a6ae54083239d3f6571b12019b141a81de8ad5392eb8cafff99be834d710c2d7

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

862e20ce3b9ae4d00af6861b9122e07f_JaffaCakes118.html
Size

71KB
MD5

862e20ce3b9ae4d00af6861b9122e07f
SHA1

21166625d0607f797e76d1c828cf4a38be04090c
SHA256

a6ae54083239d3f6571b12019b141a81de8ad5392eb8cafff99be834d710c2d7
SHA512

43f53a990742382e91370528cd0c6f748e9f17de53aad661d9cae113319ad7d7581ebb3a89e60e182239024a60d3f8c8b44fbf52f4bcc5eb5ee69c10af04b4f2
SSDEEP

1536:6Cwgr8VSeO3xt8sU1I2bKSm1aS6cgRrRtLl/8:NeO3x+mSmYntLl/8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
2592	msedge.exe
2592	msedge.exe
2996	identity_helper.exe
2996	identity_helper.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 3456	2592	msedge.exe	84
PID 2592 wrote to memory of 3456	2592	msedge.exe	84
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 3920	2592	msedge.exe	85
PID 2592 wrote to memory of 1144	2592	msedge.exe	86
PID 2592 wrote to memory of 1144	2592	msedge.exe	86
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87
PID 2592 wrote to memory of 4880	2592	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\862e20ce3b9ae4d00af6861b9122e07f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec9a246f8,0x7ffec9a24708,0x7ffec9a24718
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10529079212743807177,12707833466699587639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
beda68c7227c7a5a9f974b1c74d257a0

SHA1
8a03576d27c23e9612bcbb5b9e758e4535ee4c81

SHA256
e9b270df7c8655f05f8336e4897debbf71a38a69c3030f33031376b4257addb2

SHA512
4e178897f5ae13f1cbb2b374918e22b5b281a78e3362fd6125701776c8826956c06153147840b52aaf4316bc8078059f83ee4758d84cde70190bde8f1f36e619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
53KB

MD5
7aa114a7529d6cde8e4b50d90e95d405

SHA1
ab782e84737a2ce23aa36e7defc19f3b93a0a6e4

SHA256
0e74fc7a63739746a2d2e0e855c6a744df18065cfd9904bcde8764eaa6d51105

SHA512
ce06ad1b91a3f2186e68a2c1692a5dcaabdcd1ebc44eabeefe61db6575f4479f11118c814611fb53b8770ed11c5853badc9e24c4cf9e690ccdcb2c508708202b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
75KB

MD5
17dc0a50c8946e93b5343d2016673969

SHA1
3d63cdc50b1fbf94e3f9fd4f8179dd8f36a32e03

SHA256
a41c9b0891fb342c3e0934ff1bf580f59ec60ac680aaa6849b6e4126c641e656

SHA512
b962abdcf1e86f9fea381dcd336927ce38611ba66e764f073bdbdae5071e0c4957effb434e4f4da06dc98f9a4c51bc29be2ecd351cadb5cebdddc3f9bcad685b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
115KB

MD5
5a6050a7b3a82e40b0778ee05e68dbfa

SHA1
c04b45d34b36ba971590dd5b7066e86103cc7a72

SHA256
2dd0d757f0c42bacebaa7944afe64a14b7cdbece3285e8c697e343d6d1e20901

SHA512
fd778f6ffa09892f18d4c477baf386b15fe875c4a4c6c3e23865e7ec1829cdc4a8ae6b8a426d6fc5cf8638623670d1615eda00f844a1280dcd5301c1e93fd86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
21df2b7522140097aec2e7b4a0c7913e

SHA1
1fd9132bfe73fd777e875f16e02bbc3c709feedd

SHA256
b66990c0efcafce7f2d00a4fa30de83b7ca2caded4b18e3d5e142b5e8859d7d3

SHA512
5c88b942fb87922a60bc0ada7a904e8ff2d173cb4e41816fb7aaa17c4907a7d4e5d54ab0599ccda5b54acef83819749317dd7da1e5e1d7d682ce032c176cd70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
7b7e73296c8b48813822070a722957e8

SHA1
406ff753cb9642a54f93e2712b7c0511502bd346

SHA256
e9605400fde2786546da0bfdb0c96ccb1fe100c2ed7428a1237786d8bfe181ae

SHA512
dd076be163db134dab54571d9786fcc0269e38d7bc064af8e18cbe0cbf0c5f38ad1903fc6efe72017137e70f17bf2c8d19947bcee43012f13c94d566fa9606e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
5a38a10043ee2e01828b9a6ea5877b78

SHA1
571258d4fe7a36032be4d277935e37a12c22c97b

SHA256
77a979dab4b94be4b472349067b748687d959e50914c5671eeafbbc3fc4e75c3

SHA512
7809fd2afb12c6e942304888d27bb8dae7dfe2d72ddc172925048ab9ef30aa0ea9a392943a67aa980ebebd8a8122ab1514bf817611a01d36f4675682f25e7e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
1d4ad99be7c1421942cf11f78728fea9

SHA1
c3b988c397e5cfe2a749b39f8d67214c047bc898

SHA256
466e95c2056c1cd7b7213d1dc755aa26c418e1569d2787dcc52a9737250a25f7

SHA512
e6943604ca965a4d02027f34ab3c3adb5a0f149e5e3b5da00d5bd172f176135e7d425edc7ab987bec42730b9bf9489e8e85089e1aa2cb103c9f4defddb3bfcb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
777466f079b40274b3574657dfca8088

SHA1
bb6507e9fa11e7fc8c7e9babc885269539cd65b5

SHA256
8e9be67736700a0a33907dc30cb6224412ee0317e59be3166276dde535b9b186

SHA512
e6c1e00d6ef31a2109e4e072f3fbff2b35fa6483d7d133a8a9e651766359620047feb2f91cf34538cd869c3ba124273adc39ed2ae5b65af7ec72fa83cb976b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d87e6e501270c9ab1a64fc5ce2d92e38

SHA1
778263c758c49cf158340adb257e4a56ba5b6327

SHA256
3a21480727b237b3e6fbdb2be12a0b93cdf80671a921adeaf1d82bf916e5cb3d

SHA512
3d048df60d238644503927d5297aa88e22a79471aa059c87d79b20818c0e9ea213f1f4c01d125145d80a9e31208894b8497275a1902dbfcc5cf013ced0cf0882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
246e5cccfcfe51ac6263a89916a1b2d3

SHA1
126deee7b948570f827ff00bac43ea0a2be05231

SHA256
ce8dadc69d86760f47c5d7532196f4c998ee152c8ae8a4e3a0c2f5c82d5f71c8

SHA512
4dd03a8b548d64246e2d59d0a3ccaccbe87447c134bdf8858bea8a65bfea81620fe5f8125bf3f24d8554d0882dc001c49eab9427b9b92e948b83df6cd4b519ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a4d21ea72a165371a585d52a8ffc5f8

SHA1
6d199e47be76a27e7b709b35e2af4a8293aaed19

SHA256
fb717e3b9ffe07679c08bcbd6ec29ead59fbcbeeea006935037b136e890fdd8a

SHA512
31b9e39154e7612c5fc42ee72f188e258d1e229518477a9b08f484031a9e8a02b2e8c8fa4a8274e6d7e51bf4cc8386afaa9381c1db29439817cc14476b2b395c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd2d6dfd3e1297b7bd2a6a551d7902a6

SHA1
890bbed584500d563c3ac4ef8b429c42b8069fec

SHA256
d6629488bd5ab334bb7b3e992905b36304909c1627c75110c4db471f28aeaa15

SHA512
0f47bc13c88f6d082dd3187def05e3dac1518b7ef08b1f2c88b40c4997f9b5e87c0a7a43261402a16b384169bceee4b2d9bfa7f6306e558824256627e4371a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ad46cea1a57d2358ec0b575804712ec

SHA1
2966fe270b1812b30a5e691329377132edc9d1f6

SHA256
d105d6f56e4266c177b136e3a571e667ee2b49d8c34051d2074afd5e9b363844

SHA512
91b9c255d55b081a8ec1c92465320fa8fdb02ff99b42859bf1c3397fb7bb114335c052f165e681a558e70d28631cc8c2e2142c6c24d001a447c155c8e825f79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f27571997f7f8a42a2178746d6b38c2

SHA1
7d0213a7eb2260e318d23662f166afcbb73750cc

SHA256
3bfaf09b22a6d30cc6489c9c0905473e44002ed52a2f820a843aec15ddd5835f

SHA512
5a6d2fba791699f93a91dc1c7aa6d772da40349a61c83f2a526883dd6b6bf600d31927b2f090efce105e193dd3ffa75fdeb3b9a838ab032e849bd83003a6c29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d27a355cc0138795215afdf864d15b8c

SHA1
a1b599989e28ef8dfa17bfb09ecfaa1540e3cdf9

SHA256
1118eb2879ed799908eebde2badd3112812ec19a7ed12a88e6e73cde947987e7

SHA512
98041f978496da36b6d5247f2907b786d1a76fe2eac73e711edf3a53298207efcfb33c428e92ae4d0016b2d277cf045afe81e7c8fa305b8ecbce379850ca6148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2ae5057796cea11aefab30b8b1a951c

SHA1
e542ade02073cd8886c979b53bc7a04f96cdef14

SHA256
cb5d70212d58f6ac5e7753e9405bd064a24eabc12781ea3a8f93a7d9b9079a3d

SHA512
e981801e8976f226ba28d386cb04ca1c8284a593b3c337405f5de2858b29323c523ee776f30731751086c0d48b83f8a3ee7bb09e561a508d7453272e71b8e673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
1dc372cd3473df83802e47b67133eefa

SHA1
2052042acce97bf851d96d8164503dd643f01f27

SHA256
c2ce8148c3035b0517c4463e9e3823d055ae62d7d95bb65892c8668be8a6a908

SHA512
4196a98cfd739de28ce882d2c2cbc2a1442212894ef0a1760803e2aa0c416d405a5b1a70ad8ba2eae955c1e7a1934ffb2ff28ac175ced95aa5f6de0001500611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
bb3a61b7344f9f25dbfd3a08f727224d

SHA1
8ef0a57ca66d6d18d3e134ac2a4d04b6bc50eff7

SHA256
baea03b2f24dd83cc70a1ed31a8a7a5a2d730ce4fea73fd29cbf0ebbdf960ef0

SHA512
6d5a75a11032c3e82f0c334c24c2bad2089174905d84fb33a3b3712e6a4cef8ec3e7b02af9b4fc5f601dbee8e161d5de69250764208668a438a5c1a4ac0c186c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
9310bbd9f08b15c02e33f461aac8277e

SHA1
c54cdec754403fe1106aa6fbdbc0bcea203375db

SHA256
58a754a4c37d64740212740584edb08b606133ce60b7a3723607f98c530861c3

SHA512
96b25cdc258929234a03736fb539aaedf14a7fdbe323ba04a6a6580dc12b4e70c94a9d15cd3bfae0c879fa2c91efa79030e15e0ddcdb5ccd8ca086cb506828ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
2519044d9dd45da13b1aa0381ae7df45

SHA1
cac78b46fec59541de74def8aa1d676c8b9fb31e

SHA256
9f3eb8f3bc3434880e1812e84c3fc666de9730e9561c46e51a733cff4257a0f4

SHA512
c19c50fc4e679bd5d74236a2de540b1066b9f77b38943d2d565366f2d09aac218720530d1b203f45040791d74a098de98da7b7dadd1981c9d0d5659df29c0468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58776d.TMP

Filesize
203B

MD5
0ff8aa0f62934d698399b682f73e99ea

SHA1
6675d99d7b00eb2ebe4e186b576568d044c10509

SHA256
7728296ce7ed085c703fd2f36dab7047949475baf630c85dde6d3ce6fad49e71

SHA512
21bc4bc49976e9a15c2e85b81dee60bdf1f61b616d02bfe0a671ca17fcef91ac6c4f3b34566636a7661697ad28c1e03afeeaf97256a79e6ad2217a8643541ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03e3f0ab91d8ad1867664bc1b1b8e195

SHA1
e4dcc5ce882d7aa5ba3b8774f59fdebb5a2c0f3f

SHA256
4149578ea64e296fb589d076fe4cc414c06c2388019cac91426b94bf6ad3cc6d

SHA512
bedeeaacf758939780d8bfc4d4985307ff95c98eff5ea19a7b2ee67c5c8a3d659485d0b8cd2ee92307d60dae51af249f618f2409a24492b3757c938286ca125a

Download Submit