921609d90f7ede3367f3c88f54ac22fd8f024a6a9357ce404348f324d6d5ea97

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30b29b9876ded19ee36b8555d664c967_JaffaCakes118.html
Size

57KB
MD5

30b29b9876ded19ee36b8555d664c967
SHA1

055d2d676d39de812099f12c079894175de844a4
SHA256

921609d90f7ede3367f3c88f54ac22fd8f024a6a9357ce404348f324d6d5ea97
SHA512

d5fe92941ac48ac3da78009e03c0ed58036e088ee28f8c0d401bc2483f0fc24a7e6378b6f0e0f3bf8003bf7b2b3f17ccba21b1e9d842557f604c562fb288cb18
SSDEEP

1536:IY8b8VkeO3K2C5nydUXNS+tdRyaS6cgRrmxNE2:QeO3K2C5nydUN9RHIxNE2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
3872	msedge.exe
3872	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 4364	3872	msedge.exe	81
PID 3872 wrote to memory of 4364	3872	msedge.exe	81
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1912	3872	msedge.exe	82
PID 3872 wrote to memory of 1676	3872	msedge.exe	83
PID 3872 wrote to memory of 1676	3872	msedge.exe	83
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84
PID 3872 wrote to memory of 4496	3872	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\30b29b9876ded19ee36b8555d664c967_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb92394718
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5193889842617367007,16457002206247954660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
43KB

MD5
66bc6bb65f6f81b7a22cb33c654a7340

SHA1
cb35c4c494dd014c64cd7f41b8a4230d796d8646

SHA256
aa920573cb213a875c378183424c3ee2c7bca0f028f1fe1afa9e9b0cbec3c479

SHA512
6d4dacbc87cf73a6d4eaa6feada1f2716d8effca75f7f7b8e73a7959e3a03f18b0f4a21b52d9f840e7bb1a21c03bf788d0b4893204be5c06f2763c9ec589562e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
9fde370e1e6419adaa37f8debc0cfdc9

SHA1
e6438b09c9f114a1fb0368e5001b7bae46a6e755

SHA256
caf08cd3d54c0787ebf279f47d27609500dbc7a5f1bcecbc7525002ca9055b5b

SHA512
5c9cd82f92d89ff9b740c247851a8033b4faab551dfbd69a603797ab1e2f94e600454fb33ec666aed0db5617ca3de83009fbb22264cda1e7c52d247c29c93e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
396980170d87fd18a57e5e390458f074

SHA1
a1fb9b2b4ea00665286575a11031e45750f3c877

SHA256
6fcbfa4db71232188c89425d7c43f768cecfd38e8bbaa1a7b240e75a2c02631d

SHA512
33fd261584e27b1da9fb97492ceafd0bc250d65dad44ef55992191a9a07d8bcd3ba311391f24de794e7e47c9e025d3ab36bc5ec0052dd4afba12191df72398bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
bea859c12516c39199a94814d4281aa4

SHA1
4ae3e753e73054daa0074c7307a21027ac9d609c

SHA256
ccd947113f863b153aed93193ef6b75377547eaa4e1bb443d2bc7b867b912a76

SHA512
c1aa57442a0111d7a7683188373f2ff5a607e02f42efb83bbf1ada970cc35bbbc8566909341cd02f314acaf4984f252f5ebabaa3beda6ec7e59a687360bb8a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cda2e5257cf06a71f41663df600e050f

SHA1
cb6401245b3a03d9e2a78d965e20533d8432a6e4

SHA256
0f253219eacbe0cd2a1a207851038002c123a909e256d0b479147882c22b6c25

SHA512
069c00d0af5c6df3473ff259b5e921845568034cc342b20ec5097a3547324be77890e9a6e6a8ece61349cf01802e2a0db2c28a856fff426b67c8d7df7e4b6e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
766cc7c23d0304fbffef3b22e62a3801

SHA1
2a024c2e9c3bc24f0714f148bf09165eb7b97282

SHA256
06f91156c301350f142253e2a6d4a13ea46cc9c128816629b0286b14782c7358

SHA512
d19bbff641487eeb144920e2329547d5259b416f7e161188dd616b9bf3bd25ffda346ae4c638320882fb1a190f75fbc0b34d6eabf63cea184809ca71d0f53f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a5d25b1f731a8afa5b1d225c616371c0

SHA1
2b83434acc0c86e15941e6f8a2b76c2ed0d56bd9

SHA256
9f3fd7c58453a90d93e0bd4318c88ce23dc9f70e8aa1d37c4b6bdea7e5f75ba7

SHA512
f9780bd5ec25b81a4c7e46ee0c2d80c855ab2217b9ac8579442536376fcbe5c6e62363140026e37ac9258df79a6daa18541b2fa38c1865b99e145a63f047dfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d849b135a8bbea2a1d2bc68d1d9ebcd3

SHA1
68b5268efd14891e2013fff60f57ce41196a07a3

SHA256
5711311356eea0ffff069de99b2f35b5447221222192c239ad6320428fd6ac8a

SHA512
279ff0fd214a77ebd55be696ba0c6e5615440eb9845066acc97d7e8fedf76926a22efb0107933f9b5924db7647a2e1e0cc7ee8507e830cfe28b06ef3aae85469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e38d1640a86a881d0a94ba30f57c49e4

SHA1
63e487219133133752358b4cb02548b971877b8f

SHA256
40cad1a2c4a1502da53b4faa89d721a27441ecef3bb9f832ab64a4ab4b7e8adc

SHA512
7eaf8f340137e19f35da5e7e2a3da5ddf5e7f7b0036388e4c3081ab5d4dd6252e1a052e5291878952822ba7ff747ee81f0d0895db428a2dfb92527996806ba59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b9d14f0664d25cfb0bf3205baf5b282

SHA1
dbd3de8d016c5407e7ebc3ceea15ab4cb2635a4e

SHA256
7e76cfe949caaa632991866731cde1657326470ed79f8a0df4301a2efe782b5d

SHA512
8b49dbc40ac3ce99c4d5ca279ea59cb41610961ebdedad37fde598190916f3536e076588fd32b9f9c68d138147c39cb89b6f7cec793a91edf0d39e7fa778913d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
280080844a55d28c9eed3a77afff7dd4

SHA1
e40af380c3b004d08fb4873378b3f709b1631f2b

SHA256
ae718029564c61e2f82c6f72b2a9d1b07e56e3a23aa143f62d1912c55c2873b0

SHA512
fb8b0ec0c2059b7b14facb518799aefb75047c92d70a89fb2d9303b071175be10567ab2d778c3cc20eeb05ffa0d5473fc77908d368c50b21367d9c6b40e5cf91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f1d38c77224d8d2319616170c34bec8

SHA1
237c5940fcd41e706cfd345e92c391d8fb11dd74

SHA256
07c396e0bfef5e4c6180a43ab2ade4ac872865d1de3342ac56e1a9d56e149aad

SHA512
a36ac167067e1a017ae6f376509666522053f179530c68b1a44275845c530b836d3bbbcfe6b5882621186d6cf13ed50a4bc5b5ffd366439ffd93700780996cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc39c3e902991b8d7f2914419aab82d5

SHA1
f2387ff5221521d1c5e44465c50a37a42b3c36f6

SHA256
b0f2f236cbfdb20b97226c5c7089feda1d41973d9a56a701c805abde55156998

SHA512
8b2f0f2ecdeab7bdf204594b48fb4c25d596ab1d9b0d8cbd6bb7fa1acc4da9a31b909bb178b1f63beacfa36358baff9e5c81380166a544ee6e63fd23be301073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e54f6eef7a9eb67d7b3192c46b687f45

SHA1
b9d799d950ee0e62fb26f4b02540d5662a7143da

SHA256
6887f7384a9dfd255fe21bd2422d0b0d5432bb01ac5b577c3d0a0a72b1b8db11

SHA512
2f05ac511d54bd40e3b96c442afbbcf6d70c9a79f3a38f103ba0c7d98ecce8554a07a42f3a7e4918361d4ab8551b2c095e5ac47f011246fee7d5d851808da9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
52860684452c1285450ff431a91274a8

SHA1
8d2a0e76bbccd00f716a7147c30b9d3b2b62ac1b

SHA256
b6bc396cdd6a99fa5301fe4467613cd5078a1796af4021c97ad3b1592a3680a3

SHA512
e0fed8232cb569a01a6184a5a47aa628ff96c1c4be88edd056ebb96ab62135892dfc895b9c255339211669cf0152ee52914ca3185dc841a7e3d4f01ae43f5be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d70fdac0c20d4383d726dc29a015920d

SHA1
210564fb15036c7715c81f4292b49ee4338ae9cd

SHA256
744be5bfb932b5f396eba027322fef9d1df7d0fe6e3d7eb3df20d839a7d0fa2b

SHA512
9e0732b90725be9d6462fbe8efa1ea718b979820ec5d95f4a7b660ffe0006b358072c49e4c1f02b42d21b1ce767b40ca4bbf428b5114677c0e5aed7bed5e5a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d181ec38710f64c51a825bc646b73166

SHA1
c7ba3a636a05021410bf2e4bbb92f6521cbf5029

SHA256
9fb89a9a9dcdba77f3e264079711c1086905d7800dc51ca842561313925bce38

SHA512
89402450f1e9fff57ea260c43cf95cb0399435d93dd47b0308b58a7c692e509a494758d4f8788eecf940315d4c3ba77f68dee7b391489667f1414ba48897f594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9f4a43c96b426c9c9bb14f36f877c1c0

SHA1
c90b428481cf494b291f4b4b531e407123763c63

SHA256
18563d38ba414adae2dbc24c105cc9ad4dbe17b97190171b5907af11ee7ab8ab

SHA512
7375b71f37b9fc07cd75b52af6c3b042389a7a3a5532e383134beee3363519c88c65e2706b82ee4808cfef5fdb976e83b8c46794ae55fca00cb5f1b1c8f7a990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e251.TMP

Filesize
371B

MD5
8eec9aefc8de5dcaccdc642cbd7754d3

SHA1
83ec89ef51183022a70ad02cb79b940ade3047f8

SHA256
254c3f5d339971eca9cfd71e0cc9ae32ced6f5dafd9d85622aa2923fee770a60

SHA512
e7e1b5e2b2a302ef9ce39740f408445903a34b0d52360bfd61ccba47c52fb10414eab0724d8ea0e89f00919a24348291aabac93e0ffd33f97fe26c1cd214194b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0c9084bde0ae6ccbd1bb3dd5c3096da

SHA1
f1942fc2b76624920319b69d0479fae1fafe5a22

SHA256
52ac95d93d7ac7c5c3ece0519e47fe9284f33bc3e139dcbbe9d84a318efdb6a2

SHA512
8fa5edb1d60026073d8d4769e5add8c13211fd6bc276b884b66fe51bf54459a6368b00cfc313dfa7c94adef88c422192c7f2fe4c966d479c0f189f46e85e0f70

Download Submit