2b4462f3abc662f3243f60da538818c020df5233d0b270cc3b35a3f27127cf6e

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

648508a2baacb9e5bedc51ad4fbcd04f_JaffaCakes118.html
Size

55KB
MD5

648508a2baacb9e5bedc51ad4fbcd04f
SHA1

d963aac1e9eb3814ea3a87fcb5a048b742026dca
SHA256

2b4462f3abc662f3243f60da538818c020df5233d0b270cc3b35a3f27127cf6e
SHA512

0ed5d63591b69db24fae87677a575ceca10235a1273f709d1ad0053d5591ecb24ba5a53fbb9338a209c22313111b7d5039a2f492507d53a4432164067e2a122d
SSDEEP

1536:Lw545egLniNnxSbHmoGuaAQ85RE2AcuMWa/91O6KmDpzj7EtpSCwsAiW:/5egLniNxpmF91WGzj7EtpSCwsAiW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
332	msedge.exe
332	msedge.exe
4936	msedge.exe
4936	msedge.exe
364	identity_helper.exe
364	identity_helper.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4936 wrote to memory of 4320	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4320	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 4472	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 332	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 332	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe
PID 4936 wrote to memory of 3732	4936	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\648508a2baacb9e5bedc51ad4fbcd04f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd168946f8,0x7ffd16894708,0x7ffd16894718
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:1080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
2⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
2⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
2⤵
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1572,15704848798517970364,2566864449014933702,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
ab57a1fc74cd2293071e9f36bb0e876d

SHA1
fe95493d29b45c82676be08c4cdf599301870a31

SHA256
d5c7c394bd9fc7c7042f17686219dc5b8e88fa86c8e770d69b9e394dc9686105

SHA512
a69c180386b3e3f368d103d0d68a1c5db23c551675672e269bb772c27a175e9696e56dd4b6f02da81d11fd0b58ca9ffac3b83bd6cf3bcccc5c870268dbe578fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
3b27744c321f248f41ef9a1c3face6c3

SHA1
c4aff1c34095cc1939e9ecf4c95517a4da821280

SHA256
4f390f3a9103526776a7414f1fd330c8150637e71a225e56dfe1781187e78692

SHA512
4e70ebce1c733011fbfd17c34034f63ff61dc8fbc4adb695bc45939580d760f76f4cc9b73b11acd9d3d63ee4d4c4856c45674b823c74b3d4e4e18b3a9ad0b8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
242b9b926380ec2521617b169114caef

SHA1
4dc61c096153f98360a7d2dbfa8c17a4734fef04

SHA256
bce5d797e1a87db5ca8d911edbba662605ad9077558df17e12061421a58791ac

SHA512
3bd8a66ad573c04e84f71f730da0c7fab5c9bb39eb59aa1b5803c54fd1c85d59fc96b0fcda7c9b084e9e08a21248efd5579015d2e9bb75d386f8acbfc1f2ea3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
193e841e32b44250055181b89d9f55c5

SHA1
8cbe794bb52eab6478a4c2fdce8d0a3c3ed8e0e8

SHA256
bd422990a5160423deb20d86607e036fc8e42c8a87249ff2aa72f0dbb4e96e63

SHA512
e3bb656eae7bc50fb98db5a4f75462e6ee8bdbcea7e3af652fe0ab6dd107125b5ab97d3ab4357085d2c14c8be899211deffc4b45e4b8466f0dc873c4707531ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
9afc4d9560e3f227adc764cd0f26c15e

SHA1
31486c09cb13e7d7d2baa78f288544fc2b80cb8f

SHA256
361a3251891b2ce247e42825c50aea0b81279170537bbd15074e930fd14d9e78

SHA512
54dc12b3a2b2c89dd0c85839f00fde141c7e98d1c8aab7ed627e71e269788bc473f5543901a53392cc6daffbcdfaef0951d6260dc83c0b36d7191cba14f18eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
eb1071780f87de84b329167617c5fd2f

SHA1
72a1055a1748a9e3f4337168178504e7db0eb482

SHA256
a5cb348da8864ae878d7f0483be83fb5f38263b14451ca13eec6df765dc5a18c

SHA512
38fe85f9555a734831de3f79581e722b5be7910b03c95db3bc7754b14298e7728ca72cb44d1f61808c136babf99ebea81060a312b5c441c4c1ed418a732cd95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1bda51481936179c19732c7d810487ca

SHA1
e2646fe57910c2eaedee4f1a939521297cdc91f4

SHA256
ab062fd1c21e3f5949b71b7d8d09b7bdaa492f8a97b3802a0c8bfa829a4a3a88

SHA512
889366327fcacfb299359be61799b7a72aef6826eab221e4727d85da1481b3d2bd6274f006c0e41155c2ebfdae35ffe130e908bb09082be27cc3194a1346812e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
de9e0a2189384a419e3368e892ddf516

SHA1
4ec78cb479e84b95656ca06307a38378643a5472

SHA256
8b57e8f598a31d2ca3e53698984b6d352d4612a450f757b304e4796aa402019c

SHA512
5509e82ac216ee3432d7034c2b58438fb87177bb86d95efb5f7d0761ee760caec3e29093cca275c6f2f8b93509b7b444f97425fd2bea620cf4d6fdb9f92835b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4cc25564becccfc3026ec984e4db6859

SHA1
234581549b7c59b90b4af02cbf859e0e98393e77

SHA256
8ff697e237bbaa579e4ba2ac51200caa4b379769a4ca9e341d0e1e8541869840

SHA512
2a91220e6bed81c38ba1c8d43e4de0ebf957e9c6421d3f764ce1f6a3c2614e5c38aa4c498db91fbbbd2b9a81b2cad1151f1aaed4ed710802a80ee421fdea2f15

Download Submit
\??\pipe\LOCAL\crashpad_4936_ZDEFLHZTNWPTFEWQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit