828a882ae6fd069606c064ee962fd2887e435df6f3ce66be90fc0892d640de32

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a67e94ba163cfc0764f9aafb7c8318fd_JaffaCakes118.html
Size

57KB
MD5

a67e94ba163cfc0764f9aafb7c8318fd
SHA1

c7a18a400836dccb2cdac36ff4e2d5af0b6e0fc0
SHA256

828a882ae6fd069606c064ee962fd2887e435df6f3ce66be90fc0892d640de32
SHA512

6e6777e23019f8c7c7d5d859ae3fcf6e8e67e987e597c69b027af732a4982d8836244c9a87e8831ab92e7377c8ef18bc206797790ac05e0bc038fa3ef74d51e8
SSDEEP

1536:qwgr8VkeO3hI53u4XVZYyeIvUQkiHZpFRaaS6cgRr1FjSE:OeO3hI5UyeIv/HZpFRPfFjSE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
3120	msedge.exe
3120	msedge.exe
732	identity_helper.exe
732	identity_helper.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 4372	3120	msedge.exe	81
PID 3120 wrote to memory of 4372	3120	msedge.exe	81
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 3740	3120	msedge.exe	82
PID 3120 wrote to memory of 4140	3120	msedge.exe	83
PID 3120 wrote to memory of 4140	3120	msedge.exe	83
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84
PID 3120 wrote to memory of 4904	3120	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a67e94ba163cfc0764f9aafb7c8318fd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afd46f8,0x7ff80afd4708,0x7ff80afd4718
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15461795545037785763,8951847051217378166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
cdc9f19a52e87121bdff5faad76470dc

SHA1
61786f32243b3384fb8bd1f460070465d32ad556

SHA256
fb5b531776f398b46eda13ed3ccddeece8fc54653f27b93fec45290a31cd840f

SHA512
d80755833280d63ee7c894510ba25d1ef4ec55757798126bb0a2880b9d0f90489c0d5f5765d90673ee7d6670931be05d38c42929b938aab3d6f643e5cfa0fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
55KB

MD5
3edd3ec77c16893c538deadaeca7c5f4

SHA1
3e9f1e516f0041d71b36fc3b23b310f4e92bf703

SHA256
cf65670b49826403201f36e9c825fbf4b175e8d502ee83c12c73089969efed5b

SHA512
8ecd954563db0811087417312b1771681a4fed5f3efa600eb6d78bd793fec798c8b927c690359e696993cba0da0edbbadf568f30442e1986defef686be4f7b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
33KB

MD5
2083fac72d4f4387c80c8cf70286fa60

SHA1
d1afc25a73cee118e065532cda54923ce24e630d

SHA256
f3a14a6ccc1a73edc65c592283ce470d6610916b5eedff513bca10711d5b39ce

SHA512
c4cdbdc289aeb12e8e6b58c58b8f88ee2a1038e80e86aedd2868656481c26a8ee66613a3e3ac3c4fefe6337711dff372e72e602aff8eb7d9acb4ff2936e5f078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
c52f3521639f61d058b371c90f7340a0

SHA1
26cda00aa74d363215fe8e5de80878cf767d9747

SHA256
98dadb40ba05b9079b6c7cfdcdce83a11764b15cee748e1d6b06ef13e94f1736

SHA512
ead5c9d264cb85f32a1e4e7ca84df51b2d8fcad89abe35b8a9e461cab914224e5ee9c3b0cbcaf720ffaf43566b9d9c958667024e0e6988f948640fd782ff3f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5bdbfe1065a3f3bd8f00d585a0c44f38

SHA1
71b1f2ccf76c19ac3fd893d8fcc75c9ea9f25f48

SHA256
2682859aad7b4eb0877ce9bedddfe02ac4d64b21b6796e412fd94c18d19dabac

SHA512
e912116494caac2f9235faf7352c8dfb80f5d884ece9e2f5489e806d605c6d40af13d7c682932c4d10f68603da60c45f6102b79fe3926c6f4c3fa96149ba871e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4703ad06c02f55cb8f6ca1d748d24927

SHA1
253804634c2bb154199bab0ba49332bf4899213f

SHA256
8cd94745061691a7a2ac42a9fab09f1db90226f380d3fb0b40f3e1d72d432ef8

SHA512
e2bf22e6f94fc1a49d9982eb482a1d0e7dfc5e05e9708bbd840f673d7e1c3f320d89bfeaacb176f8a1f35609a8732ce6ab868408ea1c8b1c2d37be8e5a119b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7916190c30468c9ab78cfa935f924e6b

SHA1
1fa6122874c4bf17c03e823b22807e98937bd030

SHA256
d6744f4cf8d13615ec964bd8a3f75c94aa6104e5627f32cfa00e46fd049bb5c2

SHA512
30bf61c665314459a160a6e3bcfa53538447172d6ff07038f7606b1bc60c3e0e7fec98cf1202b57d2e9d705d9a1993d99fdb11146bbdfa2e768fc22d9d793a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c485c61301f4b548b4ab9264ca57ace8

SHA1
b20930e6da5802c7098a66ecfecb8b966dbde01e

SHA256
eac5f843c8548d5646c4134be25bbec7c68cdedbba112b5b63b5c207969789af

SHA512
5ba0056677e9df226bab95b6bc4905e3df5af00c9f995a6c9e54650c143c5cebe02dcef4a19f9c256396389e54cfd27a8226cf7ec4d852e667b48195ebe54ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
34f10352f6aef973bbc1def6cafa0d89

SHA1
7be8aac9c343f6f289bc43f06473e8e1bdb5c76e

SHA256
0fa5809743edab39361fc6503dbb91830524c3e04db52a9122451a13ee90ad73

SHA512
f922009289a92cd44704f323ceae5db3c41f93f1da3e34fbb249cbd82894aa2ea94da864f0e9b35c9bb2fa1c204b62399cfb0b67b7957b0a7bc4867e29657581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1654a93c69f4bfe785bb96ddfe788cc4

SHA1
cf3759bb2815dcad3650c6e723673c80b597d8ce

SHA256
cc2ef1dc04ea2f98806aad17beeb673cfa3575414edde4914312de1d876884ef

SHA512
28ae8146bcae75f8780a7634780c7d84a69769779fa55b98ace05b5db4c553a64cd8b89a1f7042c677812a09a3ebe103046865fe91cea8011526dc58b129cea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4826101e017eb18ba1ee36ab57c137fc

SHA1
59cf562e64b8ac5d7afffe2c0958af0f9c0a3377

SHA256
a092d29055356206270ee44486e6fe3de3d007106b4900bf32ca37d9f24a6be6

SHA512
aff54dd586d3adfdb86356299239c55a3d5077f606f13810fa6ebbc06277bd74b4e19083c3f7fe21824773b82a0792ce3200d663b80a943dc5e9cb53a1971f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b03e1e8e340aeb04de87d593429c0a26

SHA1
15a003e3d3cc31c9ea9dd63bc642d4774a76b70e

SHA256
0ee55227babe10b07f36729110a76969647ea3345a5c47667148ea3b99ce9edd

SHA512
d4b2c16d58acf7d808a875a41af52c6487118fa9f088bed0c115cd2e0898c471f427f5934e6e4d059470652b879f2d631214a5f332aa602471f7f05ffceceb23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
917c84fef0702a72fb649e27d0109451

SHA1
062d378350eda359e320c5590e5aa73bacb08cfc

SHA256
ead9039a0daf8b1c3e21522790167ea7feb4af9ea334cb4c72fa7c3e360c1cfe

SHA512
6af19e162dbbc4efc4fb29a5da850b9498093dce763e9a7478ef602497b69cb07597daded56310d6939b1a7ce9c4db2a6c0694f18e159f5ec95a96a5ec3c39a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76697684d2a38b56f03555bb0cbf6ac3

SHA1
75f3e4b96808d43fe49e7f998845e5f66c5edbab

SHA256
52db907df2350384c94d991175f4867a3a3650cfb6fed20bddc24876f870afab

SHA512
573328f5b137927fa6f9819e887d1a7b3a3f76535cb418f3ad850fc17c121c7e08404eb40d034b225344204b63a7d290aee10a6f10281b8586420f973a8c26f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d8dbf985533771c9c72b04942adf228

SHA1
00144c9c69815b8ca7b2f61f2964e31ef56e3f4b

SHA256
b2ce04aa3ad097ea09bea98e773d009801fd564cad82c913620461a568ed37a8

SHA512
e2576b5505ef22a3365e72e57868ce2a0258d2f9975ad08335933200eca50a2fccc7986a0d663a0bebf4cc1de6ef6544d98bdbb0256e2d585bccd52cd33cb9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6db69e02b1fabddccf7c3181a0b1c1e4

SHA1
d20a7ef821eeb98b16bd1dad5ae138bf9caa14d8

SHA256
f01f223da566e225737e8a7335bd75b4778ba19e01d999483dd332aff17def8e

SHA512
b550e5456f707cccd1fe1462a58e6aae0a52f66350059edc90c3c641849378a5f4dcc3f750734d2c3f56af5f0f03bb4ad0c73663c55b3e298758f5a5b622ff41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2988b7777388e387d31f2627150b1a2

SHA1
136fe81c654f77e8ca1635c655b0ae871af3f821

SHA256
e3888c94ff723ee819491a0608042e5b7f7c406538fd0d36cd107bf8db14a7f9

SHA512
e731b112b7d49bea4d13df20eba56f12fe799f7979b6ce13687bfd8b156c1fe9b7cf7b0346f6f6ceb4800e9b7dcecb2192a69c6df2258e85de41949dee968cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5a8e1a70679d2a643b27208e42edda18

SHA1
0581984ee055320cea66dcef9e2c364b1385c597

SHA256
9ea4ef6ac402e340a384cd98f5287d405173fa15251f1a2d02002a0599a07c2f

SHA512
44e2c7bb8b72bd17da3a810ba39c65cb3181ce340573d3b3126aefe71fdc63cfc3cff086a437d01c7803f63a703cb96bd73c5715ecc15270045d015483a25716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
06cf55ec05a7cb67289133c848406cb7

SHA1
5f00ebfd4377e68c5aeca2816d6f527643f19630

SHA256
c09bbb688e81cf0442c430d3b9be2dfe0b4e78548ae5485cefa7540a8add44aa

SHA512
8a6c3b2d9c7519d11eeaa9da96c19aefeeb7719093a5d1e805cbb610319414deeec7932ed3a2678f2e45193174b15af0589572a2ad75ca324fe3d7cf0958263a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
697243891b63e9da466c9b444c4dbbfb

SHA1
9e9266fac7c044433e28a2cf4ba50a3f566178e0

SHA256
e8d87bc113671527aa51b6aa516945c975fc8fc469b4a36a7be5347d91911de5

SHA512
2838380e5f0502706bf16b309bf7a7aaede287f8c64c75c738df6ad58b2b3b95150fcf8aeee546c559eb4a79fa7b02ea1127b9becff668e1e4dc641434e8b54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
9b35544f5f60168db0cd54446438de87

SHA1
18f63512eca561beef5e271ff1310f8ccf29b89b

SHA256
739c864cc324f3dd7054a122dc3abb2918103dd4a35541424cffe22792cdadbc

SHA512
49f94f2704cc8837702a1afc72723e9f42ab85df7ad865f90f93be53a7bf3fb3c4537454755d844cfff037bc0c4357be23c1b5376fbd0b3188c6fd50b277b596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da24.TMP

Filesize
371B

MD5
82a29304b2f3f8659f0ec0903dda0c8e

SHA1
bd7cd7839ca500e59f761533fcf5010cd9ef61bf

SHA256
bd38a6a081c3c176cf6a023894c49ef10faad4d471307f431ee019807e44b0c5

SHA512
a9691b85c8223911e3a996e9a13055bf848c8e83d22fe7305307570a13e4cfcc0e8f27bcbb5a36461eddc3ace6d2f8072366a4f2bdd7f86487c804a9e790fa72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a6d162ff4d5b355d26a8ce675c84187b

SHA1
dc1d414b808fc731eb4b87deaa1f073e8fdb4f12

SHA256
35ac3ee4f1c0a181e533b60996254681548253c422f095e1187e5631e9df42d8

SHA512
a2cbf65226c68aa8a06cd520ef8ef53b69267777c3e51ca8d76b2488b92b57ec28c9b3bea1f866b9098b03547e9a43cff8e93ba2a8056761f3712401166768b0

Download Submit