e0d263aa512225ccc3911b39e53683ea45d4793451fb87aede0dfa49ee8e1d4b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 02:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f3717c9f872c1b01929c9f81682ac19_JaffaCakes118.html
Size

174KB
MD5

1f3717c9f872c1b01929c9f81682ac19
SHA1

fc7dc78351c22a7d0728120983a6a047579f8a64
SHA256

e0d263aa512225ccc3911b39e53683ea45d4793451fb87aede0dfa49ee8e1d4b
SHA512

1e8375a4400bca88c0215b9a272c78d702aeba396c79b7d029d5346a24b0bcc66acce31da53e546d2699d006fefde6fb127bdd563fab5d74c8b8a6c1df42ef2c
SSDEEP

3072:7SCUxRMDP7xW6Hg/8Lc459LqNFLEI6InK0mOI9hWy+6ivou3QTK7INiYvJe82Obf:1Po6msb

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
24	sites.google.com
25	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
4748	msedge.exe
4748	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 4316	4748	msedge.exe	83
PID 4748 wrote to memory of 4316	4748	msedge.exe	83
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3828	4748	msedge.exe	84
PID 4748 wrote to memory of 3184	4748	msedge.exe	85
PID 4748 wrote to memory of 3184	4748	msedge.exe	85
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86
PID 4748 wrote to memory of 552	4748	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1f3717c9f872c1b01929c9f81682ac19_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8355b46f8,0x7ff8355b4708,0x7ff8355b4718
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,15287128427682454137,1622359587367365400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
cd339e542d21dddf3a26ba20b021096e

SHA1
bf5d7f87d456b39c494b9c008925287597d70dc3

SHA256
a2b808303832675167b71e2aa6170a1ca71d00ded3bca333087b4998996d0b35

SHA512
a7fc565e3b80ddc7cfcf0bfc008d7a821af6c96167166c856958177b0fb306ddc652c6ca0dea0b06e27c08652bc4ae14bfacddb280ee52b9a30587bfeb37d81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
b1b9b7bd0b0fec2c7e517067cb2ae5df

SHA1
ee704ac14c9a829ac325865ee7137cab3c5b73ca

SHA256
d75292b50d01e7d262b8c11c1dd9746ae1166123840d7f1fcf8d8728b1d07f4d

SHA512
e5a7cdda6a7eac1a2b93cb862ed55af79bc3e2fb6d938c46854dc4d781c5f0ce5a06f9c224f6d3c84700c964e04cbf8e7003b74bd66c8b6e23e5c5fb7c5c4865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
167fca435c604a21389dd8e731d48a8b

SHA1
577bd29b777d0cda133c8074885564da042d416f

SHA256
884d02f01fd2549d158b4444a4c54182c97097750e3ff7624fc9bc0640109c76

SHA512
191c828e0767793a41b931b524fcf1572a2aa782acc30188a23bab2f61b21998fbd617e6eab8d790534052ddbca1533db587089740e0ab85cab082fde6528910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7db23c536fe91146305411e2f211abb3

SHA1
873b99edcd8534dacfc6266f0a809865c26be637

SHA256
2dae24840a78107ff40fd3a09f15b1ffba871766796bf9865c0c45640f4b4ed2

SHA512
f2e7298984c5cd26e365cb7901179ea5732f3b7bc14cc20fb99b69a5fc018febf2c8d66f6722c17e08f7804b436f418cd1c46c88428dc2014dceab082999954f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9760ccd1b4c91ba149824aa9b9b23a33

SHA1
f9194eb20e5aedc82dc1839fdfd781d25e1af9af

SHA256
ce639c8485dd863594e225a85061152e1139231e30de6225490321ff0f5295ab

SHA512
a56f4ffa85f7f77fb210c5e13149a96fe0f73e65271214fa1928f9e2058eaa3645773855de2c570d40f19124b83fc58e57e6c47a96a11c5a1afd2e2d422c8048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a145ba206c7c1f365e8007b1e3798271

SHA1
fabd2bf5ceab81b51c19df0c6142753ade2e6508

SHA256
31732f2b1863575e24d9422d293abeefffd8f6e9684c21be0d2b2d8520bb7063

SHA512
87293edfa3ee71de1f0ab41bc9b9728579501dfa3edd1dc47ea313718b7a22f91d1cdb5adc1945f21bc25c6073d3fc684af67778af3dcd1a02af87bd138a3015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
feda25c3d0a4f23cc9157647f5ea2313

SHA1
a7bc4c3ecfd7427e2b1d7d141a6fe3f7ab258fc3

SHA256
091a9732a6d350a155e164e2989cf95b6ff1a4b916a2f7931240cd4e18f65239

SHA512
f692c70411ddcc8a572a4b5a2f3e4e3a8879feb4a7e1389480e02a26e3bc6137babb779f929c549d5dd9d393c947524da1c4a5f7b45715adea9a702916cc989c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3356bb5e7065201f8f84586134856ff9

SHA1
7df4c60859fb71f4e5331d1d4b055cf010a59543

SHA256
15c2df7823e9f58b45bde001414dc076b779f59c9cc806356b90ba02c0730437

SHA512
fb6e043252f1bf5a08706505086c57cf3337abb096b5d8d6f3a2e7856aba10eda7b44c1d8be0792af6151d9a26117aa09cf40e320197df5bf4fba89e0b764378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aaf9f8799ff1fc6edaf112772a4815ca

SHA1
8d0c1877439320140151c950a0449b6ee3a2c3ac

SHA256
d3017596a3bc9c0e3452798bf702b07bc227a735cf2b0828c337a430939fc5fe

SHA512
50005b987652de18ae053495914a30eb11be96cb6c5647847a31f444ac4b8f9cbb7bc8d8ba6db75ca8caf28068e076dba4b487de1e37ae192db9f3da316a3609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
bc409bc5ec1c0cae0975c0945abf36b4

SHA1
879a52c1513b51277247d3fe1170a1d127e95f86

SHA256
0d5cf8b9a45283cc0fddebfd0813c81ac0b7db86e34fd7089730c7a38573fcfc

SHA512
5880d564abcff45537f7a6a5732ee668ca392b66c9916b516c6b924a086b5c353960b640430821fc1b5a838f9f5eae75986591bf38cbb4b9ea9dad052460b4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bae4.TMP

Filesize
371B

MD5
be38c7d0c98e82b92c84acd9dcedecee

SHA1
73e75f9f13bf91d087713ed79fb839f301b86cf0

SHA256
330166523dc9cac332cc1b64506881e1ec707d285b44ca16a3c96c06d4f6cf1c

SHA512
2ec6f2e0e0d41e7ac23523ae0bcf976c2e3d888450f14f33a87677e93c043f9eed4da07f1bf2a12ae5147e03ed9e9e989cdf57e094540b4a4c6c1b4f063eb1c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f04759aa0e63c6b7aa856955acdcead

SHA1
17fbdadba1b3dfbb60134ce4154f267d2e7d805c

SHA256
88cfd2bb4aa314dda407409b6672afa3804e01d162013f9a51bb9717356bc2da

SHA512
82963eddf74473a08da12411ac363c0b833450be64cc6881b501a411f9af578d481b9c51aefda96584d07f59c68554facce2afc9c704461eb289e176b86e1877

Download Submit