51846e76888184fa06a41b6e4c79dc03093164a1e5b89853d053eaeb6582ed50

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f1644dae93960aa807f93015b10f4b5_JaffaCakes118.html
Size

51KB
MD5

7f1644dae93960aa807f93015b10f4b5
SHA1

54dcaf3a766f9cc8e47beb9d18b5223486cb4417
SHA256

51846e76888184fa06a41b6e4c79dc03093164a1e5b89853d053eaeb6582ed50
SHA512

a3edcaccb7d9e0a1c11e0ef42e6c3244e429226c74b9624fd77ca99c5657fe7b2d38c920a981860921b95873fedda4a1d618529caf250175553b6f8171174e84
SSDEEP

1536:Hwgr8VkeO3LUXTXTvyYFsYXDzqbdwaS6cgRrNtpsR:HeO3LUXTLyYFFDzqbd5rtpsR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1732	msedge.exe
1732	msedge.exe
732	msedge.exe
732	msedge.exe
2968	identity_helper.exe
2968	identity_helper.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 732 wrote to memory of 1600	732	msedge.exe	84
PID 732 wrote to memory of 1600	732	msedge.exe	84
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1252	732	msedge.exe	86
PID 732 wrote to memory of 1732	732	msedge.exe	87
PID 732 wrote to memory of 1732	732	msedge.exe	87
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88
PID 732 wrote to memory of 4956	732	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7f1644dae93960aa807f93015b10f4b5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17608971321247188438,2119967139683757912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\72cb43dc-fc7c-4c8d-83ae-e386e79435b4.tmp

Filesize
371B

MD5
1f7072aff252ef146caa90a22cecf1b2

SHA1
89e3414a12682a909d7e4bd829a853d5f3d03555

SHA256
b7e1d8737f301ff6d3d2f089c8411ae41b437b17ae82ffbbe71e9b8125196ce0

SHA512
34abad05cfc08826f27833216f5d50241c66c4d714a5762f8bcbd74933d16565ba732309d8a9f7d00a7faad4cbb9ae3783048de0b2c0078d62a14c7dec7b6ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
30KB

MD5
5ec495a540668499224a6ecc03a0e90f

SHA1
56c4b560dec53b4c20b94d14579c398ed9fcdaf4

SHA256
cab30da88a231117c2a5ec535b0c4caec1c1f86a680f3077b272ea7265b33cb0

SHA512
ed6a0629dc6f947ac190ba6c83b15704bde9669b8d7c033bbcfb61b98872778d06cbcf25e1294eb73821869fbd8b8b1d22ce4a5fa8edc234cf8e49a8a700ce5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
22KB

MD5
b140c29325e268e582f2b8272a33b62f

SHA1
a612fc1e7b15370d5b5641b638027b195419ba49

SHA256
3a72611df87bd8396fd9db834eb952ac250ef6c461f6a8bcdb216f6b7a9bfd1e

SHA512
d4f09a6a1d935d4a1d1def16af57bfd3d3bd40df8dfbbf44af9efb863f9e5e5e563137b60bc62d4073fa5f50b710eb8c9d06d6f36b26c9bab573f2ea43d945dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
30KB

MD5
c453c4f0110fa17ad0663e00d8a09798

SHA1
0d42ba21924f96668d28a30ba0fe646320cc1561

SHA256
01e0c0e4041b87b1a48e1e7fc0cb428c1e5a5d58ffab13e6dabdf5cf3b205f52

SHA512
129c30cc31d55353721fb07719dfa4ae38de8f0797deb450365dccca955f6cbec792f291f0b4dc3daf617bbb146679f293f11d2fbff6d0efec2461664df60db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
51KB

MD5
32ba7ae6cc503bcc98ba2116859a0f92

SHA1
73bf114815c2112759940ff7bd5e00c538bf2733

SHA256
8917730a83179c597b0b4e187b1e648d69efa43c8f51785b3229e28a0b95e118

SHA512
196cbb7d0130e90c847723c299c0e5d4e06c4e20ae23a845238939f74b946e56a58a378f6127253a5c90dff5220ed05205d0fe60e6b25aa638ebcf25a96b4cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
b097d14365a543f3c11431fe37b71501

SHA1
f9b60cd79ff91ae152dac98b310567350b16b45f

SHA256
ba6529ae4554148878a46e280935a4c4b9c660d59c2f48c9638ec07d8b2a43f0

SHA512
4a2c89fe1c8b74a2de22274cebc8012a8ea964e2fd6544ef16a19754593500c077b39ee434b58fd8702e44093ef8e2d3733f52c9d822e1b7e693173dedf7326a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
25KB

MD5
c0eda3fe7b97c96e7f192000ded1381f

SHA1
ff471b770b1a5e4cc4252d21c0ce3c824b52a10c

SHA256
f0a959607a2b5140f6e59c28ad5f6a614c54c45f8dc9bf7074722b2af5c38a30

SHA512
2647a051774ce432794e69015b4e0d3206a88d1b050604996d2eef67f3573cb27e1c3a33d0e12648290e68a3275893ac3f75e81c551967cdec4a362ad8f195a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
157KB

MD5
a07a0041143bc11d11c2fe0d37a5ded7

SHA1
cb14b39ec6f8a362a08d1957af211d81f750d54d

SHA256
233746b5d7f58579f0d5ea21e4907fdb5be5469f05dd7691633448aead77fc98

SHA512
17811e64a82d0810bb293ebafd2a04b20efacff9e12ae3f6bc555f75232349766cc52434947614684ee43ff00478cdc0c92b692053bd31c38638fb15b2586f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
9a8e538524054f86eb73eeb00e31424a

SHA1
35ab0fff51a81aec3f1c1ca6406dd521c09893f7

SHA256
28a27c07cccf1a8e37658352320891fc286dd15482331d2012cdf5422b5dcd82

SHA512
d8bc2dec1323bf759fc4c3e2a77b64b56d3d80676aa38c7386ffc650a762ebe1633d5a802c5d71c9b485348415ae6c22951b3a5e141a2f203f7faed1620d4136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4384eb852a25abc782cb436a145e5dd1

SHA1
653369b69ec781849fa727476a3ce0614fa10493

SHA256
71a3f581e869ba8b44a21e45fd7f7e45acad17cee6f2d6b80c56ea27ba7ae990

SHA512
feddc55f1c7150d4618e04cd44420d52e9ec70b1db08dd80823081e3357805b5b9408e276d279d1a980cff42b919c05fb96ca003ebc8eec5559f40b93de5af6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ccd955454b17c2647a91a2f70404c094

SHA1
2639119d4ab1430124df7bcd6cf07d80098f65f5

SHA256
0c6fd3d8052a29e69679fad3207fd2f2aede44ae033026d2050de2dcbcbef5c4

SHA512
956cb83cdc14e318e26c63d3b8204a9a4412b18131685237452c6a8147ff6394f9226224628b95f790dfac18e4399eb79e99f39418be45242c18322f4dbcf9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a46c727b26d59a73826d0538f3363952

SHA1
b83821f699521c0b6cbb72491615c6759f99658c

SHA256
1eff3b997e84e2f983c769d462ad5e0413b209a2491746a8ba0392593e5f152b

SHA512
aa4fe8bbd6d586b13b7851d995e4484f2b384d4cc4d723be5fa6d091434bee45d51ae487f4c762dcd1bd41fa592ecdd2d327b71b96e7dcc9591ba7440cd90dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
95d77f38237fdbe08660e44f59d8a4e7

SHA1
57742730e218242fe569dbf336abcb8014cbf8f9

SHA256
201914696fa0717a4185ded07c433fd5e668066c8c393e8a240ef8220cfed04e

SHA512
92ae9d9785328d4b03d89e76266b715f6ffc5cb4fb1e590db8c1549a65cc09f8b46adf72e9ae21024d839e291b0433b0647452bf52e0e2e28fcfabcb2e566ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3eaf5ff4670828b33fc06593ea38563

SHA1
f7a3ef3c9709308aca24a1b047c4cc2d6ac4d540

SHA256
88565228efefb175df7bf6ed4c0bf7e8bbc797d8871c33e1c25790a601055680

SHA512
fba1368fe16ec3010671af5021c16f7c4a70bc6243a1cc68bed048c9f472152e4c14f640b6effb84c425fa0d7e3ecd11da94628ebac8133c8f0d2fd95cc83da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ab4f59b36f5e814f93d6ee1d01c0ffc

SHA1
c40a4fb24c8f8bebeaa14085f49dfff82ea2850f

SHA256
60b02c2ee6c9b2b7d369f4eb718fa39cfcec41da690a13ac726aa79e88a37db1

SHA512
628946dbcfb0ac875ffb5693f6039ebe43e4352fd5c2bb27f71a20c069f34972e0de7d80d48ec433841ab2e419ad9d0df5e27bd16c908b2aea6395d13b533f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
090ed0fcb364de3b3853b16bf3d276bd

SHA1
24ec28bd362506b6d74dbc4a6988db3455fcf775

SHA256
376b1ca068aa665ee23ace360f4d4290bac84e264f150423b63c9f136285c39c

SHA512
8bed60709b12f23d358cf0c2160f71db1091db4202496699d4dbb68a1d45596ad5b86b9f99aaa685710e7e4b2a26afb3a0f844085c6511c5e21109630e41beb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63244df6f23e77643861aa6f719ab436

SHA1
7ed28a7538fbdeb6e8bffe24aa7046439aeb83cc

SHA256
a6fdeb96a1190f89a788dfab267c22edf480755a059f8198b375bacdcff84c4e

SHA512
1e5b31100c627fb34122577eedaa3d7ca8e3b09bc7c8181763721030fcb14b5f936e8b48d0fdeed30d395b18aa317ef2dc764f3d242025b150a37905248094e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e72d56bebb62a909fd63eae49b0da1bf

SHA1
9c8907df69fe837017a8b73fb95c9adca6221fcc

SHA256
f4663851a856045ae793dfa74c11b70172837fc683c7366d1495c7bd93e1d46b

SHA512
6c946af5f30cd53a3cfea6c4bbf4084ec8bba60b18f906acc9a6876b7871041398dec312e6421986051200fc24fb2e935797ac221d6a872252960eaa7071a7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584169.TMP

Filesize
371B

MD5
26a1de161f4568f409a6e5c9df5d3668

SHA1
bfcd2327717b26422b14f8f6b0667d059d7c665d

SHA256
78216dcd512171b99e740518a4d5ad763f4f9001ae88726bde368869ae44fb48

SHA512
be120bed7e10f7957df6633db21a7ecca7ae5bff483f79b2c1db06866a115cc93978125f4e5e7bf17d1488b69e6c1491510fde0891f18fd27612853e9f06b869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d8d811dc-ea9e-4254-8314-bf19e40b0bd5.tmp

Filesize
6KB

MD5
79ed6c4fcc14102ec3b634e374243f13

SHA1
b48d081ec6134075e8fdac9214c234795cecc5e7

SHA256
74abcb8d92829dbde90f3a6aead640a5d5a0ccec43da7593638b6f7107eb7c75

SHA512
6501b6a380bca49309acf8fcbfe6d47383b77d1901768506d12ebc3e1bfb8efde65557d9bedbc9e7a40d91feeec89a7335c35fa15b319e11d3fd0874cb59874c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6b3c913-7bcd-41b9-b2ad-99e85e98c942.tmp

Filesize
6KB

MD5
efb8b6171d974cade7a7f42c5f18a21d

SHA1
d9e632f0bd48035f303ee252259292e4ab4a2828

SHA256
d1245c40125bc0c7610d7b60fb4f1aed6491914d953225ceec77127948e751b9

SHA512
fdb17fc86c6bc8f8a3e555e1042cab7462bea58adb545d40fafde376416bd26af4765a152778e76f64899123af058008db939c1a24214b6d4152f877f93ec732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e5d571a93122d41944910b736a34f3f5

SHA1
dc58a93132c40737433e19c2a7d214ceb0db34e3

SHA256
a9bccf9ae5f4a4202ba602c71f2a6ff581a90f07e691633166e99ea1684c75e3

SHA512
c908d40dd295f638b2238722728f9a58845c9f9c78aec2892f8117696e4a4169806da82d2d136768219e0d87dc9082f15ecb54ff05c08d18ca49f1e1f6a085ce

Download Submit