2a46c98f48075e781ae1c837429b16b09bbcbfb1233b0207afe76ae9234ca967

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6126c631490e5e46ee389a9931d4dc2_JaffaCakes118.html
Size

58KB
MD5

b6126c631490e5e46ee389a9931d4dc2
SHA1

2f53e18d68ea7ef720167536f3f3c9222f6dd391
SHA256

2a46c98f48075e781ae1c837429b16b09bbcbfb1233b0207afe76ae9234ca967
SHA512

8e8845871a9da876acfb8714c850a22bbccb4b91ea70f8156ffef5b4922eadc13659cacb3c4ca044f10e387a88c6d21f86a2f6567a6ed5ecf1a92a88f8587179
SSDEEP

1536:awgr8VkeO382s2dG2ytWOG+2yZ94yaS6cgRrBEV80:+eO382sWytWOea94HHEV80

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
4396	msedge.exe
4396	msedge.exe
2512	identity_helper.exe
2512	identity_helper.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 1300	4396	msedge.exe	83
PID 4396 wrote to memory of 1300	4396	msedge.exe	83
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 4260	4396	msedge.exe	84
PID 4396 wrote to memory of 1444	4396	msedge.exe	85
PID 4396 wrote to memory of 1444	4396	msedge.exe	85
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86
PID 4396 wrote to memory of 1552	4396	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b6126c631490e5e46ee389a9931d4dc2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96f5846f8,0x7ff96f584708,0x7ff96f584718
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8930445960275627286,13973502281723737166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\977f9303-7172-44ab-805c-044c1fd6239e.tmp

Filesize
6KB

MD5
60c71d62acc00aeabfdfa1823c3dc403

SHA1
8c04aa2cd3e8e34f5ff592c4d590dc967eb46509

SHA256
af2eec2e96b8006dd5b88fbb75f620a6099edcdcab2c85e917d46061efc0d2a5

SHA512
436450b1c8d303fd3e299c52e59a36d440f5eedb74fdef6aabd37c5c18e0efffa76245680104d56e974146a014d5e99ec23e8cf8ec1e64e4cf9073dfcb8a1c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
e306b7b09e99e406c5f9b34751e4fb46

SHA1
8d091ece3b44f7d3034bb7dd1c8e143d80e4fee3

SHA256
b252b325d53980d38683b6ee45007bfb31d174f652cf510e1f2667aeb145e46e

SHA512
3f3121dfec6420af2864d648ba29fdf0a770d06c532b1ef933cbf35650793e3b13f46b42e616d5d8744ea2c12429b2ae3adc8e33a47f92370057669be496613d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
38KB

MD5
d6ea90fcb5427d89526dc0460140822c

SHA1
1aac268d5473611b6b377c4a1a079484cc816ebb

SHA256
1e551bf1ee281d23e57621f5973239c3cb1229477298ce19e552636373724a86

SHA512
033eed9fbf72af7f5a7a784f42d5657bffd26089397317ce845ea62bcc1e60640dd26e5c307f544dc0f9cbe9d31495a74913a96b38c2d8f48d35dd57e67ec8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
25KB

MD5
b093b43688f8fb550fa29d44a95df8d9

SHA1
23659b89788c84b7ba39eadba11dbaa5e143620f

SHA256
628950e5e31d31476baea49e2fb1b2dbe44b2f274016a5ea291958e8c7cc12b5

SHA512
95bba2f6c925c17ad76a7ab473e7a3e052a9c9dd0d583404c2c10d0b4e84ca30afbb9d55981c74a3f70c5f322615aa06fe65ba1de58d235e49e8d039d7a52865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
7c1d9a63544b1f9ae3bfa6f16e9d492b

SHA1
10697f58c288c13747e54f8a0b66c04bed360563

SHA256
5ea7fdde27a95a35701f0376f347414da685bea4e23bb865e717a9ba01080425

SHA512
871039f94524e7d780ae8b413e046907ea1c2f42d9ba9105fdffae109ddc6414158f6c76125e1d4c950c19e9e69b7650916d650917d404f6d2784e014b6c78fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
9c2a8277f11a9d347d9627312740dafc

SHA1
8e6c941ff2dd2b1e4ed2568d11c0ddf5a364fe2f

SHA256
08355342cd860e19d32f59e50a78d34f3b9290c4a33abf3fb80ba3bff2d7063c

SHA512
325c19b263791818851fc5deaa8127718913ad84cdad31aca19864485ee68047696963fcfe6c22e69ef71e7f393c2b0753df1976a2ffc152267f3761fb0ba865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
29KB

MD5
440f310f3bd89bcbac51f85745640ae6

SHA1
9c2564bbefda209435cc90b0e1542ffb59f92d2f

SHA256
1b6c006a097c2955ca0eda7114e76166759d19e3718782a45dd9ca1b245c7467

SHA512
efcdcd5cc8b628d3c7a487d2711d7a2bb7a8352e9e897efda232971f0e271cfc463ce2b8adcdec8c5ba0815e02357e6a84f2f0e2100f204092f7eb61bc1a0c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
28KB

MD5
af1759829aa0619787be00fb9d3bef72

SHA1
a4b51811542ff973e6755a85af360f5ec83b0383

SHA256
dbbafc3e7825a747467d5695e499b25875bd0173a18d816b4f0cdc38e19b46ab

SHA512
58d2e2c45cf0ad210be44e8262133c2134893f0cba687915b2f9ff6ace4b70d49122ee4c45cd44c91882cd312c85c9f518df9a52a314fc380541e440acbba871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
29KB

MD5
c52fd40444355984d4052e392b364e0f

SHA1
7b44d41d2c0ba5391c8ceb847b43900b20ec549f

SHA256
7ec3a7974fe7a47555667ead06d2b2c8c035a56d9fe498cb3eba9e1ad99706d4

SHA512
d2483e99f340f1ac4750f8b0e01be6999208127543e72f9f9dc9ce0595441a8e0523dd6709972c95e1eb3ead66c6bb354764efdc0ec808ff7c94c6860a96ccd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
8c6744175ae9ff694b5b6695c8ea4682

SHA1
345ee49a7f9316340515024157c7b37bf70099e7

SHA256
8ff0165bd96ac15ee80dff726cc08f29dcf65542c5c5f4c1f929a950c57841b0

SHA512
e8e62d19c710ece32585f4fe786e98ff88b335fc3024b9450504c7796db464b38fc354ff5359d8025564e9a4ba5c12630ddb9f223cf562e23ed008faaed9f1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
42KB

MD5
503ace7b3679a3b21f02abf8ed084afa

SHA1
f0c78e368c98067ba5d417ba98b0f5be9430e51f

SHA256
29580417957a4c9473fb0e09da871a1a49ce147be5fa98396876f46ed98e1b04

SHA512
32b857590e6a028d8260f2f5f9644fb5aed164b254188612443be5842ee236ba224a8dab004b02a3cfa42306d70efc1347e68da7c6610850d9685658c9a66ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
23KB

MD5
d0007015af7e55b5874b6f7711e9ab67

SHA1
fd514e45401ab3c27d2fded42f34024260086150

SHA256
95c98d45b7481d60c8078e04973ca86a67833927fac958ed6d8c28593454aef3

SHA512
375ea404a1c847f5b5e10803277d6a54fcf22ffdde3f41a06efbf4732858d749488b7ac67ffd9461a3d0b7bfd8f18ad465946cd4123c54383a410db6e699a6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
56KB

MD5
1affe2accd04b9ca38eaec2c1a4962ba

SHA1
2d019f5944691fd31d407338eb124ca54beb4686

SHA256
52cff69204aba9de35b3e7eadc3bdc3caca4017eeb9b71ace20488ba6d8752d6

SHA512
93061407f3778fd9eacfefdfb6291b8544630aeb09fbcedec333a039eda460877523370f4154b6c91a5cfd97d6096727e0be3ae9e04c582dbf9095674d161859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
136KB

MD5
4651a4bc4ceaf8d1811aea20ab8584cc

SHA1
e9ba2c1e8b5f2391eac8fce3567c920a68391c11

SHA256
73cbb0b6d9c83a076751991cf4db53e24f0a83a6124d74d5fd66cc1d830ba138

SHA512
0e2552bdeed8ca32fdd2d9d90c1dfac85514ec4f54840778566b9cd37649109487473b1cd234c0195ddd17e127e185f8782914b2e7dac9bb26fb8233bf615fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
76c1dd015514b80715a144aa9c96fe4b

SHA1
9ee439c51aa96af1a2edc874ed4d454eda589b6f

SHA256
f398f5b23783875dac6b9ed98dbe0d0a08799a9e29d122201f506fd476763c61

SHA512
117f783ce4f0e25376784b26994fc154f7c9166200d84ecea86559fba944b96209cc8d481ff6005b413bf033b1fbd4da7c0f8198ead6066df1413cd1db489f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2b63727ff3e3826ddf1a2d4ed8fb6d34

SHA1
742a8726ca155231ab49453d9a52d0775891d866

SHA256
97a93c0ab02e07431dbbed45aac42cf43b2fd2ce12fe7b79fbac488b5594686f

SHA512
0327274419e87530e8d85c7c6b22d34222c0f203fb66037a7ef3cfe4f0f0f76356cc192066d85e0e3bfbdffddb7d580a7bb8f3b8976e68204114071aac5f29ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5919794e87e4ea5b21c48e4f6bce963b

SHA1
ce4ff42c340823d1a8272e2025895b2105318f4b

SHA256
5fc3e6575e71d3dab931aafb3ff4f6e25f85148fcd1747967f56db725175152d

SHA512
e5bb586767d6ca0fc6a795636c3fde5f01dd4cc3aeeb9f15e2bc325fe16b01a06c4f0e3e56f2c4c6015b3c01d26691693bc43ab43755ffe04a3cd1a8aade32af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ba45adabb200bff7513c932986c5e564

SHA1
5d68571e406e62c035675f8ca69154e7b91447d2

SHA256
0239ed5e7dfbe71a46f80947c5c9c6195e5a375bb9335d5a5c665b61885a24f5

SHA512
efaf871017a0578a7a794fa07ba147ef138b2ee12a60a936ea05d29022a7876ad2c72a4e227fb7e13280ee83bbe484633fcca28aad2ee0a33f4d42b14d751f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
79b32af8e5d51da46a552f1848fe7ff3

SHA1
5722fe36ba617f54f857cd60da0ed6c2ffe048a4

SHA256
bed1c3eb514174cf41252cd904d424eae4f59fb38c39e8ac0a9e61ac00fc43f2

SHA512
c1c664d621b39938a61d5e9999c796d977ea736393d4a979cb257a1f120b6ea65a81255de24f4b40405e5e586bc2a496c290bda98a8f2e337086a03cfd6890b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ab637057b7ddf88d8a4fc25cc38a2896

SHA1
23b7254d4be6b20a8d78645f17898b15c55a8564

SHA256
04c7cf7c7f9e374a20929ac74e59510bde1bff5afbb6b209826d6b2ffd0074a1

SHA512
60e2b2cb0dc0c098046314a69cdf9b1c43dba4304856e5628419c9c322d30b6179ca456bd66bf2a8c5d0a7a40b355c1548cc3ed9b3a32959279ed43d5645e965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7a13cbd628d5332e6b5eae8f3ebc38c

SHA1
8ab3ff2ff47726a5c3d6dc1f4b17d2cc3f797a3f

SHA256
834a34bca8d68236d9d3dd002c355fff321c40d3b1645f4bc503e5f9f0cb8dda

SHA512
e2f17743008d7dc3f242216018d2631158e434bfa2f26974123b27639725ceb22f4d48fee1ca92ada3977c4b8c174ec9cef54973baa391b519d6645ef63d4f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4ee22af1d574534d5cbfb14e7589710

SHA1
d7f56fb5aeefbe3d15d33957c864d8af4fe291df

SHA256
7a202669ab236d082d9696933e5808a0ef98396558be2ab1938619d45e464597

SHA512
17d7a25030947fa766623ce13ff77967a2a0559b9c72be2f298a1d95c51ce766d11c1547275d87e0f680a3840695a27c8b65805d98658f0eb867c2c919a1f1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8bfc33672d47cadcc634d072525d060

SHA1
488495eb7bf99aa0d37483be7c5f8f5ad7a78cc8

SHA256
3335772288d9bbdc510979a15ca6616a623bf790dc836618777e30497711556f

SHA512
6998985b387fb9af8aa33d4fa9f93d25f23b43265082f185a85ce41b32308f0d3c06ee7ea62f4838cbf99d156fce9eb8c1658d4b6402af6c2f1cd22cac5cbf7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f39736bef7a6f7eb71e52b23d0b5e062

SHA1
67b5e5910d7a1623e63f7739d42db8d4b288cd7a

SHA256
f35f27968da79ec77db669b0160cb05999b1ee6af609c5dac6b221dd32b1efe7

SHA512
31812bb86dd9f5bf2acfa15f53d6f166c41c69d86eb96d5da23ca4e09c51c4b794da3e1626c4bc119ae13b6ce267c1f0cc70d1e10f424633c0832a89a30475ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c976af44e6939e6fdfa9013e056612d3

SHA1
24cad0ecb1e697bb4dafb84419eb28653a676d66

SHA256
9add09426465ffdc8a42d954362e33940bee0dd8fa9b259a2d2d9ff45e85e58b

SHA512
ab418cf5935f42cefbc06111f9446394bd74d310018ba52e86f998edd604c88407173af92cf40935797940d9294955cd302882fd0ddbdf0d5554badcd587e0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9ccc167cbc4364cfb1cdf395f003a312

SHA1
c299b632a155d2b9597a86acd8233483bb4e006e

SHA256
684a56a686d584ef1b7327c044cbb5f4e836199e88dfce3553d1cac2712a37f2

SHA512
e1459f5103359e6d6dd56ed92ffb0ceab3603908be22d584805b51987abbc2b677ef3edb1201fd0aa46cbdc64532c28fa2a450ac7a8ffe97d8ba6983f6a90467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
77da67b8d0b729b81a09c4a66705cf1d

SHA1
8d973905ea930a285ba6e8dcd6baaf69fad8a43c

SHA256
81a0e7dd587258be658be6dc8b59cc7863770d8003a16b774e20a32fe4ea39d7

SHA512
3a12efd28b81cac9ee16388ab4a1e7dffb87ab9e0827e3e05a701ceb9e54f29bfe04adf90a128f4a6831923b1ee7fdc9ac864b90638eac6820faf3ca5f13d816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
36ecc359f7fdcfcafa5461e65d549858

SHA1
c2b49704dd8b69079f8c18e411d330b8a9c5ddaa

SHA256
6b310f8d9f91650cbb1239dbd0c647f7ffb83e96b835afbc2e258b52429e9b6d

SHA512
5022e3269317a426aca2e12b4cacc651c9ed4b2898143b7231396c3caec076b2352e959d426412300c6aed98cf008dadd747a5f1d0c1cf2ff3dae45e294b2a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5866f2.TMP

Filesize
371B

MD5
4fde2d915ca3a7ac2fa23d3eb1fad973

SHA1
fb18267e16fdb0ba696d7697e8c0ce51c42a4a0d

SHA256
9daf789fda4eaf2e21c9bf745f8e9427adfa426752ed58e796c5f5fa14e670b5

SHA512
1b50042bec992c080306200e00cc89582f471d228a8d931fd47fd1a5bbaf50e120cd65eaa632bab209f28809e1a4bdd87d14b6eabd9ba64de12072b7f98c4939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f196b39a-d5c9-4f10-bb5f-a01991001b38.tmp

Filesize
371B

MD5
30d101ae22fc412bb628bd0d2d22cea8

SHA1
b78a3c16543aa9ca90f036d6103621edef41dd29

SHA256
c52007715f0c346050b208d22ac1d496ac7995c5f7cee91f1199fa14e6ad2684

SHA512
a7cf8580d79cdcbfcdc880efaff568b44c0a72209f9a433c4a38609fb851d7c1fbe09da23643c509f95828e5a4d4a91b53636de5e0368a552d1710a1a54920f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
949b8725ab50a3a2e1e5ef58bf47cae5

SHA1
ba38d7c02aea30e28aa51167fd36229bfed72bcc

SHA256
34a7d7dea2c3f010b447c02e9ff1588d6d83fa017646a1cda986fe9e6ec90c89

SHA512
3f9f02897aac354929d3e9c969ec85f8afa6ba8acbd537e23fe313eff624923d2a81c7c5290e726ff87c6edfd75be0d1eaa64de24ba44c25df9e0f9a336e08c5

Download Submit