052dc6d669176bfcbcf56792b

SHA1
c6fed45e2ad3b237b8b8d049f8361af2d0da1793

SHA256
03546cd8441ce7161ac5b1913c9e617333f10968931d5d671c64b8da2ddfedfc

SHA512
f97b3f2817f7f5df113b14e40c5f88e00c1b1474876d8ddabf050fab61e18096cd2e8da27039baa354eccf25fc95f78d7b4375d43235cd8c1768e975ee68d98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b37390d23a46c21bf37761b4c4fedb1

SHA1
bd99b23ee2099fae507e2357009f58da7ce1558d

SHA256
e560a4192a6b6fe044160a8aba5de039dafa74d5d73b1f8e9425cb3dc4100502

SHA512
7a6b921e56ba8af51f6509f03f3acb341cafff8f827bff4e3db15127d6897cfd9ee563e428c28807427c8bb34a83a34814e9819e984375c1322a6e831d990501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f7ffa9edcd6ce643ba1d08fc3e63efa

SHA1
de2e9b23d946c267f5c745798f87ad4bcb12b4ec

SHA256
e52a248085f58bd02e14f606d72470c9e2723cbe1344d679366905be2f06c3f3

SHA512
329451325f4617130fa3bbf753e0fb60b196938e9ecf40a2164a7b186c2ca95aa7a9b5ea8fc8f0f08c82e211f50e256d3adedb1eee427fd20b88e87b09a5ea57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e611741ad52221a65cf37911582ec18

SHA1
2c7312b5ad2fe5610ab371d107a7d7d77fbe49d9

SHA256
d0e3c943bf8bce99bc79875b9b1ac84ca2b7bb4fd39cfc94aa1f3a92d8464784

SHA512
8257139be58d9d810bcdfcac225c4ea6984bd1941358046415ff3442f0adcb74b4916a6a9d9cc7fa3961e8062f442ffc80a48016516233abccc4d3b34628383a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8082cf9295ec273db1e1febcfa88532d

SHA1
9b8b0662fe5da253316dd7b7a6cf7581dac4465e

SHA256
9d5bb9ecd7270b3ef04d91d514c17c98c028d925649b5cf332e444acc79346ee

SHA512
14a951ebf389f06bc1ff434a455eeb128f5e9a0b5800631ca255e7ec5f35ff5493efc76ad938a5e9dbeee8686a0d10b716484d346dc757345655a36ca36263f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
132f3e9b696685963563557f791653cd

SHA1
bd9a8635c35643d06d446c2809f505715c5fd92b

SHA256
122279962e2a4e7b7b5f6b9ff45195a3eb69807ef7c5056997819c3478216d26

SHA512
a1909319bac9ef1e6693e8c530ea3a10bbedf3a1cba3186d5b5c7d79056bfca52b9496d6e726a2958f7a9f3bc442f957daf622e6beeb0f7338e38af84930f0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
7bdb4a3bc4e0d516c81321c6d826ea7c

SHA1
9d36ececa9b389d243ffac63f2f5d380dfad0a8a

SHA256
fcb9928d1a20b17aed4b5e5e5ee1811a6be6013e43b1d90343a63a1d5cde89b2

SHA512
1b775d11dd06f103ef03360249ec1a767d10b619cd613b42d5d483ae2c8e7dcedc94095fb7ccaf63f7df2e784672ef2ee445cf142eedf801f577ae9ef98ce386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
1a0546f772a8324f927bfcf2292388d0

SHA1
d031abeb0c0725502f001a613770d2f5cbdee384

SHA256
3014f772cf7d4f4ef629858b245e46690e586cbf3a298d375c204c42362fd8bf

SHA512
319123032331e7cc1dddaa35341fdd237bca379bbf16b020877c3e5128724697243c80f377ff98161e6db78d2080442e4702b9396575f6bb83d571d603b13f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
045f38445f17e947a86afcf8badf9ee2

SHA1
07325ef8925feee6b68a1cb10b850a47ca87ee70

SHA256
adf7b2da92241188c1804c549d51d32079d3b89244ae49321bffc347bc35bbfa

SHA512
4fc1ee30423da30497de95c65a405d7491ec90e50f067babccc92dd6b0396b846cc74b13ec6131a6d150508a3b8df6f2a62ee59eb607bd7307ca93998b8a6719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa4e.TMP

Filesize
203B

MD5
eb3434ee958a05e819c93f26b504044a

SHA1
dda4b8b15e76e562a200d3c1a6c645bd5ae98732

SHA256
5b59a25ca0851f8fadf708e0275b5c0cefe687f7cd2482f1a09c60b91aa9ecaf

SHA512
17443a25a7d7e873c553536b3982342364710faf41ac9aa80cfa6d418bd48bb6054cc0fdb8c2d2327d9053bc8f9d839d72a65050b4fa0f4f683170f7cf463b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0281e8280bc4a56335b1372b7963b4cc

SHA1
9304372a6d75efb40cdc9ab15cbac688ed488d6c

SHA256
cfe46f63605313628093e95e2555a583c60112e04983f2afa78b91b9c7f78229

SHA512
234c3fa64033ee6b357ec8f73b160098d843da3eb4ccb5f3b9de84b837550c2408b983e04b23912cc5a10ac79f3a06398b5632a933a62bc7ceeb2a215eeeacab

Download Submit