35cdfce84d28a6789b8de70bd08737a5bef5453df2b45219aa9598955b8668c2

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe
Size

4.0MB
MD5

fb729cc727e541366021f039759a0d9c
SHA1

dff54fe5fb18e8b9ac75c5c2a435a5f4ee6b05fd
SHA256

35cdfce84d28a6789b8de70bd08737a5bef5453df2b45219aa9598955b8668c2
SHA512

4af200d7a17e492557a0e67758eead65b2f7f7ee8c41558ad3440493be654368a85a2d478beaaee12dad8afa51a2afeffae647a91459fa5b25263825a3b32f78
SSDEEP

6144:vxb4lxG83BGQFps74xdZL4Ego5ZyVWu356Ro/KL2PstTu/uo:vaG8h7WKZlZET56WKLx6uo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{E7407C3C-2526-4923-9BCB-43246A137987}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

msedge.exe

pid process

2496 msedge.exe
2496 msedge.exe
2496 msedge.exe
2496 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fb729cc727e541366021f039759a0d9c_JaffaCakes118.exemsedge.exe

description	pid	process	target process
PID 5112 wrote to memory of 5000	5112	fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe	msedge.exe
PID 5112 wrote to memory of 5000	5112	fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe	msedge.exe
PID 5112 wrote to memory of 2496	5112	fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe	msedge.exe
PID 5112 wrote to memory of 2496	5112	fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe	msedge.exe
PID 2496 wrote to memory of 2152	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 2152	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 1856	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 5052	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 5052	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 4944	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 4944	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 4944	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 4944	2496	msedge.exe	msedge.exe
PID 2496 wrote to memory of 4944	2496	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2a4,0x2a8,0x34c,0x35c,0x3ac,0x7ff88d9a2e98,0x7ff88d9a2ea4,0x7ff88d9a2eb0
    3⤵
    PID:2152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2104 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:1856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2416 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2688 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3408 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:1244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3432 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:2444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3972 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3576 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5212 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3476
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5756 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5756 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5108 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3568 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5656 --field-trial-handle=2108,i,7242372228361691329,3330679454139747786,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4168 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=744 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5392 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5504 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5548 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0b65f0f415bd805625009245bdd6fc6d

SHA1
6c54e7d88f833840269994b18c7520bc27aef2d4

SHA256
e9591ca954f9b2a9d7a1dee48d488f2b2c9a6ede4d280791e565e57d996c4fda

SHA512
1bd9ada966040f04650600cfa38e4f851f12ff9ee973bf5e6de99679e501db55ca9c5231b45a35aafd349e46e2b5cbe1efe07ae0b77292411f9812a35f80e760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
560aee8080d437d91ae6db16cdad6cb7

SHA1
1a57cc6f4adef9672e56bf21e9f9346592cb91f2

SHA256
3dc712f137569da20fb78d89ebd284b6e7c1255f586b890d716760e4830b2f31

SHA512
afd097182662553c178bcdded4a05466617b9ac1e61d5631d5550bcf6ade73542c51486ca230adfcddb264a723890bbecd8b3c7066f6c8e52a5f5cb8be47b68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7da3bc4987345bf340592ce7acd38bcd

SHA1
07b562bae4d0447e5d07058b294d4485e32c4e8e

SHA256
08399b5de96bbd5fab691f00768951d5fe60c1aae16de893b5c41d0c024ead45

SHA512
879930c0e37500c8cf5d8024f7206f90089ca0cc56fbc839d36e9e5be0f8e2e7e8da9079272541b68bb140005916e25750cb40a1e6c1a2e45e1fb3aa3630e7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe593668.TMP

Filesize
72B

MD5
749dd4e9ce36cdff5ad64e6d7b16eb44

SHA1
03f4a621d5a7c994dc8f19e30dfcd9fe062246cc

SHA256
cb0bca5fd685d70a0b42fb6db4baf515db85d2531cebf1896e48e3671a7efb8d

SHA512
9302d9840b5670d1cdf06bdd0a9c8d5c20556adaa14d226311ebcdb2c58757b8efb8479370ea0076f8e0555c4f35eb5fbf17ac2790b65ef751cffad89c5fa853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
62d55d642a76adda060e3833829768e8

SHA1
c7202fc6c0ed7d039e9bf08e9d9d98bc8307f45b

SHA256
3e13cbc8d42e4ba170b890e17abbaa1e546fdd820a61b2ec81e1ae4522964f5d

SHA512
a14e785ea67902c3881c3205624a84203c4809aa910cc219e8445828d2f54c8be60939e2af05a8525b3ce8485ad897c272bda0b5e7cc5012a7c6ff6107fab964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
f2ae78be620afe8a780415e4b2229f8a

SHA1
3724cb0226077e021998125dbe3a1c0246a8d2f9

SHA256
e7fa59d20b245355a3986931a65a33d79e51310fbfc523a292aebc62a29aedd7

SHA512
8e4d8d5511878538b106a32ed456cff8db448c8d11e2d61e7126a3d9e0033f11db95b46952debda588685b34dc750650cdbfa8dee21eb405f3d0428e1a4ab423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1021B

MD5
936dbb5dc57564ca2d727b4a1303e2ae

SHA1
f837be291b5c75b97168ac8a47f6a4a972ea42fd

SHA256
ce21601969de12274a29e9f12031a911a82f6c22d9237e03e9d4ca49b542f5ce

SHA512
aa9c4c7d3f634200c2f2087606a2369cea8fa9f6329bc8b83ded81d2c18cf4606c4f8b3123e2fbb803cca6a9e11778b0a8f417ef1ff2d27b34afbb1437efd69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5481e3234de7384b909c402a1d768017

SHA1
7a67b1501e03754c36e2595591c5d1ccfcdf9a2d

SHA256
1e36a8667e53a7262ab42ed9c9ee38ea2ede919ceff905fca6c0c13e21275784

SHA512
7ecba0f6090ac381071fbadd2c02d285be6e3b7672be9e8de04c1bf4d0490e59059a68febabc994839d1a85a926cecca69fe8f7704c7abe8e6ec81221ac5e985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
b36f9ca49612793e58401e8e108b1e1f

SHA1
8819970efd72bb85f9ff291d3ed23c3e999561e7

SHA256
b018a244fc7ebc74468c3bccb2bc8851daafca8711a1da5fd35dcdae108c2d60

SHA512
ec19f7fbcb6e03be3984c941c2afa32b29e2fd88fb91aaf0ba9cc90ef721c8cb23a973f73b49999827f2f4c91e7b90ffc2292767cc0a3d9e73c74d241c449ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
8f03cb33e28f71206e3477919a93f5e0

SHA1
7c7c8eb8900155b5997c3bed586aafa522cc3e4d

SHA256
f92ae9fbc5a30a35111a055c61b9ca659d959912681f67c7cc5f4c3295966624

SHA512
8e1f09c53da49710fb41423a6bde39e5b38640578bb399739933201441484cf68f2a5e6f2af83c75c564e1d0d9adaf56b1f25f1e557a7688f9509693e30f7f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
69c771887c640f98793a4712eac30cdf

SHA1
4a9fe6c2c5aa0b90e9d4bf5fb55f45091d39ce79

SHA256
8a187c2823ad0261b2a094a2988c7c6fc61d283b18181065998c25804d9cecb8

SHA512
2c7591eec9f2fb02b1bee77e7ee4876466ad3645777e825c542c4b335103ad34912522f340b68dc4e8bda275613882b8ee559963478609a9becc4bc350942b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
549b24de1e4f39dab8ef587fce17d180

SHA1
8eb9d45541170f6ff89a66a5c3c96ba13345a124

SHA256
48bdd78d105c1144bdb1f4d3731b76b8dc0e3faa8da66da04d22efbf78e36782

SHA512
9289181b0efc269cfc9d70632e33cdd64d0aa68a3a2364aee9e5d2494343f74f01e2053a3bdca55e99fab5092ba03c4cb9112d040c775835544645befd8435f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
06f220f990045cbe58232fc3f2d2127a

SHA1
69b9f53e3476f172fc9d3decb51abc0a44ef304a

SHA256
df6e8b8d58a8eee86ea24ba51ae2c57e8805b0f59c5412d82489a7455243b8ee

SHA512
8145d68bd18af6870b12961f1fcb573808c8b68d1dfb4b0ab5c30811b8eb5f484cabbb0ea78119acd6e762fcb7533a72e31b5aa253a1bb59738167fda70e0709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
573172c290fc8ac261d22916d381237f

SHA1
061be1d3386724511a7aaaf15a5c605f19f22108

SHA256
0195a84d1e22aadba4968d162ad36cb8c9eb4fa7e7445f655deb3e68e86c183f

SHA512
3e42fa619c7f3d2079ee737422938708f60fa28b0ccb9e8b3dcbcbb6be3e233176d5cf3557b3018c5461a5f46ab3de8cebaac29fe7c585e72fcac7761aeeb567

Download Submit