8676462d41f0481afbbc344c3850932423afd4ebe172b03a35daed7210eac579

Analysis

max time kernel
139s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc8efb41c82b5934905835016420b4fd_JaffaCakes118.html
Size

50KB
MD5

fc8efb41c82b5934905835016420b4fd
SHA1

c4ac92fb9a0f2904e1e1081f5b6312c7320d2a64
SHA256

8676462d41f0481afbbc344c3850932423afd4ebe172b03a35daed7210eac579
SHA512

5b110f79002107ee7926a981506649bba26dc0580ef8901127631fc7eee400239d3995d2091848a643f60d7c952f845c8b60b49992956ed1ec4254e2226e2eb9
SSDEEP

1536:L7wgr8VkeO3lRYFvqyrITGGFWj4haS6cgRrsebhkguarN+:LbeO3lRYFyyrITZFWj4c6ebhkguarN+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
4260	msedge.exe
4260	msedge.exe
3248	identity_helper.exe
3248	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 1788	4260	msedge.exe	82
PID 4260 wrote to memory of 1788	4260	msedge.exe	82
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 2472	4260	msedge.exe	83
PID 4260 wrote to memory of 1476	4260	msedge.exe	84
PID 4260 wrote to memory of 1476	4260	msedge.exe	84
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85
PID 4260 wrote to memory of 4112	4260	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc8efb41c82b5934905835016420b4fd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce3446f8,0x7ffdce344708,0x7ffdce344718
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9115542169515157034,5854529299995398998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
  2⤵
  PID:2896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
8dacefa7bb352d2b95569393f3a5eb5f

SHA1
7ef7578dc6124de19dd7de01ba7b3be794496aee

SHA256
7862aaba2bb596deb55e5d756d15f3d5594934dc43fca323d3af5a623c277463

SHA512
955f24bc7dfd5ed62bbcc6a3d6406fb2611c16b1a0ff7525a130f53b19bca1cdbc7f14b1112b5be76268ecc90ea1707c82caa6a8eddaba09fc0dfa1bee82f75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
119KB

MD5
d42666bbfc672a76917d5b2ca15df51f

SHA1
93ad29039353a3d781b8b57f0f5df0e5062d12a4

SHA256
f106e12166e6182d9c0501b67298153e140a3b3873244257a278cefd48db9ad0

SHA512
badcdeed8cc6f10d8e2b25a11bceca734e663fbacc27669a0c0617fa112e49c9fd51c7ee86e2a25ac72d6eb57457956d76da9ea66af6341e875b389abb044c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
132KB

MD5
2f21614fe7c3f274fd268afd515c1ae1

SHA1
bdd8baffeb9933f5a43fe81daa2e22ac7f65cc0b

SHA256
a900c7c690db04a503a2015da65fce3091e01990e72178b0fbc127b68a075b7c

SHA512
f26f3103ffc00eed1c4d235e7afa9f9ea6ac503983af849c013253aa68183ac7a1819ed338429d26fa9c80336be9bde54eb90057b2c271e43a5d6487f90c5dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
157KB

MD5
0020e18f3a8c4a10d6224ee06798b72b

SHA1
38a8b883fb8cff91e997bf38487ea2cb0bc58e76

SHA256
f480e9bbb97e00a3df2fca4decf06cfd9a8621a320538ece5c7e2cc301859af5

SHA512
10389a15df4f720b5eacebdaddf52f20af77324505cdca656d1ad0e08a4d7fd72edf37249718f86c01a08403c169900b24ab3454464874108ea56ed0c06de402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
101KB

MD5
d12e6a7f3356dd5128e80f1965006153

SHA1
47668e0afad4fbce6d30ce225d296284f3ffd7a7

SHA256
8ae1fade520e1c2e5c5ba2096d1a8e790165c07b4120747bc503354d76f06ea5

SHA512
b781d29c5142af0f7670c0712018adca507b1a3b0f1126276881b29cfc58cca877f5ddd0b5b528814e0198b8425c69959206e3951dedf5562b0d60812f5b463f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
56KB

MD5
9aea170ad0cd436d974afc1513f3b5c4

SHA1
f8232c587e63ed752260d2941a78a269c01c16a7

SHA256
13383bde9c3cca3b1b575c4fa92917d33fb77189c311169fd370aa8349536dff

SHA512
f426814d6a8986ec512d25de2de26d0c3c77c2c2f9e4773bba8830c75764460adc8924ce4bfd882b875fe64ab97a0d1c9bcf743cc7efc77bc9c3acf0a4bbf125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
33KB

MD5
9a50bcad57128ffce886371593d2038b

SHA1
4054cc653a9e75bea2abd15b138a680650323f45

SHA256
7056ea19bfac643535dbc4b12731af1caaac38529d31e3db8a40e181ec8da1a4

SHA512
9c80c1649358afc9e45539974c1cda9f121ed8c7b310716318697b0aaceff4865897154dc6c4b35d1f61333d3a17a2385c1ed75b73c463b893bf246be223f6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
9661c577bc73011d8a5c6db1bc003b0e

SHA1
b1e08f242d408dfd66b48180d14b5b81f05b9c06

SHA256
c0e83bea51a6a24619632ec1a2dacc1e36d4f441fe01d0ba79571dcfa4f8e6d3

SHA512
2fb87d4bc5b10be5ecf173726f6dcc5531722879a046e7fd5328406b2c2395be4298e1bcd3b73ac0cd81b53bbd2b2d6d76e6c733ab79ba9865db3672f40bb25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
106KB

MD5
225a8745a0734a9025f8bae0688e09af

SHA1
cb31b99987b7eaa1f8008f68edacb41da3f599e1

SHA256
6f72a2238428e2dc380d6887dcfc222b5b2d045f7502d769210bf81aef1bb8b8

SHA512
fe7d108e2b30c86ae21e2e7f5c7ceb9c9b5e24a90d0a8495e3e851fc979d0db4f146027fce494b8e76e4937972280340caef90440c108383cc8097d2a2a947a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
aa458908b4eb1957439ec00962ff78ac

SHA1
95a630e0a9b0ff5c328b6570ef085337047bbce7

SHA256
181dd45a1c94981e558beeb533f8cf7bf9f7a115e35850e9e3a2f3e14a5da3d8

SHA512
3ac2d10701509aa170669ce8a8d7dfec51f5a8c65935c1fb7f6254e63f62074c35cde30c66f7e296891e05fd003ea8f4c6eec5a28606e777bda68a8ca13b0d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
046a87808cb6d22694335cc3a7d2d424

SHA1
f374eda587ae59e44c20ce03dc8663ed0f5ec03d

SHA256
36bae6328812b95871d9d4e2d909bb7e63b1e1b6deee2857d37079e53e13c027

SHA512
f670009b27c20a998ec926552ac5910917e228f6a20630ad755cc74d384a626419e506f650b6b4fdbe0223f6142f123542ffe74074435e53496e769f146c3850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
663f54f0f9b52a2820391967d844dc02

SHA1
4b1cc2bbd40c9ab43214f3a02f74831a0fe9a9d4

SHA256
9ccc2b815613bfa1cbb18110e8a35d94b04bf2a374baf61067492e270c179b33

SHA512
67dff2dc57b8307a9f875f6e8f03d597e3448b06baa5126f453d82fb57b570687ebae7d90e2de3f39e57234c9f26c36d4d3255a2691990a362881c02aba246eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
68346b583241083307ae5ca0291264eb

SHA1
164190e879d387e375319f4fda09237cd0c784e5

SHA256
aad6738fb4a90a10d0efb57ce98d7ed4f3be4fa9dc30da0991270372ef99a557

SHA512
3b2437cc815c1c5d857f6c4b5ed7753cdb8cd340a882ef4289361e4445beaa7767bc70f089fe4d1bcce719ed92897c9267273e431e4eb7a3d8c489e24ef65072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
19d8de097a5b70ce0bafa1eb325c72d0

SHA1
4ed42075b75478db58882ffe3e41720596dfc5ef

SHA256
d04fc246759f433c4fe8e68503c35bd798d9287f76492f41c3715af26241331b

SHA512
1d66badc8a8f927b937731c98798509ae45e9d93931f7bf2334143341f8bd9aefb57fa0226e6c8a8548a056c5d584ad618999ae814209d9c58f7cfd6a0d93ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
585ace8fde98b071f292d419e321ac3e

SHA1
5e21c7e211cdc472b6ebb7dd421de6ab11b91963

SHA256
e86fa97355777f9fd269f118cb7a3a6b7fdcc6309a11e6a161f4405b4d099569

SHA512
0c31758eb0f10e9e737284932f758d5797bf1b5a0c95490e6aba27b22703e4b8595e17ad93324ab145d2cae91043fed9e50a177e7c81c55ba612ac0c53dabf9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5327d5f8756444d0546b753661335f8

SHA1
3cca0c647d0d042c976f3e6e891526ea4aca41fe

SHA256
11c34d744413cfe2b6e0157df56f27476123bf4146713369766541f3ec884e44

SHA512
196b0a8e9f47216823a0582d75ceaf5171b156ea9429fe7921dee995a284c743d9c59da463804e74cda96b917ba43b0a0acde3f849f55503e907a947507c813e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8c3454bbf4274b5de471a8c7cbabdb2

SHA1
bf7de3b1e755e9a9c399ff68114a143e2f047a4d

SHA256
5c16d504bd3fbe8c91cfb81994fcd0d9f03f01dab878e000c81ad8109f68f25e

SHA512
ad86b31086b5a170877390dca42603837e4676a8ac3fa2e80cdc9b0c217a1b49af473bd521c32abfceebd9e9502bf711d1ca85eafc72c0c09876070f287de310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60f3413bf889aeb56b7a509ea3c59e82

SHA1
887350689495049be174573541774c4c2c6e19f2

SHA256
fc0ffb11e5dcd6a3b40c858b2167a9ae6702ce08bea1bfde21d1de9f89f493cb

SHA512
91d194eb28ed6ec93ec47970aed1ba6aa956c3ad0564b080bf3f9e88aeb505d4680e88e8eb599be62bb71c56e8f5962e865b9cce0d9d284f81b2839ce3864a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f748c65c0e340b540506328369cf031

SHA1
5d0a2d50ecdd731818a1e91b5cdbd0358fbc4c57

SHA256
1212806f2a117b75b343e01415e98781e8dc4c7c26a51186fae0e19702e44b68

SHA512
48632a2dcde1f1d9675308e561c086a597935b253f78950dacf2304327f31ee89ac29a01c5300276a6277f216b8e137b8a8fc04df66ab8ef98ea82bc30d8e682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ce885d085aed92b213ca520a691340f

SHA1
e50bd49adce536499c7f66608ad157a3cd6622c7

SHA256
7c229872deff3435b18514f4d12c76aaf22a713cc03f6b9470a5cf7ca35fb6ec

SHA512
fd9bed159619bc03b93cee213dd7ffbe907af4640e8947dd23018e3e3d9b24915d9523b6846bb2ccb5931ea14ca2546538239db76197df193dcdafa74ff0b5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f50436e42b1fc13eb9220a677bf200ec

SHA1
96580d81c8961a1e39672404394735d495d07451

SHA256
cac571d7d80b8e4d4fa10d8c99b7b5b771d04bf8b4ebc377edfe3f1375104f2b

SHA512
e626c806aa55f2900c1979c9bc32013c7adc49458f65365ab3a70b9b9c97872ef7903588a8166dbc2844f6fcdd04059153e715a13c10f33f956ee7464b6feb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
4369ca117ba6792202ac7b31642f6c34

SHA1
829601ccb5b3f1fcff1286751993fa64cf18641a

SHA256
666390734d3ccf15dd3f1b70808eeb3a9e757a42a7d912dfd0838710b0780bbc

SHA512
fb1c9cc029b0914cbf0ba89ed7a71c5f50bb294862f3b74c9d2e53db67b2906db75bd02476ddcc36c15b8e8ada7a4715199a5d119c4946855523be208312f6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
cc53cdc00e567c26b67a97f2d3c25bef

SHA1
639827b24e460afcf7a6b17cfb18decb52be4fde

SHA256
97f156828788b34b20b96c89883cc508759363ada14548b39d1d68677289c625

SHA512
3e31a264d9a31e10fd1672908c6196114293e4da449e702f15153866eef2f1db629fa3043e17e3d0e74ee321e2a51dc0a17de7f292ba56c6342bacbbcf130c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
e2c391c7701ad3f1adafed4eae773afd

SHA1
f989cff1cd748c1ae0dd0d44ea255817381c068b

SHA256
a049a90a647329c56d3a3daa1eaab6bd9e95c862b25ca94fb47c7ec715aab64f

SHA512
27a690a01c5870133217dd827ea1d07e1a440d4dd2bb3ab79a9928e41ebae3631ee2a5c32435523d10576c5cabd7c8e6a52ed20f97bcaf6e620330ce8dd4e952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5af1ee372f2cdb1495b1a954cd45f8d1

SHA1
7187a427a2ecda78ec300f0b782d4465b12c416d

SHA256
76f76f89acfedec9e8c14ce2ca4614c8f72c95b283576173e98b01d94f6a644a

SHA512
27bd349dce7a962f36acece9e203c5c64f8404dfb06e02f9ec2bc0de6b80bbfcf480e1440c9339c531b7f8f6dfe6db576502a60d24f2cd9d711751b9bc191221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58409e.TMP

Filesize
371B

MD5
dc8a17da9ef0191c6804c17067f1fce0

SHA1
295a482bf15b178a019b289dcbeef40107d096f0

SHA256
511536477c0939c5662729010d99897986d5b52e29010c48e220729050152e51

SHA512
ec767986f1ee44bb2c5df5f9879e1363bce9e96e2de69d8eeca3d81ebc29137ce878f2c07cac427675921d28d8e7093311b474a4ef31d84dbfd6a6f4da6aae45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c8f068f8ace6f34fd6e871ad2b04cb3

SHA1
2d3462260bda594243b652bdb8027349750baae3

SHA256
fb1a873f0c7312edf7a9879985f395308d7d3810577862359154e3dc1b65a9e3

SHA512
d6307c824c5a805edd14245818d6eb6a1356a6c33706861c3993db84a5f4b26faa8b17a7f1c5077a962d9550cc6bcac6f06d14871d790cc16cbc210d9ab97948

Download Submit