127be471fb14575a3eb1ec8b524aa350813294abdc53e76f70594ea840ee17cb

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69e4ff53d9f2e1d8a7f60410ed237c81_JaffaCakes118.html
Size

211KB
MD5

69e4ff53d9f2e1d8a7f60410ed237c81
SHA1

ae95b7fd1385b0a1fffe7f9b3e175ac7bf278ddb
SHA256

127be471fb14575a3eb1ec8b524aa350813294abdc53e76f70594ea840ee17cb
SHA512

014c8177aef1464d0a48b1fb62e21237f3c8c59d04d650f0d6ee162982dd5c3722342d64c0c7db57589b64beddfd3a850399ec54ecec8d73a128ee52c596f8b8
SSDEEP

3072:+eO3J2M6hUHXskPqsspgeJZWFbz6+qfAO1FH3XLAC9W3:tUHXskPqbJ3+qfX1Fu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
2028	msedge.exe
2028	msedge.exe
1404	identity_helper.exe
1404	identity_helper.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 228	2028	msedge.exe	83
PID 2028 wrote to memory of 228	2028	msedge.exe	83
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 4172	2028	msedge.exe	84
PID 2028 wrote to memory of 1724	2028	msedge.exe	85
PID 2028 wrote to memory of 1724	2028	msedge.exe	85
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86
PID 2028 wrote to memory of 4792	2028	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69e4ff53d9f2e1d8a7f60410ed237c81_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed41746f8,0x7ffed4174708,0x7ffed4174718
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9965087860891704081,1461596160515927360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
18KB

MD5
e4bedefe2836b39d626053935cf2f803

SHA1
105fc75ff4d76c2ae06e422f6304dc9b1552389d

SHA256
758015e3cb56989df5cfcf912d2c3861a62e623d386ef12d4bacf15891a4eb81

SHA512
041aa8392fd5bc2922301312c4cd315b9af15bcb5502ac8467cf13e9d4e76e726f0822b50392d3fcdfcd0f37a119cc8afbe26e75130c36ddadb102d1595a0cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
58KB

MD5
6f0126f86afced26c1701e0ca4a9a2e1

SHA1
47b2969b8b9fdf8b6f56989e45b700816677754f

SHA256
52d7edce7ad52f5e8cc1ff7e24460a03f14d2960c41f3a643833535fd03c25fe

SHA512
8c767c0d16bde9bb474fcc8681db081ade207a846eee79d791b703210751e715c94b8c332a34034b6d6ba69e4b7de516b986318cf24d21e925db1d1a2032f004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
586a08de979523a5ca4b2e7e894b8234

SHA1
e7afd85e561059f0e71e9006644885970c0cfaf6

SHA256
72563d61ab6af479deb847ba5d1e1057e5dc3d378e9e4b4852a90fdcf9bc47ad

SHA512
bc2441a42ffb95f159730e099442eb95c153e1cebb3b5e6b70deb4023bdfdadc00f0d5822d8b29a1e91eba2a47c01638f76fe90652d8f1d753250b9c0bdd73c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cb4d22ace43a9f7ab0222a29f9816e4a

SHA1
fcc5aa60b2a6b39a56af7f81d641ee65cab32b72

SHA256
2dfc23b7290715368ada31ddba2727852c59bd7688b621e674cf683b6360a438

SHA512
5190123890cad42b0435e32313b4f50efc458e0bc5e7b9838312ea4c0876afbe32df0f35e731d5b90f4af3894a00c6bf347ba99089b1923e90ab1f7450c7191c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b53711c3ad8b64ce27eb92ddcf2a27d2

SHA1
a4ba388a9f8361168fc980842953ba2515af42e9

SHA256
69e04f997174605d781911aa4e8595d02c4cb0989d0c14d2d2a2bee02698c9a9

SHA512
539634fb56b81282b09f16ed4a8ec5a3b69b06e039ee46e2673b3b8db316b01d1e6e82474999d907c0404bc456c4588bddea3502f734e53ad524872312a386c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
738db7d8825e6d1843adec711c12e739

SHA1
570080d259765e084de2dff34a66911969a54cd8

SHA256
9db97d31261a9f845ffd52f3b6e34d71e3b6781d15b1f43f7843ca446c268d0f

SHA512
df14535396184aa9235ba586d4de446fb927201a21579d4058208de471c5ea5678d3af4a04a1f36d3f8fdfce9863cd4eb26e37f592d452eb330cbc6145cb35e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b5c5531b0d5638a977ac6eee38a5fca8

SHA1
55526cc1973c06d2c10039010cae12d199df90eb

SHA256
c7fc2e443fca656838e167b5f28c7911a382ecb8990eaa9371708a87a0bfefea

SHA512
19264f317af92cfc8afe53df620de71ed50b8f2b2203194b56fb652504957a2ef8441a73568ce8e8f9989fc37e49532cd4e6c91cfeb63e2fac52bae4b8359559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3405ba6020b1a589121992a6fb4f74a7

SHA1
4e8130b996c4663619a3ad0298c53d07bb2a1893

SHA256
0c6875928cf1b741b4c7e6b084b672c068517a0cfd1e3f27a54792dbbaf86c98

SHA512
322a2d3c52801922139d2bf6bd7f58007adb2033d0b0c7407c7f3fc2e997c82bea2e2198af58f7b7f9df6b413653c2eb2e253a36d5be47139f074d3a9ba468c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
85e489556f4a2d6975d0485e2e3f7521

SHA1
08394856f82e325e1cff581cb8614a460ce8543c

SHA256
4a2058204541be4df3370d20d18e0908123eba6bb0217184348a088daa2f249f

SHA512
44bb6fcf45f9c9a6a73326f97925b458e5f2d973acea4cc6d204cfac263a7036154157e6ccee96dcd5900d7448fb7104f2c4be03669980a36fb8bb9e4d55f9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e6d396faa24acdbd6d8d5bbe849e88d

SHA1
8e5f88808ade751b06db0a1e9bdd4ffc3bbfdec0

SHA256
ddccbc61e5243a972446999b98480faf60c6e0c2dbd2fd26901eb6a07ef30161

SHA512
c285b15d7dbcf3711420bcb0899efc30dfe3aa1a9f760b5d3626e12a7279475e7438b91e8f69739118ced170da547bf5fb7382f016e0484b925bce8d3c378b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c63651f6f2cd64836ab29410248cdde

SHA1
c170ffafccf1bb82c7263f57437e02edb394b4c6

SHA256
30309649ad120199f503ef25c6c0612935298f44552396a5ef83eb1c41d254ee

SHA512
4a7735fb92187621f366355eaffb1524cb80a479fd55f85e283992c48b0181059087382cb0c9ccdba597eecbc03a058956ca194497a4bf99ce1bfa784e8b0d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
269d1e11e6fbdf4e7684064af69c7f49

SHA1
c53fadf17fc0ef463a06106ad5f109db9378a67d

SHA256
815fa842955b64f029425f3336e895be1d3f3f9e973c47aad336243742166103

SHA512
9ed6fc688e19cca797733df78829fb921410c8dd2aabfefc2a6d3319b7ec9e937639bb16ea09a5ff82a685ddedd3e416361f89cd89d1b5199be9655a3c375614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
297911b3e6cb9d383a6721b511cf2203

SHA1
3451be4726e8dc4bbf188687643cf51d36df5575

SHA256
22c22d45212cd384507bc3498a6cfebac7c7c4955ad196ac489b5143bc01558e

SHA512
f9573b4e05f2f153bb4f8462443296de43411b3b4f67b1d62efacf54b72d28ade60b5f4af56c28636bbf573b83b2ab54af8ee24e4d0c68784a9bca9b9fa2a3f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19f41dfc6e18ac6b91664b4eec53776c

SHA1
ea1ab8711d71cbd225b681a1b5efd836ba7f84b9

SHA256
196613406b8e015ecbf90c2dc6a2e68433152a1ed3448a957f9ce96e9baea0c6

SHA512
da64751e8196e17242ceb85ea3cf105426b7d7eba01fb25fa2b0c5503bd8966d3ef828068feb8dcff865453bf25b0065f48647ade60d60f97d496bb9185cfbac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fb04c7fa8f6155d732807bf5bbbfe68a

SHA1
70d4ffd4e2317cb2ab7c30b28dfbb0603c664e18

SHA256
0209fd6eb985950b4aae22f11beec391ec6fc207a1e38304086fda38efa76e21

SHA512
b9b849f30e197490b1652b55e1a4fadd61efe922b3c742c75871527245ac40e72627b845fb84e884a6eb79a16e83226da26208e92324e4f54f78ad1f98fdc582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b3ad4887083c8c2aae4dcbd3aafa1ae1

SHA1
c036df49e5942721e4b7120ba51e186722138fff

SHA256
f6cba23772e4a0889a7c68d116f530d59601dbdbf83fc24e85636330f9ad32a6

SHA512
90efca3f7918ecf23b1ac784922ec33f0b6b0d6cf9dc327e36d087e6910b57df5f78cd3a8f5bedd06c62a03393e0ad8ce2b1e468655c1b1241074c79030b93a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d55f7ef6b69439863386838ceba66078

SHA1
802820bfc71d31bca74cebd96d964109be89e0bb

SHA256
c095cbfb2c8437e20e7c2f411c293153cec05ab345d077bf4b662d70c668c489

SHA512
c4cc365cb2aa8cb672ae548a4980a543e2f3498c2409b28200b5bae0bdf9345a299bf073bfdc7f7e36a93a825f79fb0013e9dfde5f5602f2ff4ef03e8fda5284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
fba58557fff5061383041092252d39bd

SHA1
9450d70122907f5bfc1cbffbe23af9e9046954f4

SHA256
3cb3ade71a4c74d586a27701eb17eb4579c33500c9c86fb289781b8fa277a2d2

SHA512
741889ecd87f94554eb9a55adaa4f1b0dfd4d0a7d4c6a9df7299748b2c2e12e8f13ffa234eab5692b8d1792093057b2698f6965c70c2ad59be69a8670af14562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
865d19b4bae7643f53d8c9a2baf3205a

SHA1
8a66957cb8f74d8b247944e6ac56b0280f7c9135

SHA256
c156bc05370bb121f68a7fd32fe69bfcb2c74c4bb90cce35ab1a37ffe59c27b9

SHA512
a2d03a11aa4388b6af251e1efed65472a212d3451d6b1130201c61de810282e90fc700631acd4f77efbb81d54573b3b3f713464489cbbd478b295153bbd6cf1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f82b.TMP

Filesize
538B

MD5
ec644f7101f73fd2933729dcd4ae9641

SHA1
17115954c3dbaf7e8f16d0ac98c10eedb41f7abf

SHA256
761725b783ad57a2fb8560f1dcd10645d4e41ff897473b0c4198f6364fe3139d

SHA512
9a4158c8be93d939030fa679614bcfd50e3dc070a91fc1ba1458e658187dee1739f75d63e55a5259cddd1ae3cf2616725c4d1b8d75dbf8664d2ea88bcc053c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad2556953f6e76107109b58888742a5f

SHA1
fdd6baf45e0ab35b59a4ad41552607c977b108db

SHA256
921f52af34faa8841ad3767ac8acd26408c979ba65ddf6af0cf034647131778b

SHA512
8f3c6244c821302036b1f89cc0ef6bbc95a617d12f01fd0a61be9438d1dd184098fd3871b208e3c1cf9316c9de0556046305d19b7f105f545417c73c62a646f8

Download Submit