1aebceff95513e97d4c99de718c22cad3984357943a4ef2c5a28801bc482bad5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 07:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7858ee08b767d7c8f891e249f41d1db7_JaffaCakes118.html
Size

146KB
MD5

7858ee08b767d7c8f891e249f41d1db7
SHA1

2b92a3afd10cfbbbcd0c0920144fbb53cf2943aa
SHA256

1aebceff95513e97d4c99de718c22cad3984357943a4ef2c5a28801bc482bad5
SHA512

5c0845fb65e8723f84bc228b82cac577bf31f48f65d6175d091393ed9a177468455ac81af0f5990d9db87b8b4ba9d1ad630ae2e0e25ca05737fe4a0e3b162a95
SSDEEP

3072:PZY2MYJ6rHfgaToXdYKljeJLb4O7BKMtgG:PmoaTogJHf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
4744	msedge.exe
4744	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 3776	4744	msedge.exe	83
PID 4744 wrote to memory of 3776	4744	msedge.exe	83
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 924	4744	msedge.exe	84
PID 4744 wrote to memory of 728	4744	msedge.exe	85
PID 4744 wrote to memory of 728	4744	msedge.exe	85
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86
PID 4744 wrote to memory of 1992	4744	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7858ee08b767d7c8f891e249f41d1db7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9428a46f8,0x7ff9428a4708,0x7ff9428a4718
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5224 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,83640534169679491,5019279003417534606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
  2⤵
  PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
74KB

MD5
1c7e1982bd31c4ac1f58bcd3bdde7267

SHA1
d672d5a215d6f3cd05138e121dc3a2aad8a584b0

SHA256
f7c3dc7f8feec3cc31ed8f65dcd3ebde31629c69e62c26ee44cb0dfc55c3de83

SHA512
33caa8d1f077129fc36e4da0f50aa8fb29b204dbc7e8439781f8e28a953da49a63a1057a83aeb1b33012aaeaf205ae62c34d1391b8885d375c486aa15ec4000e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
33KB

MD5
430d0f52546401d2f8c037bb84952ebc

SHA1
446c9de67e5cc8c01e2108494fa0055693dc6993

SHA256
fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696

SHA512
6b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
35KB

MD5
6199d66820d319b4c775ede9fc7b6ee1

SHA1
4fee1e4da9484d70b249e1baba854ef299545d31

SHA256
e2cad833dc8c2683c919b79df8b99ef320a786bc2c99331f9f717f4b68d444ce

SHA512
2b76d355d5db8f2cad15faf40ee05276ddafbe3954a3f2c3fda0416b340920f059df3334e92f95c9e733a17cb402ea50d746bc95ccb7e39f3504b376740c927b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
59KB

MD5
4ef198c7c852c766b7b196e35721bfa0

SHA1
6fcad08be77f06ed0b7210f4023b49d05c1202bb

SHA256
d44384ef86bd8ab71dcafa57efa2bee617c59b9e504277cbac9b1e9a02df70aa

SHA512
e3c5a244b8328180abd50428d6d02512a28927afb0f4054a0203d7da955789dabc1783fe4e1e14bee300c34f3292f692706ccf30c456b19d6a99201ec98b4abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
35KB

MD5
29b661fc1e9cf7368c9cf3e167cec1ac

SHA1
d655284f99581cc6a238f20425c33f83c18d5d49

SHA256
4b6275c7977f0cd7698d38c7726149bbb2a9902d33e7dd48a192a889c19f5ab6

SHA512
876d15b2c677a243b072b8e027d46fb66694dde10d8ef56d4ddfeeb56e352fb12aedbcdb57a5ddd13cd4795f1769a8775f083a73ced2b151acd9bba4ee3bbe30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
10890ec8ba1c4d551b9696293ca4536a

SHA1
6a0488109aee3420ded1be95315dd58af86945e6

SHA256
760f08d018f9664bc91769e78ce240c27c1c8ad2ca824f36cda3b516251c89aa

SHA512
7177ef5b3ba164e2e8769f54b67c446e68a5d0a9bce835845e2b080ad2e2263fc686ffc15860934a1e9fbc5be80080d055f3df0961044acecc1f75b87a924875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
26KB

MD5
b09bddc528092b4a4d4b1e06c96ea4a0

SHA1
06c6519d1bdf3230fd9805ad22b7f87b249a433e

SHA256
379f140057e313c85522339f0a0ebf599bbebd2e746283c9a841d8a4b3bedb8a

SHA512
0a12d510a28d6c84b5a59a213c3af92fd8d0fd97fa598e65ebb893dfdf43aee9a0c2e33725f663b91a82492ec977d1f9dbb59396fad25213af7068360d5b4c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
45KB

MD5
f075bd7242c1fe4112f60826c90ed233

SHA1
7029b77263de6855f603bd04dce698e5fe3e91c5

SHA256
b61c8f4f3c493152be4d031904761af44ba64f5258af33df8cf414efc6e4485c

SHA512
9d514c99d54bfb8eccf429ea0abeadf2d0e6bd195e61a6e392a94bbb8d1f5627db17682c8b789b60f600a17dbb6bb7c1ca6588ecc274d935622534e443694705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
39KB

MD5
69ee5ad4ae7dc88c7fb125d7f13ce2d0

SHA1
243b3374e539108a64781952bc74eb991490de38

SHA256
b17772ca43eb1ed849f1caeeb108dd6ba51c4b3eca5efece4a4fc5df7dc77946

SHA512
a4f99567ff74329cecc139604f9d518c855b5daa33906ed08b7a29a50ee0a3b001fe0e08433363d42a9c8975877702579c1fdd8d1cba087a30668f85d2b5c327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
31KB

MD5
f7425c25c6a053bb00588fc7a871e014

SHA1
3f2448d13faa5bc8a088d773a468317d32424336

SHA256
0cc8503c2d53ceb35b3d832b9742ee397d4f0bdd507259c261d46e237dad664b

SHA512
78b2278de365bf30de55d6c9fb8849d92b2ffb1d4eb968519ea1ac530d844503aae8fcd554cd6de3c6591e6ebbaea3dac353aca36253f45b6984d57b9abd4e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
05dfe92dcf88bb1fa47a1236fac012ce

SHA1
2b56c2d3f40043ba398ad7fb6225e388106d3ec9

SHA256
0fdd693ffe81c7adc1963c2c46f375828a471b5c4b808424bf294954a59e010d

SHA512
62b2f48e26e9ac93a1374967c79358cc80b479b440bd1743a88f4886a46486e458a24e9ff57dc514376a4d55f2ced219ce7d1293e68cc9f632b829a993b0add6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
26KB

MD5
aae0363036fa76d7b5274cd9b1b4b2ab

SHA1
3d60360f0825032c2a73b9add936c7d77235016e

SHA256
1f5a35a905a682b2ca0781b5c1168112f16a772b67bb127e98cb2bca77b51b51

SHA512
592be00349f4acc43d6e07de96dc52c06fb982d334f6a192ec8b35818bed32dae45488de5137f429660baedd39eb1bb96573c7a0e373f57d05debc29cce233b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
26KB

MD5
bf139cee6a1983815bab150a62963659

SHA1
c6c743a3638588026f36bc2cc688b83d08230f2b

SHA256
c49a2835dfd52ff95b155c8e06719cadf6b363c49205c5d4485405a40034da88

SHA512
ec2f601914bf202bd3db56245b5f57a100c8d064a4fe2244b999d46f37b039311e3e40b2f40ef9b1dbbfa9c8f5ece1510668a936a44467114c5b55e8ce02847c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
38KB

MD5
b0d853128b7e725ba4bb7df3515c15b4

SHA1
34e3cf6c16c0a849595fca884de715cafb87be24

SHA256
e8d5fc8abd2804e69fa0fdb6ab578063505b309c26acf8f334434c567c8de2ad

SHA512
06acb46b694ccdcc1c4c2c3b97b422dc194863fd68d4bdf310d0b17e311cdc222cf3b7937a8ce1c8745f5921657020aec777ee0f23940ff667261c981728e3e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
16KB

MD5
23d33f465e99f0ca66268cbdd2f758b1

SHA1
996476866432c10d8ef9055a6dbb8480fabd75f0

SHA256
5d8a3565505da822b29873492597d4fa2d1762ce13fec307d2c522ccfd176fe6

SHA512
239e15b21de0bc6c23aaf1568ce5513cf1e763a12ed1cdc04bd442d8c011c5c481d28cd9aab8947c9717996e5ab21e23c8ddca34f7159669988cd155ff6557c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
157KB

MD5
a07a0041143bc11d11c2fe0d37a5ded7

SHA1
cb14b39ec6f8a362a08d1957af211d81f750d54d

SHA256
233746b5d7f58579f0d5ea21e4907fdb5be5469f05dd7691633448aead77fc98

SHA512
17811e64a82d0810bb293ebafd2a04b20efacff9e12ae3f6bc555f75232349766cc52434947614684ee43ff00478cdc0c92b692053bd31c38638fb15b2586f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
22KB

MD5
ac6b95e9d9897cf998f271770e60a443

SHA1
0c537afb8c5c3d8ffca9a2be7f3663149600fb81

SHA256
2723df7fa8a655444d96894c9d64c6f34e0c9685a8d7eeeb8241ee3e09bb9273

SHA512
9f95ee9c3a499d910bd1dbd63ea7f7505269fbaa3cfcfcb525e43e676d9d7274fdab3e06921dd86a1d1bf367716428521d192ce8238e6eaff1eee1fc62b254cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
24KB

MD5
cdacb12ce91d78c9424b02df3097aba1

SHA1
ddfacd93f079b18acd18ee51c13f7f4953f533b2

SHA256
ce31ca21583954bed2ea433799d7b6efe2f4f8040053c05b33929aad0722c41b

SHA512
de3f9a95b7a737ef5b85e2fd51329cb4f0aa3c5072ac3a22ea73e57217bf46e7e3858bdce881c80636047d8d56c7bd982a03465c2a7e6ec44deeb4e59acb1510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
18KB

MD5
707cb77e68a8d5487f4dcdc917a22dfe

SHA1
8ae675a6906286d35972fd1c9f337bfbd041d487

SHA256
0c6e801da70cb87cbd906b03a044fd9f7d70e5b0d98e72d793edceb300b530b8

SHA512
b50251104ce137c8c22e31f286865d3d92cd4da6a7632e8fbf316be68ff9fa00a2f5b3732ec3de3531456e49378b7c3d3cb550d12e0ffbfcfed570477af0538d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
17KB

MD5
cf8c9287e3db2771e2ffa1641b624379

SHA1
a461ee8af98de48c1d5d5ec0ceb87144521a462c

SHA256
ef22a7cdd1b8777ae2645d6853ae88b49c5a9e631b46376242701857fab1b5da

SHA512
432ca210fc46498ed589d30430b61251d015adcb9393f47cb322cfd1e1b72f3450a4ffa3dea23c8cca53dc4e169e56ed493110cf416ad2cf778b038c3b1578cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1c718951ac93d40dbede65a865cebfa1

SHA1
efc7ab642209e75d4ba89cc639d005d84a34069c

SHA256
1f9b77aad3bc5c15126493ba273ff92bb8a907be9d389d49d019b805ae6e7a36

SHA512
d4cba43e9a00494a701c8aed6d39a32a2eb81b3ad6991d50b10497be3daaf9ec7cab9ef9b3afe0980b1fc81a3603fe9afffb706dca7baf4d3143e717dbddfd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7aa8eba1f260da647cc64cefb07c475

SHA1
2811d4af2bc81b7aceb2987f6a3310b4f3e5e464

SHA256
9ce7e2252fa413707bef38ffab0c97b69d7bf0f2a5a4daaef9d1d2d835b58d1b

SHA512
f54b6eec57f7f6bc0d6c6efe0b010e071e4b3d13c87ef5bce9f9756a8ed73ea871e9ee46f7437a3295407e1f8daeaedb6fbb168a63ac9a3082615cab737e12b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae4d5c29a9607a2462541450c48373b6

SHA1
bb0fec9f2110478c1f7dd58b0377d5258d2d2056

SHA256
706fa16f24a1b341cca8f974c6337894defdd9c17b7a7ef5c7fd28de93b0c11a

SHA512
893b438a68f7ec59143f3b2c0fc2c518b380cee164cce252935954d3d7ad397b80856455687f794a5fb9da0b49f16d33ec85820bdb0f33527a0bad35971e8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3353fb218d6ed4f20b6393d447bde94

SHA1
db38fc4017d92bf7a692afd2cd3755217148234d

SHA256
3e976451f3113cb692016d595568f53c7e951c99f43b0b626568907ad387f682

SHA512
dabecc580ae403712b04c8c3464e5fa253d0cca06ffb225522a82bc2516ccb1ab7afa2337d7efa010be6416e44a9a3750c22a8e33bad731b3101f92c1fc7fb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b6bc5ea2f5faa6f64b49700c67aa7aa

SHA1
67b6c55f898fe4da0f9774a1f7a45eee0e0b9b0b

SHA256
c70880e0d222f7a18f43ff5f12e25bae6ae207697a449e0c8a9840ead457ea3d

SHA512
e3fd04aa410e19533e41a36a1157629b04f6ac5ba6e5a819a58584d3710eba2c733cf72dcf705531d4a5c57a57246d4bd279cf49d06e7f6ee45a6c9746e65d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90d9d4be8df385c9c7e65e585bf831a2

SHA1
297d4a04cc8b6f3d1ddb582a1a4236042bcd9e9f

SHA256
1edef372b79dd25eafb4fee20d704dbaaf38062476ded1fe24805de0bd3db86b

SHA512
ea3247384147acf2be0dcaef095117f0c984cd4d5ac8a06907e4a6eff4d2deccd2530ca16cd9e2689027fcd9c7d12262eb005e253cce2fabd8de9628119708d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dcd72dc2-cc0c-4ed4-b135-495c2bd3d7f5.tmp

Filesize
1KB

MD5
2a2f662fe8c8acd858df1278a10da229

SHA1
6d17534dccd2ee8b2fff705962db237f5948d36e

SHA256
9484542c667d57195d9f695046a778f25973ce4058a682c3b9f22b1b38c1e1bd

SHA512
b2824b3f528633233ec28ebeac01c53d53d856a796298be5b5bf75f44b501e82b640a91178bc07b7ac9daf85ff1db9bcfd4da2a5ed61f0ce3a4ef168c7811700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7fdba942f5190e826e21ea512f35307

SHA1
5d723992c60a28f555b9b85e25db76e5ca05268e

SHA256
3aa0a5b79b1ff7177707dce8d34748cff4667c22290a14df1905c7f02d87a219

SHA512
8aa5171ae8ada3f28f892ac666b293a31cd409fb906e014d83c61ce7c5df229a344b74abeef7c9908394c818a115853ea75813c83348b0d95f52cce211b73273

Download Submit