1f59575a01849f905112f29f01b21fa8467c25c702cf2049a5933ea641eef47c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 14:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

46932c1b5485cd5b9c501bb59b31b810_JaffaCakes118.html
Size

71KB
MD5

46932c1b5485cd5b9c501bb59b31b810
SHA1

e5cd4ea943a83844a7f384a0e4513b7a96c53ee0
SHA256

1f59575a01849f905112f29f01b21fa8467c25c702cf2049a5933ea641eef47c
SHA512

098a6cf32e97dd7b37a2e2729624400be8d6855dcc5b2a39f32c81f0a08cef7d875d32db6955caf035f7dc6212d48e914ff65183c5ec682fe5c85b44be359273
SSDEEP

1536:swgr8VkeO3x5eyYIYtuvgmxE7baS6cgRr6KEUC:seO3xMyYSG7CYKEUC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
1316	msedge.exe
1316	msedge.exe
5504	identity_helper.exe
5504	identity_helper.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 5244	1316	msedge.exe	82
PID 1316 wrote to memory of 5244	1316	msedge.exe	82
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 1676	1316	msedge.exe	83
PID 1316 wrote to memory of 2848	1316	msedge.exe	84
PID 1316 wrote to memory of 2848	1316	msedge.exe	84
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85
PID 1316 wrote to memory of 4292	1316	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\46932c1b5485cd5b9c501bb59b31b810_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a06c46f8,0x7ff9a06c4708,0x7ff9a06c4718
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15931900961741716862,9820788094802219240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
cdec9c6d71ed08bce8c75928cc2dbb63

SHA1
c20a82c53beafeafb8a3c6048863fc9df9673f9f

SHA256
b8b1e0fdf74870cd6572d2c6f9dba619b4b903fb4ee8620f7250f8c853676418

SHA512
b3fc15f826cba4be64f6670833837cb9bbb08493d657bb5bc7123be413d06d1da741b882bc4ab6fb4c3aea3744093aa83f09a7df82a2d025172f5abd2da49f65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
2a18a52e51d2c91bdb025ccd818c5cf7

SHA1
2c2eed3c659aec2d42ffd528c43dd1df1380c3b8

SHA256
98f8abb52ecc1c304093a5b042da2fd4abd2ad1178765e5969711f0934d7a47e

SHA512
56b2f8544ea84749056f252417ed005d6c28d6cb247bfc8a2fe8768532928312d0bc2ba7b2c9d37cfac3e97114700ec6bdb1de681e82f2917f03033ad825d679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\89d94415-1399-4401-84fc-a0d66268c5a7.tmp

Filesize
1KB

MD5
402a945102df4abc42b057a980daeafa

SHA1
698fbb5e4ddfb02c0064acd2d88dc3eaf89afc92

SHA256
a93476482eb6989bab15c95d5ff62b5c39eda2910ff3c8a1fde878381f467d70

SHA512
b320e2341e089d38ec0a49a2486d36bf882aa87f5b40fee7c1b72916c94ea16628d0a3f07df7d6360fdbc3a7dc3432d759e887538b2e6e206fbf5134b5426936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
33KB

MD5
430d0f52546401d2f8c037bb84952ebc

SHA1
446c9de67e5cc8c01e2108494fa0055693dc6993

SHA256
fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696

SHA512
6b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
34KB

MD5
b42c4b703661bf6a0bd88a432456983e

SHA1
aa62d62c3b711a0e2dcf3560c60b52301fbb67c2

SHA256
5744206c3364b2cd9e6b5c9528104c323e7225827468b8c1edbf6f78eb505db7

SHA512
e95a3bc33815aec94bb14944f1268d22ee9a32f9fd57ac72088a768017f3ac5620323730e6ce09d1e7dce5f507aad79e219745b3e489b23c4a67bd5477960234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
46KB

MD5
a601783b430a8f930e3f10d74cf5094c

SHA1
79528fe1bcb67c3c25d6d813a9ff57a4c7eb8050

SHA256
8c94a9da768e6bec7c897a8ee08c1b95191970f3f3091a891ad472d6bf5305cb

SHA512
63d97e76d40f989969d0e11c13deac217adf5c45ec3d93c80169b9292bdda5fb585aa91673ba15a06fd33a350d16d73856c0aa52ac093fc52456e303b86aa6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a8c7f935a828e7e23115f99c658a330c

SHA1
6d037595c80a87d0a794c72d0bf41355131ddfb8

SHA256
293fdaebecedd2410546b68309348028472edaadd94ba6294b85b5db22f9cce7

SHA512
d5cdb0192ea967d8773a736761f14915b3c41fbd775e0909758732038b51448ce43410db9e79403f26970bbc700d3c135b8f107c5246f4f76dd8d81468b79502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b27363b5d287ab2e764f7762646151f1

SHA1
daad6b33ef48e004aa590f770bb7b7c12118e5d1

SHA256
ebcbb71b7c5c4451d297e001bb5fc539e94ab296585a985f1ef48d5bc687a9ad

SHA512
eaefe549bc2d74b512162db6542815345ba5886f7fe72a1e7007708faf313b102b6eee53c297857b414c7c39124a088dc82cc7cdff6c1ea925372e3978326431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0ec7f1d895667b9e2ac924fd8f193cfc

SHA1
eb8fc22318f9958d928763a0003e69b6423eea02

SHA256
07c54d777abd9cef08c3c610a882d1a6b0049a479e76c09ee21a1fd9b622a715

SHA512
171a6ebd6d0172b9f2d8c0c60c3df3d83e88265244d24820720626d54a2c89ed8bb927e00030a7b9c7840945ed3c0d50583040ed30044cf967b2abd504866814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5a3ea2235b6bc5e3d1fd224403ec6ae

SHA1
920c88169684a1202f47c3aadba495e0b9e658bc

SHA256
f6ae64c02a3f20512a38a71adfee6b5cd97519d7fd690fef811993ccd884c8af

SHA512
1e859452fb2bde5175f2818fc1b5d8396132f7f0f49f1de16e4a0aa667bdbfaf0f4be7eeca8c1a10eccf8b3c9aa7e45faeb2a450b98fe0fc773c02eca2260413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12b169f95f037d4a4116386e2ba7fb56

SHA1
48b8c7411964d57cdde667460f430d45baa60aa1

SHA256
b360f3fccf3059492162b4aa91a5013f56bb23243ca10ad960f6117e41afb7b8

SHA512
4224e77baba04eda4931f85cbeffc9a3d6870e58a44b1f13f709734b30ef19a852e61c9c8f65c4ac47abb1c66989606bfd0a6e8e8bd803a6083ff5a84568196e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccdf3a5bdb837dd5b38460726cc5c842

SHA1
fcbf7fa221a88990c8e21214e4d6ea33e432fc12

SHA256
d63010179fc305200e8dcbcdf71e6b6cdf871c9049500768fdaf00b48bf138e5

SHA512
87a65d651900b4f52c9b38b03a53a872e7250d301f51ea554c85b50d0ffe9e29d6e5c1dbe843daaaf689d8a6c10b08c8be4c909b0922a7062b1d678641887ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6afa923ed5956bdbbc56b529c4a4cd87

SHA1
91f93acb2e5fdef9d15b6d59f3dd4e169862bbca

SHA256
0fc9195f7e775e534e1c4b9d8341740466cf55483c5ba43e46e1c54204f3042e

SHA512
b279174fd6727bcaa787fed457ead0bc20ad1b8879fa53af5edc6adb5fa6330f7bc09e28bd441493bc8e537026d1a0f5677bed7d0fc991b664c6565eeb0d9a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e36bf99b25190f59b9af6d0e991e16d8

SHA1
adf9cdc148f77e0847e4420958c327faf41fef69

SHA256
d10502f1fdfb7df2bf5b073b5d02c425f6040b86a491c5140c7b24598b687848

SHA512
33d662311b2572401e3310bbf2567a1788d3b464b2d44b62633cb9c03339859ae81b6aeb8d389d0d09281354cbbdf3292800c1a281b39d67f55f3f25c6fb17ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9c4e11c75a074e544a0d76d88b55be5a

SHA1
96f3e1d31ba098fa87448d108fb9887ce7dc2c57

SHA256
ee16b278b8e9f923d9fb8f0d28e10963ec42915f91ac7b21611d36deb99f18f5

SHA512
766f826876f615d5bec02b2633794bd1e416d8ccbdd97c5d61053ae20e4c830b277bc2df988dfdf9b9f6a686de03595d46d07ac54de0034311cf66ef64f96b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
ae28623aa7382f2bf372aa937298573b

SHA1
b38ed7513ad42be187051ea52e1be7e969fb548a

SHA256
40d672e8b85f7d9d227478dc82352fee368a6830ef50de847907f985c8fa8816

SHA512
a2198400661eb01423f778f3f477b38a637ec28b6dddc28ef9374eef6add480041aeddfd2a2439235cdff24d239513fd2bd673b79c16abcc0dc230c2cc1dc29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58314c.TMP

Filesize
707B

MD5
8985586a6a31092cbeb03947e28c8dc4

SHA1
300db3892611fdefee4db1ffd463703095b9325b

SHA256
4cdb85a079245ecc850cbcd1cff48520884f9ab7821cac08860e336d4e05dbc5

SHA512
c81e4a83a6785b95730891d24a5a29375d6e408022c9d80dcb9c6c900cdbb8f1d7cf14a19c6f49a0c2cc3b3a234af5c7a1d63a275a103dd04bafb509a52f4b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e7b39fbb-d5c9-46dc-b12b-4a489e2e9f12.tmp

Filesize
5KB

MD5
2ad7b14a4859f002cc4dcf05e8126e7e

SHA1
ba43d73ec8da594f94357cd6f2a3d87bc37378ba

SHA256
0601bc0790c7d2e0e9c5ae367c0ace88ab7c5e5977cfdb9eff187059811c8fe3

SHA512
cfe57693d4cc3079025096bcf5e9f3b672bd6c68780b549866adfccce48dc1301ae41e1b02bfba17865e0941f3ca0d9999b7cf3ae3fc84bd633f0b28b108bb30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
799ea8204477bcbe443f8d12debaf461

SHA1
44144b9853258a3ae1c6ddacbe1130dce9ac390b

SHA256
aa96d39fce7e366beff5658418746ae1f1d67219da7835b6d851011bf95b9957

SHA512
c9a60f8e6a541def2b90c4c2e4619b8e29e878eb9a1e60b89da36b65deb54329dc3441900d30f4b82007b61dad06e105038710f3e50e81b309308d99c29a58f7

Download Submit