b05d2048750f682e7242a4cce61d47a00792ffe777f585a97db403027f6229df

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f07983168bbff36c4ca6fad58894b802_JaffaCakes118.html
Size

56KB
MD5

f07983168bbff36c4ca6fad58894b802
SHA1

5fc18050e75e3b4062afafa4e6b6c001c500f30a
SHA256

b05d2048750f682e7242a4cce61d47a00792ffe777f585a97db403027f6229df
SHA512

f26c1cb1ee89b0d745e72a15f7ef8294acc95ad681db03df6f54fa29067ecd5f8365325ae1d58a7b4fb2a98f80f63d61b5ef39dbfbda4f983efcc7c1bbe596c0
SSDEEP

1536:vXwgr8VSeO3Z0qunrPqdvtT2aS6cgRr72pQW72yF:LeO3ZRODMTDx2pQW72yF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
1672	msedge.exe
1672	msedge.exe
4360	identity_helper.exe
4360	identity_helper.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2924	1672	msedge.exe	82
PID 1672 wrote to memory of 2924	1672	msedge.exe	82
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 4804	1672	msedge.exe	83
PID 1672 wrote to memory of 2928	1672	msedge.exe	84
PID 1672 wrote to memory of 2928	1672	msedge.exe	84
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85
PID 1672 wrote to memory of 1360	1672	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f07983168bbff36c4ca6fad58894b802_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dff46f8,0x7ffe8dff4708,0x7ffe8dff4718
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7152743154315570572,9254655122980308016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
8dacefa7bb352d2b95569393f3a5eb5f

SHA1
7ef7578dc6124de19dd7de01ba7b3be794496aee

SHA256
7862aaba2bb596deb55e5d756d15f3d5594934dc43fca323d3af5a623c277463

SHA512
955f24bc7dfd5ed62bbcc6a3d6406fb2611c16b1a0ff7525a130f53b19bca1cdbc7f14b1112b5be76268ecc90ea1707c82caa6a8eddaba09fc0dfa1bee82f75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
56KB

MD5
9aea170ad0cd436d974afc1513f3b5c4

SHA1
f8232c587e63ed752260d2941a78a269c01c16a7

SHA256
13383bde9c3cca3b1b575c4fa92917d33fb77189c311169fd370aa8349536dff

SHA512
f426814d6a8986ec512d25de2de26d0c3c77c2c2f9e4773bba8830c75764460adc8924ce4bfd882b875fe64ab97a0d1c9bcf743cc7efc77bc9c3acf0a4bbf125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f8eee1c15fbd50778b6b6e810102a74b

SHA1
7287e3c7a4099bcb174efe84544feab6ab37c384

SHA256
204b8265b25df7339c65c397c7017435e56077cebd153dcca261be3cc43a4a18

SHA512
74a5a71f0b146c0dcf493ec54f9e3a8586b3ddfd66c9f3d35a213df9b993ea3a67e00dd0a9c8a07c4f94614be771007b2477f93c3da41b3dc29649a616177ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2a596a03716c038b1b1c4362fc342be1

SHA1
2aec9247f620b2838697d099a4f6c715cc838e50

SHA256
42a7474579047328908cbb512d4f0b5ee3295d1e621cae06aead29984d693a26

SHA512
719b69438ca1a33b65447ca1ae7b7ba35e055f652cccc148d1201f0708a87084f36cd10c387f9cbcd588ac272699222180d5fc6cdc1817e373abcd2e9a8c2c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1dab96818c99bb32110a01888c272e33

SHA1
2df649f3017bc0cb8c4ea909dbf505c8718e54f3

SHA256
c5dc0bf8f2629e90e7c5d55c3181f56c727093368f5f580babfddf549eaa474e

SHA512
c7562e5cebc2662577a9a0f2f1ea4a8fc87136e1bce5665e6c5c15cf2b9d1e4d2e0ca5312819cd3f807a8119a5db8991a2fbad8272cfe6ce5e4162eb4ae670a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9fca66902bad8ba7040b18cd82a6bb1d

SHA1
959c32033c8a4b5e72770352636e81ea5ccec36f

SHA256
17219ceefdd4bd22bd739f796f5bb3b674e298a8acfe5d777f154e7db9ea7978

SHA512
4461ae1dd41c921744b961407c2c315c3134f4a5d819aa11d084b5cc98184aa755f010319338e3dbc34937b472156966e177519248d2b2bd5b51e3c9e4f6d625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9161ee9c9911ce8dcd182b875c8f57d2

SHA1
a32c76119b0ece4e9fb8195c6796fee29250a5bf

SHA256
a237e50cf3524b29dec5d41507159d4d9293929e09355b8a67fe29d0be36e13e

SHA512
7cbd306e7419848e56bebc44ce3240ded121e5a40f57c1a869d679cb043801f4c03ac14fa191cb9e3ef37f458563428f341e4fc396e597f139cb2cb904efc915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eb5e8d6f98fc0828e7ea721c974a46e8

SHA1
24b748c2c194a8992b70146e99c60c3768c71da6

SHA256
aa666823a0a96ff171d31e6e4852a69ca299d6bba164df1e5d2c3a0dafa06528

SHA512
ab72280ade381ef37bc2c490faa1e4c1d99d56e988f580da03797ba21c12f0643330f8faca5bd81fa70e4e3876ee7c9083e2cdeb796bae8b64cf709e8629ea44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1019B

MD5
47da739464d66e461fe39420ba6150fc

SHA1
3e00a9383f532ff9afe369b8b319e538caa21499

SHA256
82b1b31baa2b2baee92c5eb61131cd4f0b158d26df2d0f80cc6aff5fffacc377

SHA512
9ab44abde89ef9c114ee6e0ba8d13f7daf2662714a45f453cbbcf8f3f8fe78ec772bf9469807320cb4e839a3aa03723cfef595dd07f8d89b05bdda50fbb42cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b066e9958ca3c11c5a2b2e7ba08ab31f

SHA1
46952b74605e87335132258f07db67e74a2db1e9

SHA256
711a1fb5660a40f711032dcce92341b07a4e115aab45174dba7d9b5149d8aee3

SHA512
14b875a6bf5a0a37bf8f6da6902c0f9014378cc20bd02a7c751a0c8067974751f6b44c0a7a564e0c07ffc43d39abeabe996ef6d4a8cf010772c9e6abdb1925fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f88ee557c480cc0097bd14ac0abc1da7

SHA1
af90c4c5b37c0acf1ce7131208e35ee039698413

SHA256
047e0b6a29f841860bb85da282330aa48761fbbd96da5d45d8d8643c37df7646

SHA512
e400fc1d56d3a5c978dcc09e2fbfafa24c8b3d60b96c025f179d5727402172f2f4e2954081ef05ca2aabfc58b4f6b59a0f5004d2104407b13365ccb0608e763d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5b357efa009349fd41953ff10be754b

SHA1
0f98b6df190f3fc6c43ef36462febc4d84a73562

SHA256
f29d856dfb9026e01cae89d82fc2b19964d41208279964b7f816a34808a9cfe5

SHA512
25b7b67e7920f58a09483bec54ffc0304253dc70d62f03e4c01fababa4d2fb0a5f3beb87c051b37bc4f4f5c6cc45411551056f7455f05e02eaef6654f8a8cd1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
057bee767cc64d528ffaef13a527300d

SHA1
35a201a191fc12c1fce24c20a0ba76b81a79c647

SHA256
0c13a06728bd237cc444241b0e4f4eb291b5b826720cdf796db121cb44f09761

SHA512
132bd9d6cc8b64b6a1d98f5f8f245dcf7f698ddcd30bfa10c809ea1b92e1b66d5a2a6ebdde995249dffc74ee11d695afde7467e1bb24c1be15a91bcdc8de526e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d15613012ba9dcc50163a62bc81f63c3

SHA1
b3c6ba837207932c46af30b31feb7f8e68d2fdc6

SHA256
e3b8aa730a3aa6d04a7282cebb054b005acfafe20a38766fbd0a6a6fc0f07050

SHA512
2448c83e43c7e23ff1d1138af2c6f906fe791b1480f50cfc63d2d698ceaa1db160170e8e493176b233e29b65e19986a846c4d1399736bbab9e702c384a13837f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a26416af0adb516a3ce9885792ca8d2

SHA1
a2053bb13a18c23071888424610ad12229d25e65

SHA256
a9eb48a6932d6d63c2e395a21f7afbf9f4cc52f37621d4d14ecee8ace9123b10

SHA512
93d78f8c65733f5e705ed19d18fa3590fb1768e243840afb48182f382713f690e814cdfc66b5b66c0e33246d71eeb56ddb12e61258eeb947e922d6b23c7db5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
affcfc54ca40143dc4e5ac6ee6bc553e

SHA1
23da78ad6ccbace331c4dc29d01a54a528f9cf0a

SHA256
ccf735535c0490a19178e09075a5f404cb6febb316c6ae13518a71bfe22e32c2

SHA512
7de71967d7e71a51e273257f704c53752eefff3556589dbb7c4cfa499ea1fbaee9f65951156b5a6a0f35d586605395b9f1404548d348f94144574658f3625c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
47af2412d01e0df1a42c493553e100bc

SHA1
7c838abd26733cccb91c4193845a260692372178

SHA256
e2dbfa5ed19e644625bb8f6661d5e5d1937dbf14ffefe8bf0978e82b1607ef27

SHA512
ba6c31d762c4aa89981481d3dd8f2cdb31703a3be50e7145571d759651e71a9e9cbbce5d3c083a45533922ddd417daa1937f8f5860ad5237e61fc0bb12b9ade7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
838600bd75fa0d643690b67eebef0a64

SHA1
e0bb59b530706a4dc0ffc3379c8d9b41b5c15342

SHA256
653bd70d95e08685c3f28533259cf4e534e9e586e623a6d8ec09a14237ddcbeb

SHA512
1260c07acae57e1282a357d88f07a791b5f0c9a49fa46a3ac3baf8496493a36ea63a8e2799ed9cdb1c4d48a446f5ec850b5a9ee97c0af7df6fe5c7af1017e41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
f160fdfa32e068e77a073128b57eee6a

SHA1
e338d0c0fdf9a6173463136b29814a0bda59c37e

SHA256
143043e591bfcb811e02b37f942d82cc7e566c50bd110c46dbe776cad073e3f8

SHA512
6512709319a4dabe9336a1d7eceaa2b7b0f73d42105825285b154dad7bb5c92112d616ca21f9f7464d537decde3ef2b6ea7c2bf2428a8bf0b2c00df55ea40526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584d50.TMP

Filesize
203B

MD5
7e593cd0867892ee5841311b5938e257

SHA1
3b78d81158c85cb81ec76334bfe1f7366cb995a2

SHA256
ef09fb1e5adf22dd2633e125b5e6d72027ec6e043b122546f046575f0884a52a

SHA512
843916547f0aa0ad8546e075ab053652fd3af4465cb7cdbb9d169932116000f096d24682a41cb39e3b4e4ca8c103635957bee915528fc7d77a8eb2d99c943c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ad80d8b7b045c18ecadf613d3002372

SHA1
c242daa6d0c6ecd22163e6e02885a9068a5f08b4

SHA256
49b2b09469155fc0ea7cc9e0e29b729acc484ddaa76b5359f441943b943903ae

SHA512
1922f203893883c97e5d3aeb67e63beb2992cc87984fc9cbeae72ef37074387a8ed1c05d5c22b906111ceea2b7e5c055b4329e776c6ea38c9ec25b3a5ee24a7a

Download Submit