b3a88257d9b38b3586e7d863b2b3c021d940b646d5d4d93da45bff315ccae49b

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64d574221fd1a8ba0bc5f51c6c6709e9_JaffaCakes118.html
Size

127KB
MD5

64d574221fd1a8ba0bc5f51c6c6709e9
SHA1

e5e5e998782fea811878e636406c2557d3509b2d
SHA256

b3a88257d9b38b3586e7d863b2b3c021d940b646d5d4d93da45bff315ccae49b
SHA512

d6dc47dcf8ee70166f8a2c840029f5803fd8e174eeb1c155db039593525386d6886b512fe17f645c0aa8aa251692150f81cb6a353a57a331b26004b4d3621aac
SSDEEP

3072:RklcKklcFklc7uG/bI+3mkc+klcPEijZeqh8EijZeqL3BpoodXhNUphEfE3EbEup:RklcKklcFklc7uG/bI+3mkc+klcPEijQ

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
24	sites.google.com
27	sites.google.com
28	sites.google.com
29	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
3068	msedge.exe
3068	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4716	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4716	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2348	3068	msedge.exe	82
PID 3068 wrote to memory of 2348	3068	msedge.exe	82
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 512	3068	msedge.exe	83
PID 3068 wrote to memory of 4628	3068	msedge.exe	84
PID 3068 wrote to memory of 4628	3068	msedge.exe	84
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85
PID 3068 wrote to memory of 1188	3068	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64d574221fd1a8ba0bc5f51c6c6709e9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc66746f8,0x7fffc6674708,0x7fffc6674718
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7500 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14761629205798615615,7385217494409191020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x468
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
9f1ac4b988539ac49a131e9c7b85c5ad

SHA1
fff257bbd7271af69d903794b92e9530261302b7

SHA256
6efb7ddfb8e84c3513ed5a6a43fed69966daed9ea1ddd0fd9d00ce83d93340e9

SHA512
27da0900b34ee6ee9d5278072659218beb6e8012141ab0cf24187d6388e1fbb91cc5a98f6433fb208cf5381f4a02f6980ae06ad18c7a4065c8e12c934cb9cb0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
734b0d2b7a4b3b2e46a9a44487d693ec

SHA1
5a42bd0f1c7f5532a6c3d6accb842355bcaac9b1

SHA256
bba70baf69f2a04cb8b607fe7d2e78785a3d84128a7ce6aa0707aa398dcf3467

SHA512
bb79ea8f551bd357abcb9d370e5701129f4a369b2d558ff2e86bef72420b1d5c9531d4d6fa53e78d23bf15b552ff2ffb15194805bb4b360d68c881ed62f72c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
867ddaab0991129cd735454fbb83a60c

SHA1
41ca5d56d4b865ab11c89ba3c7ced079ace0f4ad

SHA256
2a5fd4fcf6fbc8dc96dadea01da389efcef274dc20a78a327bd725ac399ba70f

SHA512
ad4052fcf3e0813e0d58317f17c1db03079fd8da01f9dde01e52d803e8065f23b6fb87219119eb21621f9fdba8b4d77f5f4b5942e7a5014d6fb95f2e456d8999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e5947eb8205813d73840f9b56dc0acac

SHA1
be67c27e383d6e61578440944424e9b31f7821dd

SHA256
b601f0695de263ea74ac4c92256b29bcb86cea52734db3ba9a1ef8dec8a68861

SHA512
1f1fd2d2d721417633d92bb4e6fb0461322770d649c5777b2e57b4db42fb1d85f68a9063fd7cc7b9853f4635d05a0661be6f8c1281a4b3a85c6a12db4f8fe690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d0d231f2b3e5f9554b91e7abb37f33d

SHA1
52e2e9bb3340dcb707763c09facd943c1734d595

SHA256
11f2d57e5b10dd5f02c2fb9da9c4600a5eb870bc9e6dc7e7be3306c8ea343d88

SHA512
ed594f1a2a18f8e7d3cc7aa3a308694559c7143b9d7a6ac647759a1e225690af9eac22142ed729dc0a7cc6211080886b378b64e830c533a0b4271d8ef1731d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a234257126dbbdc221fb04bc744bbe4a

SHA1
8ebf4ea0684058cba5c6e97be1cc96642ff4ff4c

SHA256
2c9363d5969c9bff8f5c9a2e4214790f6525afec19435f7208eeda2296ec9ec6

SHA512
34565f20517049d2a885436671ea83169237cfefd9739233f135f97b9c91cf33c7ad1a5f0e7fe5cc4a9133089ee0bdc7b0fbabe61fb149f0875a391db3b62585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5eb6a1e931f846ba8af20a4da8efcaab

SHA1
ca8a7f980060dc1846e65dd32fc29d6b6e6e206e

SHA256
daa638b5a73a6b39ed773951d3954876808f6d28abeb488d07de0fafc1e34ce2

SHA512
f81fd0e13fe367be91d0b7a943caab8f9fc86d8aafbaa5493c058edaabeaa81bf9fb031c3a4fbfbc1940a27363aa1907cfaf2a49b52299c796154881fa160507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
db62c5d5fa8ca315a848752d1d185c05

SHA1
cbd656e8171c3daf78e42b3f735d886a2a60b4f1

SHA256
71c403a2ccd2164f3c52d60b13b5273f80fff8d9d66b179a10d2ebc6f734b79d

SHA512
14d0174c9ab67b09f81c14bd1e0d3fca4f0827ea8521297acad2ee73f2e357a9cf7719611283f1a9c4f443fc257c246a9f9e65163a3cffc304896b2a4445ef7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3824c11b0fe1240047098e3e696f0fdd

SHA1
f753d652dbfefc2d47340e6ffd0b89d3a856bc47

SHA256
5bd1cf3cbf727caf0165320cd6b10a66c53bee3290de004820f8f38369c61d86

SHA512
f9a4c7dce92d49bcb719746e3f8bcc6a264e1bb15edb7431b3a905260bf1f284b94d0d64da9299a6617821c75926e017d56e19f9fdb29e5384bcf024e0caec40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597390.TMP

Filesize
203B

MD5
9d16e6e28dd766e7a19b29aae8b2e6e7

SHA1
45fe14f81fe1018ff1fd989187fdf4d8febed45f

SHA256
fddc27f9f1fa71d338b888c4bab8c5286f409b00ce84b9f3371fb51b1c9ddafb

SHA512
d9614bf3e4a5aa2bc4295b9da429de0c82a2e7629954ebaadbbe525c44f92aeef28d1a7b38643bb81f4bb7bfa49c762013569a5cd27b853d0c0a2fc3fba10a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0de0d3ab33aa81ad13f70321a7186197

SHA1
c779e80dce567c6d4c9cabe621a93854eade3600

SHA256
e97f9be2057f0938489282c2674c45457720605d450c0d3f965f7607d67e616e

SHA512
57611aec32ce67dcebc9582956b630412d7a7030a02cf3fcf4460f6f65b144118a1d592b99fb554a126e941d9961090f2504472325622a9258e47953197e0d7f

Download Submit