e0c61f20a651582cb60d8985fa11ae1498536b5cf122976a3452c6e5c875e945

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b21bf1f9fe25e741dea42f17e00c2ff_JaffaCakes118.html
Size

171KB
MD5

5b21bf1f9fe25e741dea42f17e00c2ff
SHA1

c1670641c947cb5b6abd910c4f4968e77182893e
SHA256

e0c61f20a651582cb60d8985fa11ae1498536b5cf122976a3452c6e5c875e945
SHA512

7cd75859413d91dd37323ce53277cae811db381dbd197a253993b21ed6347734b19c2ff5a1372fbef196038e633b01f629c723a04019c84685f865d30b55bf30
SSDEEP

3072:QfbRDVKUcjvG8rMUcXmNRS7rml8K3COHjxjuDresKYutku:QfbRDVuGXmNR3LDjuG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
1496	msedge.exe
1496	msedge.exe
788	identity_helper.exe
788	identity_helper.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 448	1496	msedge.exe	82
PID 1496 wrote to memory of 448	1496	msedge.exe	82
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 380	1496	msedge.exe	83
PID 1496 wrote to memory of 216	1496	msedge.exe	84
PID 1496 wrote to memory of 216	1496	msedge.exe	84
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85
PID 1496 wrote to memory of 4988	1496	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5b21bf1f9fe25e741dea42f17e00c2ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc53246f8,0x7ffcc5324708,0x7ffcc5324718
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10049884869681790530,5398543186385570806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6520 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
19899cc2f8231099a560157efe9619ad

SHA1
c904becc2fe73ef199d5afe2d5c4c93b4c87b8a9

SHA256
26bfa5857c066376377f00cf0572dafd3878804b5db84e10abd7fc833603b168

SHA512
d02386250d1a4c88eecf997b121f3ccecbb05d99fab07b44f79fc44b4029f9423606bfc4969d6814bfd4266356d7741afba0e52b2bf38a1b028c84dba2b9b3af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
5fd59525ca11ba0110dc2e3b9f81b5e4

SHA1
039565c94f04e67d6cd86b01353fee2f475ed75d

SHA256
26b839a725f6f117637d149a2b473b1d1bca351bfad80f51094e53251979c222

SHA512
e2180badeb0b5179f69ef91ccba273f19f4c9a63d79dcce1443cb233e61354ffa799456e2a0bbfbf71c2ab247f1736a25f73b67fe69593dd3351543e7ae2d4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7659239293acf050a59055c8329da635

SHA1
bf5ce9dc2377f3598491a257fd32eb477d05302a

SHA256
871088bc4e29bc75b80f772f70ff7abf1456ccf74d21a71698ab42429958239f

SHA512
68ce91767114b5fb954d05fe5eebe7513fd2981ab3bdbe9e465b448e42ef3b2a12464e0b9c6c0e5c409a3bdfc63a1278a1a3bad02371d2a139d2abc5e76bc806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a087c32790bd39564966a1fa57e1dc0f

SHA1
717c7115b142dabd757b0d800d5eecc82905f63c

SHA256
2e3b55c45571c3f5f2593d0c22a1a3de2eee10f1c99db60aa8805a8d5da18135

SHA512
9701ad991c28de37eabd14a1b2c6db2173149bd592967108756da3c6bc99408e497c3ede304ff659ced4f005e6c4453d7013d64ed0caf34d1d736ff1dad0ecd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e4c4abfe6d5a8bc8cb097b1065ab01ed

SHA1
5739ea9c3a08370eca46ee51c6437515c2cc1a48

SHA256
39b705b2f2be242f90a37488790bf04bfa728c9387a1463677cb11f2cf1706f8

SHA512
e2cf4960919e47f0bdc934ff22a0e7e9356eea10e3bfc90ca53d52b5c4624a87580c8753f5d1df88b9a26a6eb7dfb0fe387d73e78ab0846b0ff154aa122a7417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
20b4f9ff53dd7fd0851eb591b039ad89

SHA1
eb95919485104ab563c040f4f6ea8de607e56bc5

SHA256
56206a19d5cd88ddfbad30f5942cdcaf573fbeb90b57869cc603fa8d45d53746

SHA512
2ef620e54b430e6fc8b1d193377d9241931d7ab2f08bdf65f17cb3d6372e8e71caec9451683db76be9551ee2605ece2cceb6852f222ef57f34c8d4364ec1824f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a24ac996ac3a6c28b5136951103433fb

SHA1
055e7445c36abf76a6352cdb8d59bb5694b49d9b

SHA256
e384bbe4d8057b267d152051e189899fd95de3f7ffda18eb9f9f6f23e5bebe57

SHA512
751ade5ce114f18b82e8a9d0ae80ad009987a16939a59a215135352d84bf69880de91c86b10836e04a27287867085930ce463c056b82ae3c13a20cfd6b77eddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d757597901cc3bb7c40947149cc0060

SHA1
6749c78ba2f4ce34f7191a5d739a3d33311fb707

SHA256
7b058205d6edbcd69c4aaf83acd1476c6db2cf0ef07bd8c0d0c342470b02c472

SHA512
911e050f28cfba88039342fdcd0b624f809ed66ddb9e0764b65042284d1514ee4a8b08a20936ea64df1d5a77be2b22dcbc609db6dc34b775e56080c373ed210b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
29b0b8c9c73d7b2f2bf1f67eb575fca6

SHA1
136fd7673fa9f148538d4395fdc6b4dca7795b02

SHA256
0b48adaa7fc80fcde0f1d8e0f64ec9488ba33f45636df7410ecd216c9bb947de

SHA512
717d9a5de4489a96d4f1fc85df0941966eb3dd567aa3c57ff297e3ab64c5528a56621a4da2954f79fd07913ff59dfc38f752a88504f04d471fafb4f42d33a05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
853012e917408e7483b396da1c7303a3

SHA1
bfc777608ae214b739965fb0a8f17f8dcd490d8b

SHA256
e8124340ef7ecb88543ed3a6c729cf03996c7db86aed26acfbb2a7c513efb344

SHA512
4050ca2ffd04d4c9fe1a08fe77b8c8eb37322dff3738c80037178a543a2194488885f40c36df9457b3c5344800e92aadcfa6962414d362820da66619dc99e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0f055ab78c67b1951dc85a7231d37d15

SHA1
f29a5bc88247cadb579ed94afa8eb55e804a3bd6

SHA256
786776ca45142c72f52949019b7514ba6988792793e1c96d0b31f423d63500ba

SHA512
3c5ee75fd4d3911d48d864a47ede669661bc75c41cf9e6f86f3eeafc374c46da92627b045cb726a5aaa3e651c0e100e4c3774dc534d17f0a4209a962718ec18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64316d3d2ff817a3bb46381caec267cf

SHA1
6873422c5d300cefd3b1f6d586a111aa9e3c0bf0

SHA256
3d81943433ba53710b875b647b0dd4a4eef877cfa3ad7b3727886366cfadf5be

SHA512
3229daddc80394be125e355e4146238624ca3086c58de99e45573795d600ea87f1c4df3016fa1c24927a1ec2f327aa31dfa16f879d9aab7a593d0b27af0c1302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2771153170914e9a54cbcc76bf12d78

SHA1
3bd7d5f807d0be46e65e114aacbd73c80ccdf9b6

SHA256
99c2b153c2d7aca66c6d39830ac56797628e7feca849657fd9485a1c7a413d2f

SHA512
627017eca225928952856a49c3f0a8b5f820dce3d30bafc8a7ffdd6a1abe5b3b1c8cdf75bca368b61deca9672d35ed48b09f37a65e779ca2e0ed987b1c475bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58051c.TMP

Filesize
532B

MD5
117dce953561c57649c3374ed0c804bc

SHA1
49240eaf258bf88bbb60a11420d68319fea6f77a

SHA256
de758c4339498e30e5cd475bbd5c02023db64f49a7ec362eee9f46f0dec3bb04

SHA512
63dcc082b79a2238a0d63013e778c48867e35b43856a30def1f6acd24bda503f9295a65b0fb5bf8632d6a9e2033cc8f0e7e20ea8124f5acf0d2920bffa98a941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c502de16aa5c39afef22f0b9c038bb5

SHA1
7e3850a0f957f588a6af783d076cad5b4cd40086

SHA256
d376a328838ab2de86b644964974b570e8645e0aa11b9f2c80372ec12519e286

SHA512
6f15ec982dd8e75b385e2c759cc0d8e6a66f911e4ef7b5de834d41112107b18a1b3d0d83ea1a55e7350c87b4d59ef3434780548916489396a18d4cd8a5e8084d

Download Submit