504e6b06282a088262cd2380149c8ab01e8e510a32a397ac57ca27e81072a293

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bcc326448eae94bceca0b2c844e7bc4_JaffaCakes118.html
Size

34KB
MD5

6bcc326448eae94bceca0b2c844e7bc4
SHA1

580e522319fc3651e3dd81a84df62ebc0454c52a
SHA256

504e6b06282a088262cd2380149c8ab01e8e510a32a397ac57ca27e81072a293
SHA512

f750b186b02bcaa2ab97dcc422a4612923f820e44588acb0340c9fc508509d12edb81225b5f836503e3832688c4affff858c418eb167571a056efc03d7a933ef
SSDEEP

768:pq08fQO8s4hKJ8HO3qpgWyiVNPMYDSaS6cgRrGSts29z0ey:k08b8VkeO3qpVyiVlMASaS6cgRrGStJ8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1672	msedge.exe
1672	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 4544	1672	msedge.exe	82
PID 1672 wrote to memory of 4544	1672	msedge.exe	82
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 800	1672	msedge.exe	83
PID 1672 wrote to memory of 1660	1672	msedge.exe	84
PID 1672 wrote to memory of 1660	1672	msedge.exe	84
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85
PID 1672 wrote to memory of 2320	1672	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6bcc326448eae94bceca0b2c844e7bc4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a4f46f8,0x7fff5a4f4708,0x7fff5a4f4718
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16177469242847790560,3250515174912117983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
4710e00ae1be3e14c11ad4008667cf29

SHA1
bc6a3b450a0a26448cc4b5435c6bb36dac77e358

SHA256
29652b5b4e44064d1f14d3b415e5ef5fb464c4c2cbb5bcf03d52733b832150de

SHA512
507777a958f86d9aea8efbf822b3cd8b29e7efe13c38d7b1fa40f181769430b9befb7f808a68ce1e94204be15c5d1705196d7ae7745b72823fd0aac0f5fe4517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
54KB

MD5
3d43ad52a5e97214b6780973a555d0c1

SHA1
ac5dcc5dbafe9781453c87ee892c8769cff3df25

SHA256
2760b7d22f5936561faebf3afcec848f31faab71bf5c95243e36908178d33342

SHA512
e117dfd48a35fd897b052e4623449bceaef0b9d9742ebd078b36d6029743598e1a91c81c0f984f0b3e2b81ba02bd6613c78db6f477ee202374ef94bacf48b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
da83d29e0e052f115193db5636b74b74

SHA1
beeee533c371d21165fdc25efc1cfbfb639321ee

SHA256
88808ada8dd75ec1b5a59d81ec7bfe4703b9f74ece746eb51358308c3df38a60

SHA512
94f97ed5f1e82a3f453257eefbb0129011b3278cdd9aba7d60258bc3351eeae1f7f04b5f28556ffe2da01569236d28d8ad160df1f92d8ade0ce56a5fcf5c6ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cefa10085ac4e8f4ab8d8cb4886e118c

SHA1
51ccaacc515db9ac7426a15dc1fe47acc0cc3722

SHA256
c375ecd3f9040cb7f226a10b44741da9539cfb6fc7d690cc6a6b619f2c127a46

SHA512
3583657d48cf98c254f36b6042bf50ade931f8c4048c29abcb7fab674314b0e179066d0bcc61b43c076fb2d81c568f8a2352b81d98ec18cebbe1cb8d701a3423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c731e39ee12159877b56c4431906dbec

SHA1
15d22b082f432722a366815cb2f50408ddd9b97d

SHA256
ff1e4d10903b47288552ef2b43fc8ac5f05a3dff37f9e784d60cb2657b7b3bbb

SHA512
d0cb3ecb46dd9d60b117f2b7bb68536c412c44a6aa9b26462e6d81882d074a5f9b3eb9679397bc99ffe9aa4eb2ddb8983d6259d011ca75edabf54c4fe84c0d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
93d652e02ca18fdc52d8710b734006f7

SHA1
bba99b040d70c1c183dbcf2d8330bdcb8aad3099

SHA256
0b99b3ae42b9b6050d32f4a95d792f280d04fdbd6fc90430d708156c88f3a72d

SHA512
8be2122d2be5b2ff0bc149a5d1822ab35835c1d0212092e6899864740dc1c71456f18b5ccfbef0611b2fcedad540e14e7149b44ef0baa480ad71d652bf5edbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fd2c195b2a240f1343ea04b799be6096

SHA1
9c1343d440f9838f9f17b804e4ae9c098dbbeabd

SHA256
456ed6997654cb7a0b90bcd630eb46b31cfd81e27c01586c996ab00d2eb72609

SHA512
f6fbdda2a05023a7a9a98552158f3b01728622ee7cfcec1daf09aedeadb162d80a6b4dc9f22a1917e091277da4292229bb891e512bf521be9cb3df7195489d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fed9220472f74b91c14e5a88ee896713

SHA1
f44f9474dcfc015d6956238e27c5b67e4a37d281

SHA256
a4524f91f2a3abf2259e2b72907f78ef899513e778392a262d00597539faa4de

SHA512
4d2ccd994c478c40f857c4c3921655973249051029c71d2cd88b6bc6e2fb9bf04d599a9ec0966e7794d352ca72bae13b5380ca780027216d2ecaab4eea21501e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aa71bd6a262593c71b84586509a751e9

SHA1
4fbc876e273a1cfd4a27fccc0bcea757a976a159

SHA256
5081d6d8dca840d803599ea02690d7034fc982ec36bd16f5d4a786bf918c164a

SHA512
137149d5b3721493971ddaddd65257e156a3f6d044102dfa6940b815e9e5c18e98465a8d2608063713234413c0222ed5b7fb3878e26d321e5769eaaff23d3095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61be9e6a565d111849865afb33b1bc76

SHA1
70172878343aded3770c7cf37e616c63b8e9b6cb

SHA256
ddef1b3854d4041eb5ad2642fdd82042cc8c2250e69b3bc9fb89e83525dab47d

SHA512
3843bf9f462533165ecf1a5401b904df9be20d304e98cf22fd4481d927ec61411858515943f1b257ce2086d50b67a7329840a91c1eb7c26fd2b90ab061a40f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2a6f00dea24cb59c67222140a1c08ce

SHA1
0892bda696a82430dd75d7ec5446dc3117e5f32a

SHA256
58ff48dd02489c2ca5c93f2012620cdff35254211af1664f661e4263a2c71e49

SHA512
b950c673f0ae7f52f365a804bb3266b2ca5764f2811d422e9a9abc8c1c1e3288cce7e09a38908784a4cc45bae7a8db3c30bdfe92662d1cce3a5b030bbd9df7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0554af65f150619796e98d23769a944

SHA1
6eed352e933fe4f3e448d8dcf346d7c46715466f

SHA256
c1e46fc5861d2e8ae36a417b1c45ba51b962533bdce330a8e51d91a8043c6e9b

SHA512
0585d823e4fd474096b378f0e848c3bb72cbdfcbe8a1fde6af2804ac3a6c0a0b3dc4ead02964eedf2c242b4a86a28d52f2fa718c0d6ae7d5bedb4cc55629524c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
982eea2f180add6f3a63c4cf461ec157

SHA1
1e18658de142071aa8c50229333cee74db384773

SHA256
ded9ab45246b5f0396e40f8974d07ee2b831f991b99bf91981ad30da4c49b007

SHA512
8867cf202c793b2b2947d14464edab7595d5a7cc4db1859607d59882225d74419b1588f1d97c8eb5e9942e491353628e6995c92a92a2ab745bc1892f8e205240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5891f6573c6d445a2d6648d93343b44a

SHA1
cc61ba6926d7b7cd060b452267a7d21e2b20b300

SHA256
450c4764dc311fb5bd61179ab4f4fb1f483c3441172442c901d4f95f0b22506d

SHA512
26e9c06ccd3e25d1d5bcc10c534c8651bd504530c0e938ad286aa7bc3dc820acd725082d1f714dd903d571f9eeebe49becbec70f1ee29e18c96ae0419c24e591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
992cb062fe6bd62cb30e6f37a0b11fdc

SHA1
4cd517e5018dca9b1da12b281e4a531a69bf2967

SHA256
27a75ed975073a018535e1c7be2c71cb9df64a8edb10f4660cbd704c7d1cfa90

SHA512
f62ff74435b74faee0e57965e1bc7a67086f539d683e9283bd37b722a1db91ee947d4b8b0531ceb07c57f76e27e4b86bc4043762d9934e539aaf8fac92047570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
914b4701c75c890a31293dc4a68b78a3

SHA1
e6bc7226e1813f1c5047c5b7a870bbb8ed0c45cb

SHA256
43d52396081594b5b7dc80a3910264cb723e4cc3f58204d261df0622b8c5aa87

SHA512
c7829b828ca6a90800dd7798174a04e74e2530161abff3f892288ae3ee7b75e5047a1a38220a8197d08bc7d885811ea47f257a99496c5c08382361ffd60262e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f4756829ab539e318b636c23fba2636e

SHA1
a06f9a5b22d757868a6e1b5e2d5fd67442eb5bdb

SHA256
e8b8f30327e49b441392696403bcf7e4d0f1dedf9f468374bfdb4de89f824b69

SHA512
437ad93c07fb11bcda5802e0f7992894076681c7a0a1b483c2122d54cc825149502154df7cb2fbadae3fb9368c3d52ba3d3c8e6ebaf46d741ded3eaee6b1bd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
08f401640732c456b762457ec16efef8

SHA1
f2d93036afa642b3195bee89dc0a39c6bc00a809

SHA256
ed5aa2218c5805b790862be0a0f1ac1464caeb6f46e3727114faf17909b23ef7

SHA512
438f1ec63939803d39d2ee8261ca938921c009d21520ffc230be682ad0ed668c6b1caca0bcf5860de9bf9ddce94eda8bb730dc54feabdf61a455d3af1c36d73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f1606895e6bac0829b5e65be271c9ec9

SHA1
065a5edd663502671d72d3389bbb43eba7ab5df1

SHA256
baefa7a042dc4df25b2fa3b2850987f744bf85854663085a929a3ea94f0fff5c

SHA512
9ae6d5fe418b8a6ba958ad738c32425e1b1b12ce7ede59fdb862c6820e97ace8cad4b89b88fde9f4a0d39fc3be270671c707aff82076dfc987a5829a93505090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6e5.TMP

Filesize
371B

MD5
b8298d2b3e9f09e3e5d71c615782fe61

SHA1
fa45f8b6ebd043191aa742d2e7ac9ecea3c731c7

SHA256
86a259a584ec3cdf99b22cd91b156892674f4c7b3e2a55db4fec114a19071830

SHA512
335a490d41d977d42ad399fba3bf1eac90fc3e6f3d9651f9e3ae0b3f920dca8d474ca454c094c3e39a3764bd76c1e879dcce19b6cb7d12bc10a0b110f40c9586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf9ba27684cd9e055133effcd3061982

SHA1
c63a182b5b8f644452f299715607ab06d1b0dd74

SHA256
a9c9a2fd9a9c60dfc07b6cfc9aa92b923bade118191fa8d80bce403f81d02b45

SHA512
1b85c18dedc562271248ad58addbf65c11459bed3758aded4a0dc894cb06060b607b655692d721d71616a886bf6d6210a250e4f25de7782ea1c5bed1de7dfff7

Download Submit