69d88b51543448584a674857783358f80cc9214cce4602a75e2b74141db42eb6

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4107f93e9c24891ef5b3f73fbc55fb7a_JaffaCakes118.html
Size

71KB
MD5

4107f93e9c24891ef5b3f73fbc55fb7a
SHA1

71b3494dc8f6f3f3910dc62e788eb917648a51a9
SHA256

69d88b51543448584a674857783358f80cc9214cce4602a75e2b74141db42eb6
SHA512

654d3405e5f33db058a94a73e7c2a5dba6aede7e18acd40ce1347f67164f7f88d4d9e4c16b69ad097b7d0be3edacc2d287f6bdd60eac7dbfb905088257006c01
SSDEEP

1536:EzXwgr8VSeO3HyZXutoaaS6cgRrp2xBf14Du:ceO3HBtoPb2xBf14Du

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
1460	msedge.exe
1460	msedge.exe
4788	identity_helper.exe
4788	identity_helper.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 3808	1460	msedge.exe	83
PID 1460 wrote to memory of 3808	1460	msedge.exe	83
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 640	1460	msedge.exe	85
PID 1460 wrote to memory of 2392	1460	msedge.exe	86
PID 1460 wrote to memory of 2392	1460	msedge.exe	86
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87
PID 1460 wrote to memory of 5100	1460	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4107f93e9c24891ef5b3f73fbc55fb7a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb52b846f8,0x7ffb52b84708,0x7ffb52b84718
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8182534138713700451,9214900339042780013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
a54c41cf7036861af3ae7a24f14b47c6

SHA1
6c19bbaa0f4c7926d269519602444ad93dbccdde

SHA256
6b700aef791f926a10ac46e8afad3515706e03db96d36c22dbb4a818f217e43a

SHA512
a1e49368cd6b0da73f78017332d0f472c1f344d466687b2f931e8b4eb99eb637ccb321c5e009cd6a8b920f788f3d58a713fe9a0578fd6ef79c8981bf7b5e8267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
56KB

MD5
9aea170ad0cd436d974afc1513f3b5c4

SHA1
f8232c587e63ed752260d2941a78a269c01c16a7

SHA256
13383bde9c3cca3b1b575c4fa92917d33fb77189c311169fd370aa8349536dff

SHA512
f426814d6a8986ec512d25de2de26d0c3c77c2c2f9e4773bba8830c75764460adc8924ce4bfd882b875fe64ab97a0d1c9bcf743cc7efc77bc9c3acf0a4bbf125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b38dd180f00a82c_0

Filesize
408B

MD5
cbbfb7dd2d5a0c729d472a56821cc5cf

SHA1
1babf0ce2f4ac6d932724efffa1d4c574d8e2abc

SHA256
80dbf56fabf2cf2f6657f1e1c5cdc18abfdc28d88d1ac0a5e713228af150bf34

SHA512
6ec537a80e07ac5e5417483e49af0ed811836e5044670eb49cdde527bab94da4d97fed77471f21b68268fc9d8ddf9622b2e246852d2cfb25d8a00fcefd03a7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c86e172b5b977d3b08dab2dacf7bfc6f

SHA1
ff3e4bab41603ab70230f5aaf78975f770913dc9

SHA256
fd5c433ade77fe981c5d33deb3b34a16b0e8d8d662c9a1d698743bcc4ada2ac2

SHA512
fb0321dda88588fbdd9603df078ee6209bcae60522a9105996fbc53e5959ca607b31e721ac4f6f67ebd7624eaa171084fbd3f8f9fea46931a02c6dff3ada50e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d4c21cb300a9ace39cc739310e21f1bb

SHA1
8375c96d5b781412a264b1071236596a07724956

SHA256
87afd16d9732a588207b4015fb6c362e543d6899d67fda1dd0ad110723924832

SHA512
649a9f6d2e26b25e827c56835cf4e3b0798825a54fa4e8faa2cc9fbc37ac90e797a9afada37968254bd1f49bff0239a027b55fbd3ae03040d2ef16869bcb1f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
aec290f91c8d1e23b3c4b366b1e55a56

SHA1
d67e0f93d84e523462720a8401baaaad32f9c3ec

SHA256
7c919fddc8a2c1080976f62e175fc695d02e0b9fe426382ee8dbd2b5ba722caa

SHA512
b2d3d32838707a8e9e9c21f473822501a9416d41ec82b66037317232d3f166ef20cc58ff6292d40462bf496aa9610cc60a8d6f0e5a8dc494fb01853a1a685691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
528a008979da462fbcb58a436c73cadf

SHA1
2ddfc48698ab8d8c3046078ebfcb0a9e8d8d611b

SHA256
4163bbb4a4a746e6e56b3ba9af85857d995d6fd8660807aafa8ad85ce3425be6

SHA512
b3dfbeb75dd709bfc69e09f7b911451577184c70b821d3a6f982971b01bfe664d6643190264dd9ed564b9e6f76b4d5ff4a9f7064eb5783f9cf52b92e54a03573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d32459b1451dfd8892353cd6cf419f0e

SHA1
f4fb50827a10c7afa4882125810174a1ccecf720

SHA256
0ef2ca0a331543ed9dcce26c3063494b96f5a1b5bb11e14da46770fd035d38d4

SHA512
b5982d6c17cf9d5fcc409ba6d00210e683dd181796bb2856a881e0970692d0f1a78db65caf4d9a73dc2d81f50ae6432d096e1cd859c14deb48a44e430ae5c380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
895B

MD5
103d0a7caec986ae09c67ea7aa75b958

SHA1
6d989069dd423f2df06a63d4014e88b4e3642bd2

SHA256
f976ebc45af181927a5a0b2232e6d4578ef129e7f7e7389bf1a306ca95a36a14

SHA512
6fcfe9545a5a1ed448433edfcc64791002b33eed06aac49a58cdb2fba310b5ad21d06a2de4b4091c9e77305d3841b30961adf50762c5cded3e1d566914648b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
926B

MD5
173d7957166281974c7facae85b294a4

SHA1
9aff43564f619922f77691fdfc4aa748e1b71ace

SHA256
83b1ab0464077869553bb4fefb19f01b9ca37803e283776645c1e17fc641f91e

SHA512
42dd93c684a8912122d01bf1c31add270727eb9517179aac57c850c03cde8783662fe44da190bcd52f6c10eca7476298cbcc4ef7303868e31ce8ebd103db1f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e942b5a3a22833605eb0db0189e9c4a9

SHA1
ef5eb6bf0c6924ea8a20c1f6eae6753063033d62

SHA256
551c505e586d129d3e4beed7ff43fb1f1ef60568f845174bf1a9d59d7488b004

SHA512
f199d909fe997c3576d02f35869516986238248a1390a6a4c5479b33cfe3f164acff988c1d7a987df2f1a299d9436cd3409b1d57157a5cd10ae532614e228dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad480379b44b29d6626ed6db4ee7405f

SHA1
89bfb66db22ee90562b7db16bf72b9f06c918ea6

SHA256
a22141e32c7b1a7fa677346ae0ffcaf039ef436c0823c342bf3ef612f37d16a7

SHA512
a62492c2c60a5272a82d3548c32145a803569f0b4ac4e3f6a4f4ee252d6428a1432e361f8098fc759636529737564c447433146bf69236c9a3cb648366fff721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f1ca0a66a0642b0b9d20484f4ca9366

SHA1
8aa2b11021829a9b33553c37ac1ea4333c946e98

SHA256
b643932e4bf4b40ba5c828b768ce658380948a64319e8cee13fcd5dca76116c9

SHA512
9cbf68aa42212ea59fc6541503b1351ec2f4fc973c744dbf29e4525a406e55b6e6d29d41be4bc1e94bcd49dfcf822e5feea98575f1560e27b2df83475df5b0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ea03e192e3713ddf233047560b5402e

SHA1
d9c03d9812382f8432b16c1d5a55a0efe1d41bf8

SHA256
9013d43da053a0e87826f4f8caafdc6e36a24aefbaee9bd5a68346391b31c8d8

SHA512
34e38b47cc246bc8a201fed4c24469eac6e2f3e271ea39c2aa17edb21f639ff6a879d7d3be61a27649cd0049cec222b9f7849df444a2040e56fa7f0f8ad917f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39d30a13eaa9e9e36aa621305933d2a7

SHA1
7df9640a1e579faa94e92cdd66d71536752288c3

SHA256
fd2ad983e4b3ea29d292991a4c940149a552626f2b896222a50ea8c09df6ee36

SHA512
f518cdca112874ab43796f3f2019964bdb7229408ad3afd76d1c50709207d2c29e4482289ecec609c5f0687f4fc7b2c1f2de6389a4adf1ea4c85ee297ca27558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0563965ce8b10f8dbceb4a5e133ca5d4

SHA1
ee7e7e491c3b9bf56fc9f7dde8177f57917a1020

SHA256
3f713610113d8a0277f33a44b93e2dd0b32a023d94ae498ef5f1d91c82010942

SHA512
ffb4d6170ae21e0cb6d272950439b8d4c2b173e33d1409269a5be5707c92c124bfb9220da1abf150968fd6c59ba10b1e18356ad00b392a8e06eee334a0488350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4b1ddbc94dfb73a4dfa5689a8d277cc9

SHA1
b0454bf83c3a4a9e88a8f921f6c1a55b764c667f

SHA256
48891d179aaf887da82e448e1780b1defe33f58dafc59934dc7c2737ccc8fb93

SHA512
58f26d1bd87adb38f38d02d49096e0a0ca89bcdb80a6a58d5e4ba86276df0b9f5e4feae0c63862015ce9506c0e25f6c5aba9d7123aef140961c5e18841889200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
79862507158cc6147b5f63824111b472

SHA1
045e54f0f7cdbc905009a1eba7eca14264ff5dab

SHA256
4f479ab86ac2febced33d13d4bfaed23cd1b46cac9758a427ccb80538b3f6bd0

SHA512
569e7b39bdf5777f9addd4cd852185bfddbaa82341bbf2a8f7a8c8dec3560bba06ce73691df2dec59ba4f449e0c2f2de8134767677c994375e7f471cbfbbb57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4f3d702ca987d2995fc8099a726027d4

SHA1
db76301f2042fecd3ccd67e3be184fce3c546657

SHA256
e5bd0b8951422bf213af10952432a44afcd3d8a6d3a938b119b7e888f2c11607

SHA512
562e5ebe361fe2449facc71719e173f020a909bb0bfbfa8ae9d38bbdb2c66fefed8ca3bb8150e577751c77978f5428c40e558a52a7c00a79f9a1cfedba4933a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58319a.TMP

Filesize
203B

MD5
711bb9a9ea76c20719484d6cbc711534

SHA1
4d8b416ee20861961efd45888d5315fac732d9c7

SHA256
faae89e6361ae4a146985a8472ee7b1a62b40549ed0dd6ce1d2ae15af7c2304c

SHA512
840bbcd59157b220401864422cd05e9694b65d83de02ab7c96f1ac9125e4374069bf7f67382c807833df57e95c4f204202601e7c20fa19c6af952ab44d57ef01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea8fbc08-aa01-4359-8018-3194a2b0d5c4.tmp

Filesize
203B

MD5
e12f66d86ea01bf6796f3651423f9403

SHA1
a6e87563f12bf6d4b8ad10865fc4395994b8317a

SHA256
f15d50a594e4b52a25814fe0f69c21ce96982ff03f646b52f9b684f56a958439

SHA512
c6b1860256784f5e229136b4b3007b2fa0c7a133d6762d82b1b139e11f96dfbe8263b13d8a114a6f2e666a4a9b607c0ba728e01f671bfb5db254ce32c3359079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
330067a52e4c3064bf3ee2c4cad6d069

SHA1
b66020ec6852592394a43c2c99b1a0d733d5c7b5

SHA256
5e4fe301abc0db3aa7a2b9788619d742d631ce22b07090174f059183a1b56e8e

SHA512
c09db33963a95d8f84aeed172b9674ef4bbb71ff83ac655b190bb11ab829b1691232f9d7e2a82aa1a610d1d6336f474600d97b17931d809b612175a5f8d21fad

Download Submit