86e9f42783854a2bf8028bb0a5cd3a642135b0dea95298812c2278eeb5c12b1c

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81ca3ad9da0ba9ae3d21b0f3bd69c76a_JaffaCakes118.html
Size

208KB
MD5

81ca3ad9da0ba9ae3d21b0f3bd69c76a
SHA1

1ceb5e45715641bcffd7f86e6c1df1bb52ee2035
SHA256

86e9f42783854a2bf8028bb0a5cd3a642135b0dea95298812c2278eeb5c12b1c
SHA512

5033ba787470ad9ccf671cbbe7ddf41ef8d2f8b8de5d7b3405cadfc093ad187d7c7e1a1b98543d87a21368fcda460c0b909ffbd24be27c97047cfdd367255779
SSDEEP

1536:Nz4rNbEu3cxJKVroYwKlDBknzEYwKUCThYwKaP7YzeWr/GmTJoRIfFTecsuPa9f:Nz4rNbJcxJjFKFFKpFKaP7Ytba9f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3932	msedge.exe
3932	msedge.exe
1580	msedge.exe
1580	msedge.exe
5392	identity_helper.exe
5392	identity_helper.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1580 wrote to memory of 3760	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3760	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3368	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3932	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 3932	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe
PID 1580 wrote to memory of 2532	1580	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\81ca3ad9da0ba9ae3d21b0f3bd69c76a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad17946f8,0x7ffad1794708,0x7ffad1794718
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
2⤵
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
2⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
2⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
2⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7248 /prefetch:8
2⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7248 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
2⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
2⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10858868369652453019,17671848111905768520,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5196 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
84a8716d9627e183b16fd579e5233819

SHA1
37e5594824721c86c76b9d24507aabd33f5367e1

SHA256
5a7065adb0c317a984d66b55be9a6ccc5a8696041b485fbc855c6d0385e4f726

SHA512
ba5e7fae75cf93314604ebc41292bf7d219ee9806e9c2807da06d915163d13ac0117797d310d1f7ed53fc628d4f1c7d329112d8da3d4d086fadc89dea323d238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
98KB

MD5
d1ee7d396531dfc2828b5176db29dc85

SHA1
3da5415f4e9e84e6bb6f4f1ba5d49798d1039810

SHA256
fb73104b528a4c27a427e9461cab93dd38ce1fb3e67671bf2912d8c593a98818

SHA512
01a815d52fa0603c593817af0b06952adb0a02f4e567b99e5e70812e894f112f6ed94025e90c4a03030adfaa30352df319f3838b6442daa40902f4a9dea029ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
611KB

MD5
104fa38dc1f0471ff7885555088e155d

SHA1
4df024f3fea29e848c3d2c927f5145e5a474e18d

SHA256
3fb68625770f1a41d726b5b3755755676d8bb7c70a68443f66786f8b9eaf1489

SHA512
2738f2375911f27f89f9a2ee0e5e7f88fe6928d262028682c9fc2afb0050b469dac933fa4c42e6d2dffe714b722635c7ae5802d55bd86499090a04f9b2611269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
48KB

MD5
c516fc64c2ce2da54e42fa31bd5e663a

SHA1
91323242547fb20ba7c4751ba23469907dcf38e3

SHA256
23625b65966e0e7aee05db5af64384107139cfb3b23783e51e2d98bd6b7c8921

SHA512
69b802c19e43c72d0ba03b12ea31b9a4034073ef7cd9db7c6bf1ba649a927abc99ad08655c78bc9ce380a6ee48442533ad23ac44e2728252f040a20b598f7296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d15faafd4e08548_0

Filesize
1.9MB

MD5
de28f495c89e6e9e374a615729f511d1

SHA1
40ed49cdeedcafddb8181e8e9402ee157eed7a4a

SHA256
50e8ce4001464600829cdbe951d161f3378b8091df607c56be92f87fb5e97956

SHA512
560ccb57efd125879e33b2fd2de111a003bb1b93366e595fc9c5025c89404886bf891e151ca2348e92059964addbd7fa1e758ff515ccffcce19a420ed851318f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13ffddb66c152040_0

Filesize
56KB

MD5
ccf9533675f2f37c2d0ea3041433ae29

SHA1
c5d0f2b5a996caec029ecb5e72cf80ef0b84e44a

SHA256
dac90ce5c8556d3257672dc7572e144e6a28ef0e3d3435ba5e5213d51cb1f6d9

SHA512
9ead5b36f162175cca09a8de9f0b2e67991cda136c82a19b591b5c8f95a7c13cc3164f18b9c97b4651b637352c275d062201cb249f84d749adbba94a023d0f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13ffddb66c152040_0

Filesize
232B

MD5
2cbf0c8bed0311a0b74f99df5627f945

SHA1
60364435868edefc3101876bb7968ff0fe77bb8e

SHA256
c319fab0541fb0ad40e91fe32ba597f4fe7c6a815932eedaa05f6bbfef8aad12

SHA512
90f44e290355546c4c01977eda3688ce244e8b0c324360c27ca35b3bf532f1878b9be6e322504235f60fb1a550ed4db246ccb9c3523e74090405afc754c0822f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a7fd22d1b03c04f_0

Filesize
231B

MD5
d7294dd890888f54b0208f21b20ba354

SHA1
e27d68cc30e7cc5d29fea77262f8e9bdf732d50b

SHA256
29f6ea235fc4cb41e26b2373292e6b3a2a5fdb30d4f8ce133dc75f211deb90fd

SHA512
d04b0437971bc55792df7a12096a71c6f1465bb1268769a8a185374125b1a8ca35e1052be39834bafc77142bf689ed951768c9fda48cd7e68b8a1c95ac781fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a7fd22d1b03c04f_0

Filesize
231B

MD5
0168fdbf02ce95ba3cf2669ffcd51bf5

SHA1
8eaa300e4b21c7b146d40e49beca4ddcb4b7e1be

SHA256
ef4202a782c0f57088fa73da9675b78ea5fe64efe5899605dd52facad170012d

SHA512
d4ad1f2be9743c32e42be4df2e51bd7e02cb2d3389f2b0bd6afb0cd547fff7bae3037128058cda9f0b6f97c4d1a828c33ba64b011fa7b4ce838b7199089a3e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a7fd22d1b03c04f_0

Filesize
231B

MD5
fb019f64b8ee6a36a3c3562049ba3940

SHA1
00830fe27034e179a8fd27af8a3cf5272a86572f

SHA256
3462db9d3245d447f7ffae6b22e758e1920491b06c58be7222778201d16e847d

SHA512
fa99ce1d6427ec1febb9ddbd3897712c222ab65247374060983564593d26a0315151324bb98ad2db85b9ef678b8835ef567c0b7639e239c8312e589d45e01c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a7fd22d1b03c04f_0

Filesize
279B

MD5
fe942cf583ac1ae1e2c1f09e4cec35f2

SHA1
2bd4d59b4907c3d4688cc256f99a097a270d311d

SHA256
49321ba14697057c1d0adbc3918824dae80023f496c140fca3d78e4d2e5ce0de

SHA512
6195f2e73225ab453ff294fd8886e82478ae4a4fdb7e0620e1a60e26ac3d9ea7ed24ef3cd7920acff67215031de272587dd420d390364e4934a9e14c24ecf119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a7fd22d1b03c04f_0

Filesize
279B

MD5
55d1cd483d00805bc89a77497175de02

SHA1
cebe17e7e4d4e4135eb9a8fcd0fde2ded6fc6d91

SHA256
496b5ec3d563922a519505de3261c1bd8e3e051ad975d2d326e4a3a4ca757bbd

SHA512
567569e4c6868e6feb800e366f27e4119b09b796ad0f9c7094a01fb3a8dc931b6c1b1cd5b9818b2a544115bb6b2c85f003440e644da25728c442dd8e92cecf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61307884a8d06aab_0

Filesize
349KB

MD5
c75788b9fca0e661ed49800d894843cd

SHA1
991454d7cc881468d047422c1de2f8ef1e9eec93

SHA256
c94b13ecbfbb3a7ad27912b6e223c33783cd4c2b46d625cc8423327aa14d0840

SHA512
d838b422db1f99618de00e9065364a3e45887259912b79c388449d13425c1b6482bb96c6229f21a13d7593e64022a1cbcf46d88873402b52f1bdf7c9ff26420d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\76320926778bcc6f_0

Filesize
348KB

MD5
0b338de74626e5550bf7166f717e501a

SHA1
18c9f79ba3d54d60a432869df4659099c97491c3

SHA256
f3992af92a4db78bf488956abc309156bdf401dac8b6e9dc788cd91a2967dcc0

SHA512
0bf3fd50fd26fbb43a20e940e4783c12474f0131c01e563ccaff8ea45443f25dedc2a4ff2267882ed824fd627d9235a045c35d2bd112ff47acfdf1236b0f57ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fd2011c3b5d4795_0

Filesize
243B

MD5
dd049f3b25b17ce42f58dbd25f2b546c

SHA1
74b38786cf62d20d54c5e4bee80041a1525aab1a

SHA256
17f4cdb3bbd287725822776c211f1da3a948b83bce79ff68b6d853257c5c28b7

SHA512
4cc0173e21f1112c966a3e37a148769b2e76680997afe7fc39767001b810218722e285666349141b8281c0020acd0666d908ed8dca814bbd88b1ae89800ab4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fd2011c3b5d4795_0

Filesize
243B

MD5
3c2652cc0f9fcf67088aa11feea22cf4

SHA1
e00fb88158685e759287e9980050fc51eb66c8b3

SHA256
5992b853a2f2a08e83a04270a93c469cbb0435d5ecbd823df837357f6fbec267

SHA512
d60b5e19bba6dd767b87da37f26c511a323436d303a4083bc965d9b261f8d44980ecd7c208ee1e9d990177caa7410065ea729b4e7922995d0b85f9d9ef845598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fd2011c3b5d4795_0

Filesize
291B

MD5
f136f5f1f9442c394a4332568e4dd6a3

SHA1
8b42fa7b614a4f0f3da5ed6e9111547233f5f621

SHA256
5c6a82f1dfccc4c82764b422b727565cbc5c5d925b5c9d1ad8bc4e29ecbe7d2c

SHA512
ec2061ce1456a0ebfe6e7061dd9272c7ba67b199711125f22f3d6f6a5fc1e3a51319dd3fb26ea964255481c2ac7ba8ddcf47c20309e59fe58cfc84cc0cd97865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fd2011c3b5d4795_0

Filesize
291B

MD5
2a52d54ef80f18bb42b2b17cd49ae44b

SHA1
ed63bd46397c289710494fc5f84c71068bc75177

SHA256
653c8aaa1f5c9852418ceb480e1f0e4a3e7c4ca4a75732e7c427699c4eae9424

SHA512
5e209243d74ae2c68395bb23cc4cabdd59dbd64a09bb7ec94fd5a156059a55591dc7f04a3c86a42f479ca335a8002b3d65f16ffb53163c206487e1b49955f60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fd2011c3b5d4795_0

Filesize
243B

MD5
b56fec8b7d3b5902e7c217d8aab70156

SHA1
36348ecb0fcfef4e7b08d9f06502567af3a50a98

SHA256
30ef2947b1caee89248ff0cf92226d36afbaf8d1c2311943c7bd149e9c056d30

SHA512
28e8a18822a29934208a3e03933d6bf74592544249e6dd38682c4320d5213ca957fc0c95e85f95d97228e91d082af75781f1486674af31400fa4587b9a453f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b4daaa674b60777_0

Filesize
1.9MB

MD5
105c79ce5f9b2174d9367e3808b333db

SHA1
41557dff96fe50152e33e5777c0d2551987da6bc

SHA256
64db04271eaa1ee0c46ef983fc3eaeba0c0dd786cf979e4a3fa812adff610bc4

SHA512
7c87047f5441be901be30c1c8d605c3a11c34bda3daa58c5eef9ee2ff323a3c5f6029f404384bb891e07127f8eb66827ca7f6f3bbdcd1533048a83c12977983e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
710173c93fafda2239b982ef68f2df5b

SHA1
97257bfbae8b8f45f9f772251c26c508fbaf712e

SHA256
d4084f562c168a3041c73bfc5a2fdec164c702e264c4824ddd119ee14f701d52

SHA512
59601485f326db81bb318257a127e2959d692b9826824e486fe98bdcd2e0e1fc9a31ddb07d1195a67f318e2cd6df1c3e582155e44ca8afe651d7cdbbdc5f5c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8297384285e21ee26de577c6cf78a4bb

SHA1
07ac323aef1fce72797c4f36425a7ffa2889e0f4

SHA256
a7271364f13b1e9462377ad13458165039ce6c9f8a361aafec6bbbf0885e9f6d

SHA512
8896bfa3c5eed98d7ae2f6027bc61bb809756f88824ef9caa40f571d1b0f72efcc855dd07ad690e760f6edc72985781f6a3edeb20c7d19a07a38300e4fd1d038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6300e7b0e51d2579cb38bedf5abefa2c

SHA1
59dfb849c3095f0791ad57193a228dce224c2ac9

SHA256
def0b93e526bcde7e0a2eaa955c037d100853fed0f6508858fb450b8b4310a00

SHA512
ad0f55c420dab22c54ac7204894ef6e2758017e6be64146c6806364a15f72fa2e4cc31897235b90b14b70cf3937630cc6ae578bb2358cdf44687080ec5e97f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94f3781b5983000ea3f87503199dded7

SHA1
b177f8681b05dd2c2ce7eb9d96dde30f23631475

SHA256
83ee7716502157e837141bd360c2fd94b620f3561cbc208ed8465012b300ae96

SHA512
44d2c5fab4a51a63793e365c87b62b558e1b5656a1da05190f4d9ed5ff8d152077642de849eb8b0259e7f811b6d9d3b45b71a5e849d83c9be233e30235e44cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4533bbd590d4e31e9525d5b647b29bf8

SHA1
2f3fd6a64f94a41a6710612b088f9c94fc86ba5c

SHA256
968591eb46d3da56d0bac18f0d180653d4c0fabfb79e6dfaae29133ed854c775

SHA512
1b956f35b1b47c0e9fb74b342a7debb28f29099a6932cf35eb5892a93f36047c7ef322718e25703b68d4b2c361f50cab772a557aa8f0dbfce6685ce06ad1f94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
505b1768500ad43265185dd6778fe5f8

SHA1
5ce3cc9cdd3440aed58d853ca08f533845b39b3a

SHA256
1358283487a904ec2b101bf9480b88b151fa4bb864dad7b6693a32dfcbd2e889

SHA512
f3aca630fd6694872b6c05a839b8deab65db717d172f60293084aedf9642c51235e1422e7985b6219435163f1e9ee43879908f5d96a5b4baae5df0b79588f8dc

Download Submit
\??\pipe\LOCAL\crashpad_1580_RWRLNMYOONNLTFTV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit