20a8672cceea882e51efb2a71cd93c51e853203529b3ecabe6ae96934d6459fa

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 11:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f0ee8da6e7c57cd1e40f3f33b8f138a3_JaffaCakes118.html
Size

140KB
MD5

f0ee8da6e7c57cd1e40f3f33b8f138a3
SHA1

83dd4d2da535846a66989b64061f38e540e60c65
SHA256

20a8672cceea882e51efb2a71cd93c51e853203529b3ecabe6ae96934d6459fa
SHA512

c6f67368db26fff40f6df274985c6f59ecb5a1ed7567310953459169e65be409c7f0d7f0f3cd9d38746535d16ba0c26df1f840622c28fdb4106debd017fe70ff
SSDEEP

3072:5ojdpBArT8B5OrpAoB2zswG++13W3c6DPcKWbbfSVcn/1:5oppBSl32zswwv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
1220	msedge.exe
1220	msedge.exe
900	identity_helper.exe
900	identity_helper.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 3880	1220	msedge.exe	85
PID 1220 wrote to memory of 3880	1220	msedge.exe	85
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 1080	1220	msedge.exe	86
PID 1220 wrote to memory of 5092	1220	msedge.exe	87
PID 1220 wrote to memory of 5092	1220	msedge.exe	87
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88
PID 1220 wrote to memory of 1108	1220	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f0ee8da6e7c57cd1e40f3f33b8f138a3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc013a46f8,0x7ffc013a4708,0x7ffc013a4718
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17019311117875366490,1463033875056872298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4caa0293-ec6c-4e1c-9e8d-4c3d440f23e1.tmp

Filesize
6KB

MD5
7c1452e227914664939931ccb7d0d8ff

SHA1
655c5a280b1735bece846f4281ea92c189fb4780

SHA256
6e29de3562124bfaf1e8f8b1f354ae8bb4c45ab1b73b2a0f6d2e4210ee852025

SHA512
1129789a949a484d00a47d83e8ae257d2b127cec8fb4e0d563b5d6ca6e41383200c513437704343403182b7396cadd0598a1059d60282b70836ff78fd9639f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
0c537a82da568b1528a5b4c5db95f169

SHA1
cbce4bdcd79433b66466b9fe3c0fec730b1a5bb4

SHA256
73279553e1043b5a1f12766aadf552ffdaeb0a22bff842e68a299dbb7af01ec8

SHA512
76ed9ad0826f246c6a3b1b00215625e38437d477e1df4c57c2a56071a4c2d80465a62062b44e33de2ba58f90e664f0c9bdedc2b274ab54706209b812c0d95485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
44KB

MD5
57ae46a87a9955c7c61ce5cfebde0bf6

SHA1
2a9297a0e2ee5f4e0a9b1de88ffd2121d5d2ca77

SHA256
891dc8b9999ba1b2d25c1a044b49330b66b86f986478282f4e5950b726e9878f

SHA512
34e51215e347df35ae4cf8420e2148420780f78123a37450682ed92841c6e1dd1635317cae1ef925a001bda733228db0f5de87faa0a10c36cb967e9b70691689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f62c5a0966166693ed43589c967c7028

SHA1
c6f76ffab088be4b755bf73ae473c7332c5a9af7

SHA256
913eb1ec3e83539cdef8067aff907a39b58404ad89aff6deaf078ff001794d92

SHA512
619461ccbaa4d04a7406bf5a75efb8a7eaf6e3bbe6fa41569a5599f0814a808c65983781ff88121bf71a1d18f222c68886af574a38c9865df50041372edae8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9baacaf1a2ab51d00cd471e8e3d77eaf

SHA1
a1bbfc65b830b146437c521b109af97dbc67d95a

SHA256
6cd51427048a215bc708212dc90522aaef192366fa92a6860f335f5cfbe6a0e6

SHA512
0fd22b0620e30cc96c1d8475048a49b5f4cf0c14bb1e638f545a6de87b5281eae982a0c3d236bb34c39fa3951efaa8cdc5fe08ddf78ff8ff4b02c37d4fb6b754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c9c479ec29ebe94187b348ac0ec707c2

SHA1
5b6a994b81530ff783b696094df3408554dfb461

SHA256
04386ff68cca9195e4307a53544a3604d6f0e75e1dc9c65c3df32ee849605669

SHA512
516c467942a5b6cbe0dbf4310decec8019b29601e5bda6065d7d0253dd127e30bc27b41e0f945d6b8c38a5de79b788aa2b4439f7c86a0611491ff37dd04f3faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75ea95cab1bba2b452d600b6f1757165

SHA1
f206b757e8d58c6477d64ad4bcd166b18d4a8301

SHA256
d68f907730fa4cbc644658267841283783005e069a18447cb78ecdb190b2d400

SHA512
4723dc6ab0a6fed3732d8f42c5c6408a4208f211bfbcd9be698cb6dce2fce3c937eabbdbdcf79f537853a51196dc76eba7932b84f83ff82b706d471531eb7284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d078defdc455840dd19619088d2cf27f

SHA1
26ff909bd11126deaa2e402c38dd0189cb80dfa7

SHA256
0be9209d4a139e7e85fd7da92cf39cb410de5daa011734ac78d3ef1f04a33fba

SHA512
f6d749f485bb84072d729ee62023e2d2edb3cde002283ce38019fb54b612ccc3f1a2893e6e032663f0d6e1f20f69b2c0cf3ce9ea03314c7e07a220f70f950cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa526b8269b53d9a2af3308f2bf628b5

SHA1
402f5fd8ea5c9b6709990643a11037c8e87cc95d

SHA256
de42197e0e67577c93d710422c51316769a9c0a5f181230b6ac1aeb71a9239bb

SHA512
a636601ed1f727cabfe6b2fbe1539d162ee9f1fe96b429f7c14610e5e3db6df3e9bdd2261f083008d09988e7110d48657392610004cffe422507bbe138957f2e

Download Submit