617777bc6882e3f431b0850bbf9e97d26c5e928d3d1ed939a52aae72194dc4ff

Analysis

max time kernel
146s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8337bc7a8192acd74c05eda906ba0756_JaffaCakes118.html
Size

496KB
MD5

8337bc7a8192acd74c05eda906ba0756
SHA1

cb22023a88def4ff91a18711e7ac710617054392
SHA256

617777bc6882e3f431b0850bbf9e97d26c5e928d3d1ed939a52aae72194dc4ff
SHA512

149931981b124c0647a5c293b8694852f3a8b280df9366277b4389bd2bbad0df976cf162f63571d8b92c2a192eca0f8e1361dd035a7252fed3e8b2fa96634ec9
SSDEEP

3072:heO3foT4/lVobZcZv2JhsE+ZPFt4EtAzI7:QAIdsvFZuO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4984	msedge.exe
4984	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4160	4984	msedge.exe	83
PID 4984 wrote to memory of 4160	4984	msedge.exe	83
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 2040	4984	msedge.exe	84
PID 4984 wrote to memory of 4460	4984	msedge.exe	85
PID 4984 wrote to memory of 4460	4984	msedge.exe	85
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86
PID 4984 wrote to memory of 4564	4984	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8337bc7a8192acd74c05eda906ba0756_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xd8,0x104,0xdc,0x108,0x7ffcb7ba46f8,0x7ffcb7ba4708,0x7ffcb7ba4718
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13047021442878898058,2382235447926339007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:5236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
cdc9f19a52e87121bdff5faad76470dc

SHA1
61786f32243b3384fb8bd1f460070465d32ad556

SHA256
fb5b531776f398b46eda13ed3ccddeece8fc54653f27b93fec45290a31cd840f

SHA512
d80755833280d63ee7c894510ba25d1ef4ec55757798126bb0a2880b9d0f90489c0d5f5765d90673ee7d6670931be05d38c42929b938aab3d6f643e5cfa0fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
55KB

MD5
3edd3ec77c16893c538deadaeca7c5f4

SHA1
3e9f1e516f0041d71b36fc3b23b310f4e92bf703

SHA256
cf65670b49826403201f36e9c825fbf4b175e8d502ee83c12c73089969efed5b

SHA512
8ecd954563db0811087417312b1771681a4fed5f3efa600eb6d78bd793fec798c8b927c690359e696993cba0da0edbbadf568f30442e1986defef686be4f7b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
e4bedefe2836b39d626053935cf2f803

SHA1
105fc75ff4d76c2ae06e422f6304dc9b1552389d

SHA256
758015e3cb56989df5cfcf912d2c3861a62e623d386ef12d4bacf15891a4eb81

SHA512
041aa8392fd5bc2922301312c4cd315b9af15bcb5502ac8467cf13e9d4e76e726f0822b50392d3fcdfcd0f37a119cc8afbe26e75130c36ddadb102d1595a0cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
58KB

MD5
5d1c0cbef23b330a715cb5c0752c61a1

SHA1
f96f8f06d082b41e0cc598cb2aff66b3395a9349

SHA256
1774d27ef0f3e0225060bef1e1f886aa219cb6c3fb382cfe3f5f317ac75421ae

SHA512
dc68fd22ad2d5764e55678fd568f68685b38c3c0f3d8a08cb3e33a7ae42bbd135b186062029132a64176e40fc6c5d59b5d1889abecf2374159210d47c269bcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
66bc6bb65f6f81b7a22cb33c654a7340

SHA1
cb35c4c494dd014c64cd7f41b8a4230d796d8646

SHA256
aa920573cb213a875c378183424c3ee2c7bca0f028f1fe1afa9e9b0cbec3c479

SHA512
6d4dacbc87cf73a6d4eaa6feada1f2716d8effca75f7f7b8e73a7959e3a03f18b0f4a21b52d9f840e7bb1a21c03bf788d0b4893204be5c06f2763c9ec589562e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b968dbb08aa17a1faad6c3a22eabd70f

SHA1
a95a5f191dcf6c75bacefb7470703a27522cba87

SHA256
f430d30f83d866544c5e99eb1c022de485caa15487555694852b6cfded1eab89

SHA512
87d4659079e54c5d46747d9de3dd3a56784be38f9aaa0818bcc105a8bb18a46553483558f36bca65fe6ae542261e92d940f1b26a284f633dcb1d541643731f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
83e92f4711487856518e52e73b2cdfed

SHA1
9bce20232981bea04dc761ded96bffeef58cd83e

SHA256
eb63e7f68ca0a96eab4a0f2e103475987b2af373f6b561906b85f0e4e3858a71

SHA512
9c578ad9bdbffa80176430d70f61c997367c6e798942d528e32b99d21fd7a8b61a0a47ee0bd41dc31695f0e53a984123c417fdc42b0e6dc3ebefd40b9148c2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6af8a3fbf8b299171ca4cdce19007cdc

SHA1
756b4285d93829987b6248c257afe945ff931c18

SHA256
a632bb0110a9cb13f07ec2232a51f3e5a83675bbedbc21c0d732abe77f464cfe

SHA512
67ed6cfde0532e1618dc019dd8649bfd3c1c205cbab86689a7c2bb972cf46393451b9e29465912875625dbde41101844401b62f22fdd2d31fc1790961f79381e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
58699917f40f9b433e1bbc08ebe67121

SHA1
74be983e2910bd0d46640a14b20a2844696d92a8

SHA256
bb456472632aab1e19e5b91c005e990743200d178037c01bd45415a6faefca95

SHA512
90c9303b5c0382048380bb134824cca0b32af3408d522015387213f0add1f01c9ac89fa41bbae767eb1d607bb09eabba11b120453623919d60f09852b61c2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
74a1960355f5d27304ca0d65dc886fb6

SHA1
19a19d33abcb7415082c757b34a522ede9797664

SHA256
11be871ada01b23a76aa4c6d547893431b6e149ebc84c52f47301107cf426ff4

SHA512
475967bcd7dcf5d4b1a1d9eeef7f3c34e37e2b6771474d15ad69755622dc5d5ab4262734e890646cb260d99b31e22c1563efeb79de64bb0e96dfe7eac28a302d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1ff033f77a32bb98f164c2f953d45aa8

SHA1
1aee4d4282298fb6a6a0846be2b8f1c5020ec1af

SHA256
12634defd795c61eaf88744cf12ba459f166a7890d2316583ab8a39991d7ac6d

SHA512
6296083ba48a94656f1a8625e6cb68fff15df79ea8f7a4c31db1b0d0a1dc88cd62bddf8eb30a948601d75eb40564c7b5aafaecddae446601f0fdee5a41d518f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
137e7083fead5519a76eaaca9fecc2ca

SHA1
f07c3e011a9a071dc41fc552e137c95caec3bfe1

SHA256
be750b64cb5a15ef6c0b0274c7daee79fdac9fecc158df512b5ebab7145f0335

SHA512
1dbb27da9baaa061bc6f14a77d6741651ae2ec9f12cc5a4de4ffd0646b8575190006831e2a2adbafe8d1a04fab53e3f246bf766a77c3931164f0c79c2edac0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28e2850bd34cd5f044a928ced4634f16

SHA1
99fb0917628f03c411a2f44127ff1d6a8d5c5ff4

SHA256
dcb384b342a4053de63eb99def1d26d622b7116fcc37f8ef4b68e88c0496ac7b

SHA512
0b104b13038978ded0f5e720ca981081f0c32d7db81d81e4e24432e4cc5c8f5f984504c4232b081cd6456fd51805c1bc278d83fa355d499cd973460bdc9c3571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
561514926df2d1a0d75045000bb8834d

SHA1
c669b27fdbe1a8017dc3d9780ce34c06cfa3d7c9

SHA256
d73abce8559a6deee8e492c4c10fd8a53451d1234424de3c874e411e11459a2c

SHA512
18dfa00ac2bd2d306bd39c4d8c0ec85bdcd0e1831030ea7e65f6864d580840939d20428315223275d77a3de6dcfb2e4b01228020321ec132f5644e103ccc38d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e192420a010c49be8b6f49c664c7eded

SHA1
00cdd72a9ea41ceaf90b70219f2d094ee2e71920

SHA256
c0da80b11b80be83aa64ed54996b37e2dc5385a924bdec5c6e1a0e1e3aef9a64

SHA512
bdee086d115f7fe85bf3712a3c4021a3865864082490ebace4fbdcb5a4d71438ae078d0ffc5cb867d2b3a35beeb469f993b74dd806b8814f16e9f459928ca79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b513ca6218796086bff0e13c4ffcc234

SHA1
349f99dd87175a67a6e567f81b5ebf079626edec

SHA256
59a5d6cf5a8d24a367fe4c373efd29f9fa3daba812afc7649dca2bb178914182

SHA512
d8fef975b1b43bcda43b68602906ff1834cd1503873b846c634883be6ad6016271d9b436f4c119c63d7d026128b104b5c7caed36a63177930d1d6f45329eeb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4108fe64c71ba3fedbb3d0a7fa31e25c

SHA1
531af4ef57e1a93757cf7ee70de24cb1e61a6d68

SHA256
245cce0c7c957c3a8858bc9a6a65d09bc5fab7f143e3bf9cb54c9fa53a3d8558

SHA512
0572a2b478829a3bea7112bf9febf6dc8717a287ae0db55d2e627865f01c46606adf8bc1d0703cb0d0ce1a4cedf38b809278c4bf9f78e9b71c97a214ab1da1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2ca7e088536d63885ab098df4f9320e3

SHA1
11593dffc5fbcf738fa364c6630ee80b9c418363

SHA256
5140c0ee73a589ad3b5ad4f6d4fd23fbde91b59e483f66168586fb4fadac3cc1

SHA512
666e0628bc38681f946e2922855160ec0b2cbffdbaaae2c6ded39675ef6c1d595aa68f8444c591c0be8ada55c8d64c9418e45dd9ecc60c4032f56c9597ffb228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
16d6873d6fad4161f7a6054b76f63011

SHA1
0888c0d834c6a615224161a22ef19d546d2436ff

SHA256
411f27df4f0bf9ba4dc0015970298bfa26d98ceaf4de1abfb9d4efde8cab018a

SHA512
06df95d380cc8bca03b10ce2fb575560f22dd19ce1050b45f9084910c9a7c535104e8036c1cdcd5073e5cb3d384095b6846de5542553d54bc416657dc119ed46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
00cc8729464db9c62c94f8b5644dfde2

SHA1
c37dd73b7dc7339ad957e079d397974c40178f61

SHA256
fa242eef31ff8c232df67352393899df9b90759712cd5b744d99ea498a0d9cff

SHA512
5a11380ad04a5c58c6a3134831d05e485b54db753c6641255fbf0d493716a180bc6bed04daa5c142c89942272dfc50c97165fee4f86a441a4b41417ea470a845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
cbc5152aeb81ac5129f44ea8e0f1f633

SHA1
a3945269d5e9ea67ffc1df32ec969be050b2060a

SHA256
334c706940760bc32f2be6df7bf951ebfc1e18957abafcb496bc60e2605049a6

SHA512
f82e6b8f0138a5dd36e49e61d185a6b7cf7d0a28578867e21b7ea79600c0edd3b0d4dfecc75be9f81fbbccda39199db8aadafcd1ad98a8d3fdbeae64bcb80476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
88f691fb97dd76e9c42927d25aee7b1e

SHA1
2d533ddf41aa9d377527a77baef82f87a0102ef7

SHA256
988c094cb8dac3c7017a4bcf5044c3c5d251aa737c66889aef6f3a3af18cafbe

SHA512
893582194f4c21b1c2016063a5fb80ec3d05f10f4a8037050ddb8dd8bf6672ad2659842899da372e477607516d0a68010fa66553cbc709de1ac9572f0a92e152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5dc.TMP

Filesize
538B

MD5
d10f73656a031823803f366e97ab0216

SHA1
d1c960b5d225f975fc3308c0ec962b3db6174605

SHA256
9bee1c9b28b2d4d3c2f76f2c77023250e2cd8d04c7fd5574e391ff662413720e

SHA512
baec0ed2db4891fbfc19eef4118f2f0971c8ff525a0bd835c1209f701724f26dae8644d82511b0b8ad841dd1ae771d3a3f772d8216040e47dec502f9b549d6b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
493ef4596659c2b99b77aa6c2c0f697a

SHA1
340938eb2e62d5042de7458768706df510d29585

SHA256
28811d7bd2d5fc46b0a943fd5e9a0b15d6de7d56e402bd43530931d4b43a94c4

SHA512
0547768da3c23a3159afe7bccbcd84b6c1a6e88860b5e2a642341870b7f4a21a819edf245e7687f7993aa636b1a4f9a13e3167e5ac4e744409b1ce88e700c1c5

Download Submit