de12051707e9048d2092c7d3fbfafa21f55df38eb1f68efba554cb4852f60740

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 14:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6b3da05f3395a9c35922a9d11d219753_JaffaCakes118.html
Size

42KB
MD5

6b3da05f3395a9c35922a9d11d219753
SHA1

aaf451c49ac1dccde7f9097816a1aedda7fb4aff
SHA256

de12051707e9048d2092c7d3fbfafa21f55df38eb1f68efba554cb4852f60740
SHA512

21ae73322b1e3c76d5049f09185034de86c329b02a73eab4e421a11b2a87c63f53569e0db6d4e96027a56df5cc9ddda1d38e1b6d751662596ee169465c672661
SSDEEP

768:wWwgvQO8s4/KJ8HO3RFoi9Zr8M0iyorHb8bsq/flmaS6cgRr5j1t2Srm/78:1wgr8VSeO3RFoi9d0Cf8b9NmaS6cgRr5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
2060	msedge.exe
2060	msedge.exe
4848	identity_helper.exe
4848	identity_helper.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 3220	2060	msedge.exe	85
PID 2060 wrote to memory of 3220	2060	msedge.exe	85
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 2372	2060	msedge.exe	87
PID 2060 wrote to memory of 4132	2060	msedge.exe	88
PID 2060 wrote to memory of 4132	2060	msedge.exe	88
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89
PID 2060 wrote to memory of 4608	2060	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b3da05f3395a9c35922a9d11d219753_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff935e46f8,0x7fff935e4708,0x7fff935e4718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14211775243788108780,8481669022128399900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
08e5b0da63befd4c5e254c3b2069e7e2

SHA1
caf15aff0797e5af28bdb6e9cbe13b5c3579ca2a

SHA256
0a8759be4ca39c8c9bab4212e1cb2bbae56fff02ee7ca3a77a56843135e35a5c

SHA512
397fc93f15198faed20780a9cf90906b4ec1738b4447fb513b2f7b1f9a8056e171a79e23bf22d634bf0ddf508a236089d245315eb70cff7b296a225e2d1b8af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d8c96c4aa1b54d802ade3fe4a55e5013

SHA1
89b8e537a41ce5fc8f0b48ead6cd564175d59d1b

SHA256
1e93142ba8f8441ef75d8ab560d7eaf860c65a940a9e4a5280c1abea0a5628e4

SHA512
6420ca7c913f3d6d515682de37e45513c4dcb0de5339d1eb4b368cfd60d81eab287d07df6b0ef045a71c691d11f764dad37bb68da486d0acc22c2b49151be880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
48755fb685bf89cd426c0faa4db5ef25

SHA1
1d4a51eb4bb8922e2c76833fc18ae8be7444387c

SHA256
7f49edfad29ce5f187426ea88e881e3ff0a41e325226d6d7205d7f7d48a3b677

SHA512
68889c562c99d88f7224651f7b73eed877bb59e868b2f42464eb53808580134176a8b4e64b1dc524193d671ddb4c1bfd0fa5fa819968d828c430992248408032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
55bea97e311d2f3fb3e2eb4d10f1645f

SHA1
13460267ee6e040169318220679d935770d0a465

SHA256
f398c4957a31e59b17818ca9618a6871fdc31305d98b7178539bd730565c18ef

SHA512
c7c7cdbdc7b479992bfd221c0857c5d6f9f22c8ebf2e530cbff0ffb2dad1ccd1b4ca7c7815169027362e5c33af88ec94a1c583c91cd98e0d41af6a9485b00457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c7966795857d80a826416096c5e0a11f

SHA1
b614ef277672e4f169a33acc6150db58855a6abc

SHA256
b66abb99f774943159fce5ad2986293429af458439c71f14a02273131b809a84

SHA512
30680fcce653326fc61b21ee089103b1b647959bdc889a04c484b064693b8db047639db7f2227be8d4c37e0b0b07e101f952c4f04f8c45bbe57b5cc995a8b45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1019B

MD5
80c6f4f212d61cfe8b9b642505666ab0

SHA1
e93cca22e4fab829cd469cb40b1834b4d612c5be

SHA256
93196f216e3877c3c6f4bb34576df8d39723014e4864c9bdc787254a9bcae7b0

SHA512
0a4985b1e50a5ca7c906dc0a4efbca59f95594f13d94521901bd16b99e644af5a400e77e10e62c0cdd5aa83a097d82e807704d1b296f57c95589943edc5c21ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ac80101cc859f17e769e8e9405549975

SHA1
f0b6bd28d8eec54f394b18a1fe554b593917ba29

SHA256
6d5a08632177ad10cfb877aec23c1005ab113c8eff2d93f98d0afb9a8217c667

SHA512
8035fe33384a18dc14b7b4b4abbd179b34d51890ca4d5c9dfc7b806d57c934f9368098edb25555b995a03431fbda1fd4a8c329fed1e12f9a66a1f9448e82575e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d4505dc14d84b3de65fc05d8333a98c

SHA1
4a937dcb27250bfe4873e702f1558d3523ecaf12

SHA256
0fe7d1294145927b0522553f36c63c6dba208ceee2aa596ad75d261687c17a44

SHA512
128a03086d462c75b2a5c5a1424293d3782c27fa4e78586080eb8f035987ad1fcf83be8331fa54ba81f821a140f7b422bacacda23d509cb33c9d7c70e4500c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81d9589a70995c058a4010fcd3dc97df

SHA1
217f74f08147a17c467bcf5cf20c83ec7d4de4d6

SHA256
7ccaee10d4ee30eb66cf3a53fbba4d152643468c544f66eb23901b8b3beffffa

SHA512
d6a147b11051d184865737b895fd5cdc73d856f774d3fbe464f3c3722bf04548f3879062844a54da6411f77b3a8593f61e2ff5ab43a98037a426a38bbc7619df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc8fd12569cf97cafd7c1a57a4bf7c5f

SHA1
92068d22ce8b5676586bbec5cc9dfee4d6d14b6b

SHA256
a934a49c008d153daa94351a2c4fc496a7424b0c4fcc6beab87bdaebcbf66973

SHA512
29af7dce7ef25cbc9202ecc90ab1a693b37e15dab442e7879dd836b04ec6ac4cd9eed15d0cb33a3a86f30acfaece0ec8a3d8408552ca9b35f4396cf32371e088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1988af8b66013eac7fcffee345b98734

SHA1
c4874da9909d996530608ef131565c090a129618

SHA256
9f3131c6ef339554f5e0017bd4824a20503dafb9022a0863b0e319b28397069d

SHA512
0eea2e3583b1858224fe85bb59a21944bcf3c484f6730929d395639a5d2e2124345e7e3bbcb3b3d6da5baf9c26799cb759aec057fb4b1ffd301f08d9ebca3b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
202a0f82d51fc25ccb3b814c89e738bb

SHA1
43d153fb1f0b9f14f17e15a5cac91993377ebf52

SHA256
1d3b41253906aafde008583553a7d24a8dca7bbb48bff49d794b1cd74d582466

SHA512
31afd60afd972f7a081c69a24994330cbd6b4dd023ed3c215600421865fb412cdd61a68c253b871469331f86f306f234d1a8c3cad103f484e7a56227236e8c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba082dc4e52ae01ff0416cca1529c916

SHA1
8f378995c39a09b563c3bf9a9273fb72a1f63566

SHA256
2c71af45c5c55bd2fa09609ecdfd1cbaa4a59530e5f6ac49bae2842bce02ccca

SHA512
c1fc7b4227c43179686159fb45bfd88ef9e5c4410f79978089eae479cc88e3f8e1d5e0f6eb041c71745d8d04515beaf3288289fda89fdb5421bcde21f8573629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
2c6f535aa78f520580666efea7ad1149

SHA1
9a4a7162d37d689b7e587ab06ae608d6dcd0c82f

SHA256
42c1e779d34dc4d4ff43c6ca2f8c8613740bc64729544a21cb7f9237c0e1fde8

SHA512
70738c266196dc7eba35e0b519127845f2d670052a6db5b949160539f4149cdfc82145499b25c060c1183e8001d9e90fe8a6758dc1485de06ebab7b465dcf868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b543a741bc21d34559a9728582f0e959

SHA1
a61b39e7aa3f3c6240a6a5b698bdc58904a32b84

SHA256
ad80ffcced57959385fbc35bd14a5b1e8a6f9fdffbe5d8d5267dbd4cc3e6294a

SHA512
b13de05def36113fc6bf5dcd90f0ca33440fa918b5505786d2df3f230ee8906daa13992e9cd03745ecc916e7e0a1a60607657ff5530b4be80655600da64d71ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
ba7da88dd92f7fc520cfdaef3a3bd30b

SHA1
74f578d8e614206c5ef7880deb9b2536a99a4057

SHA256
daf1c5f35ad209aa2f6de841f08f41056e61b1b55222d1e265fac14a46ea209d

SHA512
b5f230e1525325963b8cf5bd351c5d0a4db7acf94ea4a90994fa787cc4a38545437243668e413dd550ae5938fa0e6abdb8ae66cfb5b6f11a9c50f5f2b8321087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c40a0db615568f35be898e0af480775b

SHA1
08225efc3605004a7c4725234603b33a2af92d5f

SHA256
e115090194a8e89949bdfa63fd491a165bd92a3a0075982d95d8e22568ba5226

SHA512
72c67dcbd48833e8b964ce751c8456f4d38c68442a2c39f1adb53df4ebbad8a552dc404a04d3ad65a916286837a41f86d76817939f30ee13a296f17e173a7782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d57.TMP

Filesize
203B

MD5
4e58dd1e92c0709e7c96f5cc307404b4

SHA1
f766f4eafb89cf6ed094b37a5968ce9a3a716a36

SHA256
3479991d06417673d578985fba35159b8a59419f428257de6980875927a72995

SHA512
da25c4ca14995028a6a448422d938981866c2440fda9abbf90da4f7a4229f9d93806557cf9169eafcd072790a618ae8672e5e81eac50533ca67a618f4b19201a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37b45b345a8bb2318afaa3724a2689ec

SHA1
5b465015f4259d0a9b8abe44a14602d96b83c65e

SHA256
c3f00954b8311b2367d00e9cf09c6f7e2de9a38d32ed7ffd99442f1fd8d9e017

SHA512
fbef8f48008d51e0d15814402226dda8d2b7040a2b02b4fa9eec07f0ac62b7edf506cbf9e2920e0ef2af9872263fe769e08ffdd6662478e0768124bea23762d5

Download Submit