7e7fd9b65c6b0c43a75a17f2ee8532f8b908b542e48d82baad688ec21b178020

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38d3890fef07cbd30dcfaf4dd663a33a_JaffaCakes118.html
Size

71KB
MD5

38d3890fef07cbd30dcfaf4dd663a33a
SHA1

5edb8f0af441e876676b713f8682c166016143a7
SHA256

7e7fd9b65c6b0c43a75a17f2ee8532f8b908b542e48d82baad688ec21b178020
SHA512

e510e9a68c6cb71d437ccaa78fe92ad384e54891127d360315047b67ae0b722807b173cab8711a62b425513ed309c7fb0c1595d7d2ced71862f6d3feb2ebd2c1
SSDEEP

1536:EzXwgr8VSeO3NyZX0toaaS6cgRr0gxBf1pD+:ceO3NLtoPSgxBf1pD+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
2840	msedge.exe
2840	msedge.exe
928	identity_helper.exe
928	identity_helper.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2564	2840	msedge.exe	83
PID 2840 wrote to memory of 2564	2840	msedge.exe	83
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 3288	2840	msedge.exe	84
PID 2840 wrote to memory of 1008	2840	msedge.exe	85
PID 2840 wrote to memory of 1008	2840	msedge.exe	85
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86
PID 2840 wrote to memory of 1184	2840	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38d3890fef07cbd30dcfaf4dd663a33a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd875a46f8,0x7ffd875a4708,0x7ffd875a4718
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16001566884736355508,5103077635408707547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
a54c41cf7036861af3ae7a24f14b47c6

SHA1
6c19bbaa0f4c7926d269519602444ad93dbccdde

SHA256
6b700aef791f926a10ac46e8afad3515706e03db96d36c22dbb4a818f217e43a

SHA512
a1e49368cd6b0da73f78017332d0f472c1f344d466687b2f931e8b4eb99eb637ccb321c5e009cd6a8b920f788f3d58a713fe9a0578fd6ef79c8981bf7b5e8267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
56KB

MD5
9aea170ad0cd436d974afc1513f3b5c4

SHA1
f8232c587e63ed752260d2941a78a269c01c16a7

SHA256
13383bde9c3cca3b1b575c4fa92917d33fb77189c311169fd370aa8349536dff

SHA512
f426814d6a8986ec512d25de2de26d0c3c77c2c2f9e4773bba8830c75764460adc8924ce4bfd882b875fe64ab97a0d1c9bcf743cc7efc77bc9c3acf0a4bbf125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
38f30f6f6926503cde8b81ea23fb76e2

SHA1
919f640c6f0d48b5c069eaa584a7f7b4f6c57e1b

SHA256
7bb6d4201a2975fd596702c0f99f160aff061b539b941357596b798c27250c05

SHA512
4f96350f572bfc55c7c1656f1c2b3b73eab1e25f6bf069b91b636aa2b67a2fb1080c7fa1dc1be5040dda770313556e4e94d3ffbdacc67945ba41f60b1e518d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2a30992edf8378d37287ef8445257706

SHA1
5f4a0524bf9388749ecadc2d8d65b6264a7fbce6

SHA256
03722cc0b901b779935c4cb25fb735a8fe0f93b792248f26c0be44e21192bc22

SHA512
5495214fd5c146c1135cdbcd08a2950810eab5d9ee00b06d0a85f191b4eb3ca411c57c0d88a2952377f49c9c1771dfb4481866889a797c9f784d7b6b89b30bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1da76b7e9eb147e2746db78157f640bf

SHA1
3ff0824be993f5092b84bef9df585dd86d2f375e

SHA256
573369e718c9b8f729d84e3a72218f5cb2f02a85460a38aba41d499a28230ac5

SHA512
831303b3838cda4eb3f833b3e0b00b4d307aa8ea6417c7938fccb127f5673b0f5eee09ed7683cd9f92f8faf1f0e04154a6fc9768bcac992cbaa18c9363f434eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
7d958e6600c476fbb248145c8327906a

SHA1
b90946bd713df78aa9d4fbaa56d7d0beb6fe7e1a

SHA256
d3bacddbe2df82f3e454cf99404af9b43240051d65c47e6522ff2d0414b7ad38

SHA512
b55e5a1964dba26a8d6c45481d8d0f3bbda02f997d0f0823d3c9600f6aacf7d1cdf69dafb91fd16d490f2d6f8a3996b8f5d27ae8ea13a00e46790cf0b5b26424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
96e22b36615f10d83c43f8d3f191b76f

SHA1
1a7efb0b9e9e9b37e99957af7f1171cda232aac4

SHA256
201dc1637ddf511263eb66ea17f3aaf03709655f8d07a7a0498691a4d70ecbaa

SHA512
5a0491bdf29534cefb60f69ad0b7855a0364b683d8cb7a28eff83ef1dfa0144d0455b8a23001b231e324ce42e4d0c0fbf919d75ca291320d42cba2b834d472a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
927B

MD5
a3633304ab42c3a16c0c207e120c1916

SHA1
432f5315f64b96287d1d4ba7f3114d4f4c74c1f4

SHA256
61411de606040d2f518ed4b4235ab7fb92f8aa23da5f500b86325b713e1c3c7b

SHA512
2139be54a9e18a38366dc0726a07391a722bb49e7f0b257a4159bf8c9987c4de9fc016df72a58c591404031c34c80aa151c84ca89291922cc3cacbf172d0b98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
927B

MD5
5d5617eb4ffb12c4ae8857daef5cd948

SHA1
b55ac43428015ccdfb57371a272dbd6a34b59dea

SHA256
16cea9951fa62ec2d25e964d334c407365b4f99d5729184ddee77e0f0b583681

SHA512
3af201191d14c1d3c57fd3731dc9fdd37a18bd3e19aedc71e85b3acaabde14da1e9532d452102c6582f45b114da3d2c101ae4d774b36ea3158dae9a52f87a28d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b8f999e11fc870a3f4eb9a24d2b2ab4

SHA1
341773b0d8910789f4b857d3577081793fc368be

SHA256
58343c14aa31da10490855f2de754469318e7e9de65a7f342a1ecde76a963f9b

SHA512
963cb282e382a2b8e874697f040351d53a58e1b23b6068e1c0347206af54e47de000fd3c2e1c13f973eb8238c88ab122c06e03b51578d7ad0974faa3af75acd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8ee2a7934cc531458cbf4f44e18a565

SHA1
e52f68b3be23cd5148a421726fd21522a3c1f76a

SHA256
aaefbd42073a7f29928ac2a13a7e05e6a8f0feee804ff3a2677a90612a4377e4

SHA512
3c3b69aef862b969ab1d3b5d773423f2c3e4bcda57c0266b7cb4ca5e9ace5d95d41d8170b3f7cf4628933b1790d0105d42d4b64f499f078891ca026097257948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87376a1ef1328403a8fe52efd3477364

SHA1
ea0d1d6d3157b8fdb95b909eb716bd95b28b7c24

SHA256
fee9b5dfcd7e23b0e4dee94e4a4b2aa07b24ac3bae8648cbefaf3fc9c4914ab4

SHA512
3e0aea4e3cb5fbacbffc53c49db8adfe9705c40fb3f9ebc82a43a91a0a347da019f927c52832f60094f6df7a5b27cd3934288499b286cdc5ea4fd79929d3d21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
866fee50ba3adc2310a0620ba22e4604

SHA1
ceb3b6b0fd6071e6efcac966529139ba47aee59d

SHA256
703a52f0bcb685de8d6b7e139747c164223e6f1627652e4f48993eec2753cc03

SHA512
4947d57ef45aa6e928989fd554f828250c07f0886ca5c49fbd0ad66cfda88e95c9c1b2a0ed740ef79219ac46ccb8d8f1aaf7831de1865ab5a8b2e55efc04da03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc5e21b05560da9c03cfb9f454ad5fb9

SHA1
221fa4f12f2bb1dc54a16120a581c2c80945c8b0

SHA256
c3a33a568b44958414e7baf25b9bb97abf5374dc62abb7dad5b1744e8baed6ee

SHA512
30509c9c7913dfe30e435486f4b2d6ad53e1a304d58408c5995a3591810618090510c1397de01c512f06f8aa6fb8f4805a8283443eec90a179ed9b544136b06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7c9a501a21fae82d9d5df7245f0df70

SHA1
abef1e3c7fdbd91992d11756579e5cec1f301ca9

SHA256
da84d152513587002759f2ae6e2b86c7bef5981a7d7d8a093198c1ed30b93ded

SHA512
2ea5eca63d9484515ed0de7f6b574a9b98d2d49cb0325eb44920e18430020ed257fefedcb5ce9f9b8de50509a316fac58ac0504991757aa5ad6951379a6ad91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
78363c200542b11164a05e43ca97cc07

SHA1
85d2abd048dce94ae628fd8c10efcc41dde4da8a

SHA256
9b468468f2a4e92a9400f8f3c0fa9faae286a1e40554e4e5680a59811fff8d11

SHA512
783e16c54f13684566afb7b9a4d717103b60e03b6c0932c0beb8efb9756f199cb606506051def03bcc54f4604e5ce08935170867b91bf7ee511823ea55f7286a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
1338ed1c5613fb9e3b2c3d5bd3e71c78

SHA1
615e75b028f95876d9100381a905cf1f7883b520

SHA256
006a5c234d79cd3259516d6cb3516b0321fa33b743325252a59b0ad4e97ead62

SHA512
049e3a368c02772b51cd14e41d0229a45b19eb0426b7d1ec549f3f5c4f5e4b0e0220592a2414b94a43c0df2aadad8dd6fe3cbdbd526226afabcf3babda1aa7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c011b5316092f7de8f2af6137ad2bf6e

SHA1
de1b8fd4620036a1c04128047ab53ea4f8bf24ed

SHA256
e5abcb19d45cceef78d592abb528fb930219112479692d2ad8f7a67ab6f5dfb7

SHA512
8194e34b52268d24f1511f9d1365f6e75435481abf4f52f5d865fb9a1a50478af9490ad84842e125daaeff18b4f2f4c6a87dd4350679a356cfc9db5986f4478d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
dd94814780dcb1d6ab42e679718e6ffa

SHA1
ee9889922e52d6a8c30f4dd8a5eed095d83a4d3c

SHA256
333b8719a924c7da6c2610ce43274ca1319731a69d42f52a469af53f80ce005f

SHA512
feec746fd2fc943a6f69a7207b14cc82385f4b025baf1c0e7db52f780186a10eaecae1444b21a530d6b3c58842dcf636923ce630114b6edf9a8a51cb6407b176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582ad4.TMP

Filesize
203B

MD5
3ace0d712c5834993be0516ba4ea94f0

SHA1
4020cd2a090ecd0fcb2a5e5467b1690c84b4fe4f

SHA256
76a21df0a3f3658efff79a337df4e0b1272001f59c3e2037506056f8fecb126d

SHA512
0db9b44fe05d341b3881ff3d06a28ea86e3c34c3b26f833e4a94a5156a5f219112e033be69d519294bbe01a3c3aa661eb1dabcf5c09ef6eecf8ea6e5bf290991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
282590615cf5d5e35fc1435e9946c021

SHA1
c4e02494de3f8891f3f7c8ef44842bdba18ba7b3

SHA256
ebcaf9f912cc8837cd04c14bf2b6ec1629aa7704020747c23adb81a589e0fd8e

SHA512
23ed6c05d420fe5d2fc5fa0a2b129acdbbdff83e53688886afc802c3c40455c9eb09af675a0ded7e2ef525c64fb9ba8f4a8fc77dcceb402f830ff5efa51e8110

Download Submit