bf81326d01c759eabb936cf5cc6c0ead88c4d94e04be08265d8fa896c64bd1ce

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 20:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

882ebc3d102e90356fe30e4932c02b08_JaffaCakes118.html
Size

70KB
MD5

882ebc3d102e90356fe30e4932c02b08
SHA1

75b240ebe86f15943215f4c57025dbc6277c9a43
SHA256

bf81326d01c759eabb936cf5cc6c0ead88c4d94e04be08265d8fa896c64bd1ce
SHA512

3bf4914f246e9b80c626bc51c2ed2537dcdb795b36d50ffe5d4a0eeefdff09fff9ef5b0f4428df4ff986622b9e0ef59a157ea87fa0dc0d4fb5924551a8cd3cba
SSDEEP

1536:Fwgr8VkeO3wGicb+yxjRO+vIT0aKaS6cgRrmqpzur:xeO3wGiHyxjh80a/Mqpzur

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
4804	msedge.exe
4804	msedge.exe
2484	identity_helper.exe
2484	identity_helper.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 1592	4804	msedge.exe	82
PID 4804 wrote to memory of 1592	4804	msedge.exe	82
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 216	4804	msedge.exe	83
PID 4804 wrote to memory of 4884	4804	msedge.exe	84
PID 4804 wrote to memory of 4884	4804	msedge.exe	84
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85
PID 4804 wrote to memory of 4084	4804	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\882ebc3d102e90356fe30e4932c02b08_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd90b646f8,0x7ffd90b64708,0x7ffd90b64718
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,18098934264974925885,6695785459366317072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
cdc9f19a52e87121bdff5faad76470dc

SHA1
61786f32243b3384fb8bd1f460070465d32ad556

SHA256
fb5b531776f398b46eda13ed3ccddeece8fc54653f27b93fec45290a31cd840f

SHA512
d80755833280d63ee7c894510ba25d1ef4ec55757798126bb0a2880b9d0f90489c0d5f5765d90673ee7d6670931be05d38c42929b938aab3d6f643e5cfa0fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
b6502072729a741b5d61541e980101c7

SHA1
397caa6f7c91053a6915f659bb11817cf797cf48

SHA256
817b19078e32b33cf822db8d1d287c61291e147fd0d8fd1e6396e341dcba21cf

SHA512
8103d5673c16e1a33d73ce5e62086fde1a3262cfb3d6140b08e429490ca888ee364924c9ce059f319885bb035779aa28089b0b258be30bd6c2ef3af05b6b4b9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
4fc39856b6d0589ba60e0969277d644a

SHA1
3bf5246f3ab04c72b7e541a46ad784c060707f13

SHA256
1a0beea6a5a35f6584c3fc93cc909d088b4dabcad45fda3655f616ebd9d4349f

SHA512
33e21b5e278339ecd6bff8935f787909c326d73087171cdbc26d0e66a37a72fe844fe4e23b02a89dd0f6380a53d870175e7483110eb0867f286ed5dc67912b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
61KB

MD5
1729b00fa5a50fae0e3178fd621d08ee

SHA1
a3cf524a8fa6a1a9a2ae056193305835be852de7

SHA256
63ab71604b6f7e279b3fc94ccb92637eadcb65bcfa455c516b699ae4665ef160

SHA512
f1face7819d00edba3a845e797beda34edd365f5343d2d78ea6b3ae112b6f97bdcd6a7d4bef3fc41fd7937fd244dadc170fc73ffcf812faa933238b7180cc904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
564be91cb7ef6cb7320d73790c21b568

SHA1
97c0c90fa1194cbbe5c17bff1dded992908df604

SHA256
6fbcee96ff03dda5c63564f0ffb9d19b21785809071ef8c06bc51f225daaeb6a

SHA512
fe6b743b8fbbefea37eebbfd28b8780dc02a7ef06fa41150b8ba3c74d74de615a0ea0c303f017b50af0b37470a962f7e4e7e9c84d6757fada831a2e841528483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
90d2b7202e407282053c5e2d244276da

SHA1
cd1e30f3ba981bb785e5ba5b197de8a53b5c7aea

SHA256
afee773a1e87a05b95173d77e3e8a079a1864ebc4520f65610a27a126e32607b

SHA512
2bfb1b1b37cdf8a6f155cc873ba95ad8e4034a545c6aad7d46e0ebd9e49ac8ca364c204e5345d5673ff88d67be42361865bdc8cd8b8739a7005503c52790f5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
294KB

MD5
0a087e0cc8989f5ce7bd8f50b65f90b0

SHA1
e9732af92dd680a77e3166ad724057e076003a2b

SHA256
6826c27dff82fdc39df39f985310c6b2501e4090d6f57ad1541d821e7454c1e4

SHA512
1706d30193c9aeb5a3c3a41b04cec93419d9fe10a281ff9874c0a2b958e956eed9fca981d18ef20276d4d0199388f5983139e682fe02549bffeccdee56ed0cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
38KB

MD5
e55f206b93990b3b6974cf2dda70e065

SHA1
b841f3c23fede025a385719a2432d4043f021561

SHA256
2be94806acfa1248e738490cd23ff5287275b56c889995560c7cb877c84a7683

SHA512
7f0a9bc5548c5b677cc3965841fbfc6c9775ef322bea61dbbc5d8731bbfec26c9431fef5b86b14d3cf498e98146e77fbf6a94422b82e57aa07672dd2eb4f7a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
504c509e7ccec111dcb2a0736c9a5ba8

SHA1
6af2353a0d05f0c7ba50f0f93d90c241cf89c146

SHA256
27129ac0d6cfe983d48b122664cc88738ca59225d8d352486d680d926e92614a

SHA512
3ee36476c101cc14f23089435038575fd2a86100d2b88afb061728e84d9faa428eef8a81a71c86992096f4b7bd3c0aabf5d0867766351eb1466306459d1d0eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c1e7bc32d8a2bf337fff603b9acf18b7

SHA1
d1d623c3a0fd8eb6ee94bd539e53bec9206f4415

SHA256
41bbe1d5478d03ab9515f5648e7306d67c1fe357e281016611643af2ff96e617

SHA512
84123dab5900b1cb47d1926f42c7fc466fe74bc741677037804c29b8f2221fd00b2fe44c71a565fefe4e2b416ed2eec4d2b3d80e9372bb279c31c7d4e5181c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
484155c1d86514e9e36782219aae1625

SHA1
cbf8641f7f6211e721d2fd5db81fb8f3dc292048

SHA256
0bdf2a3067567257d0262797d8dea814bf25703251875e930ac4642659483954

SHA512
dae7e96a72c642fd27a3b02140ba5c6daddcb5b95d4d6a047901475be401727d670a2972cd6c990d563e7570b8f8615b874e9851a210809a27afd8c44cd56e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8a96de9e21dbab4616e5e87cbe294128

SHA1
2faca12d3367106e4626c551fbd52f525fc3f9b2

SHA256
d2f13dd3464d3cfcddac5b1db5d3f9d752661604e2edf2b8d7da5f926edacbb7

SHA512
fe51f16c5dcdfeccbbe5665ebf95bead4b741cb70b41779e4766fc790e1b4491f3eeff5486b0b8bbcd61564163b753aac23429377e48baadb5a01a0b6109bbf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f801bd6102b997aaa5cfe1a791286b69

SHA1
9a727ccdd7143cb95e223b4d14eb41372539d9cc

SHA256
d99e2c1db4b40a279877a19b53dcac2069d3c956fce66e7fc741663d1ea3f342

SHA512
9eb8828f234ea13ff83292d90bbb56ad63ccdc4256cc2dfef40f059646cd3ba79b287381816e9da8c7d7d501d95734efd222244f91ef6f3ef7f6eae88dfb31bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa7fa1aa86803785b16d54ab1fe87c64

SHA1
ceaa5144f41d678b56e2d21342737d9e775f3eb1

SHA256
8b123c8cc02adf3963df21aaeaff53824c691d999a2b2b2ad3cf9e4c047f64d5

SHA512
f46698ac0bf53c3240af1fe3a061727d31920046b5a13b67d5fcae2e9528ee39cec5b8e7d4297b49cd3521db594ccd1df8b8f1c7ebf472af031cb509e7fa09ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4957536ca3ae727e90d1cd027f94c484

SHA1
d4f1bfb70a0880b84b2f85c06bab74ba30f7c34c

SHA256
4ffb08d3cf2e58adaa20f63b7999b846c35a8ac59ed037c0b344533248a58ae3

SHA512
cdc1fba2cad56346f42df0d246c48ef5349ae4156914adc0955566e6e36e5cdb7130ebe44278ffbeecef4c8ad89d65efc0c80f685b45670cfda5bd8d58252d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2559cb6c8ffe0da2b8792bdbb6815b8

SHA1
cf092b7d617400628ced02db07b838aa23900173

SHA256
a511b2056ab346cd7a3081e84a0c737f2a867c245528ec65a74b062e48031083

SHA512
ba68b6f270b9905e59143f37a9ce31db7f2f753f11242a05e5d47bfb647459c2e08fa1b8e3d025ccb8d5ab5b6ddb60f62d864516e84b365d407af47fb2a8ec5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53b3ce88e11fba02b62b31bef85b1768

SHA1
1bee3da925a3152c7870181a2a92ec8eff6fe06c

SHA256
faa288971c54fbce10c0dbe95c155dd30a6e4cfcfc536a0a5f6dc97d2304d52d

SHA512
1f56b4fc3ebd6ad2097042971b5bd1edadd298ff3efaf4794af0a4b3260ee66b8d479be28360a42b352ba58b0a18afc05659d6b5b74ba3904df4988d38259b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
674054be37747f661b517eaf9dc09f52

SHA1
dcdce3273a90abe10d6d33cd2ffebb0d4d273f33

SHA256
7365c66a0bfcd7d2c91662795b3b7a7b52c3ef1461013b9ce444c04cfe9d368d

SHA512
29f0934a3935932cbc735b2359a9d168ecdd60642beaf33d76e5db682941daf8c5fd70fb64456fa52affe0ac3f4b87a83bb17e8e61b55e445ce5421ddc28d44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
438a26da7932f4d6b0ab85053e686e15

SHA1
eb589cd50250848da3befe7c63b5c41615eff137

SHA256
54e2475efb8ca02011b473cadc63327b4658989e8d5afd4cb3d1da010a68a103

SHA512
6fa0605cefb3d0e68d082e93150cc0244956f2c68e4fd02e50178bd09a9b6679696dcbb3436524bbd4c02f2625a165fc6a75fa481f3c426e018697bc0e2a475d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b78a32be8e3cd96257dd546bca46c4d9

SHA1
6d5ea907f54d4908580c8021b7decf3d0289dd12

SHA256
f499baf1b4db29d0c43326af44c9de78ade9d68f47a624d6b8077b22f853f53d

SHA512
4a0a24d5f4170bc1e471ebfc1e9b1c703102e6c5ad8808c8304b39f13df4696cf91fb0aca3969eb4b31e9ec5f0b9f072810b720316916f93a32325d9a25daffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ef6f5988dfa8bc74bedc0a80a993616

SHA1
1d6cc6d58d32da8eb564cbade7c293fa935a25f4

SHA256
49cec4b4211054b2789ffe0c7e2522c0c20fe34a6ed89dc12b520cab969ad35d

SHA512
dd3e865ecef0d5ebcb2a6d8a115adeb2332cd63c63bdf3fdb57b8e6399c26b48fc34c96b334a8cd693c50c3e4cfde9f66f99edd689f81370a3a798a038953bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583db0.TMP

Filesize
1KB

MD5
eb7a328318654d848bebdae3a7217ebd

SHA1
6d613fccb1436b6cfc00c9ca7b7aa105ec085951

SHA256
8a9b8fc47f57ef7f0d05699e3892d19d10e468b4c41fc18f568ee7d731d7ffe9

SHA512
0ae12dea58c29974300efdf0b8bd2c5098f19d56da14117a13821ab48a0b36878c5462dfb95176649dc25da5c6f577137743bce066bd3856bca2f22299b63781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43e6ac2d5ee27fbdead0b920522ef846

SHA1
716ce4e84711767c4c20e840b08a4d6088d59ef8

SHA256
9dc1c38a41bd035e4e3cb4e68f64534f2c4595556278ee9ec0c272fd20faf4bc

SHA512
aa40ba02df555d64756c898f79a80607f7640c8fb7a3b94b1a70900b1b656e4b6fed1b599b4f907ee7c26414df482b50571507569ae472668ffcd8b4d3abb748

Download Submit