1650d364044a35c13a732a3a7b2aaee25502257295e69585b1b4166e7418117e

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a2297a83c410287d3d727d7f8006c7_JaffaCakes118.html
Size

91KB
MD5

65a2297a83c410287d3d727d7f8006c7
SHA1

063acf9aa3e8cb1baf724e1391cd34df2e103eac
SHA256

1650d364044a35c13a732a3a7b2aaee25502257295e69585b1b4166e7418117e
SHA512

005be678724eb968f4ed575573197ac9a6fbe878489dc1ac82739d3c5ae4cfae58d777076132883ee3b212b9b7edfe075b9e6e73bf1257c0947dbd377b14554b
SSDEEP

1536:gHqs7UsJh5orLpWU72o4yUaB+B54IQ6bHW2LGsAppl82CKMtxrT:MqEfoBWU7jUaK54IQslCsAu2CKMtxrT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3700	msedge.exe
3700	msedge.exe
2384	msedge.exe
2384	msedge.exe
2100	identity_helper.exe
2100	identity_helper.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2384 wrote to memory of 4260	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4260	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3388	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3700	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 3700	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe
PID 2384 wrote to memory of 4880	2384	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65a2297a83c410287d3d727d7f8006c7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff16cc46f8,0x7fff16cc4708,0x7fff16cc4718
2⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
2⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
2⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
2⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
2⤵
PID:624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
2⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
2⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16578999328489152679,13182431728187646448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
3e9292a544bf221ae47e3c9bfc47f365

SHA1
ff7a009ac2e6a34c4c3534b9643795cd284c2bd9

SHA256
34905b4e112cb7bc272e2201c58a0f41a01b4880895dded284108585c4b32c23

SHA512
a96798ff3cec19570a6abea1a1b212a6a06b375fa949a0fd1c8c1757e39b6a19ca98aca68deb6ba202debbf3ef71ba8fe7d89fd456ac377c4b1d9ee975687683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
b4134a3c72e4b371f55b20ccb1663020

SHA1
9973d3fe4e69f56d0f4ea74b0800b413dfa5a004

SHA256
9bf702eb8d792fcf9592c8ff0f86f80a8c5c34a0a1b28029b19765864d500ba4

SHA512
ba6850ed82374c494a8267e65b83ea3364204c7a1246ebc769a98f1b5c8af5b582f81e0d51e33ff8fe2c3adbabbbf9dc2987dd35d369d3fe9396a37671ad22fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
c2ca89881fe893cba5fffded521adcba

SHA1
bda297f66e55e95e7706e1a725c8e8089fb5126d

SHA256
292206798c4388887f12bbe2af4f12ee15a3b1befdd4b7f2b65690a09f257d69

SHA512
5913b28b3795b5e919e37462b78a1a933925b511fc62194a941934f1ff2f01110affb1382b36dab7bc1cbdb14149a7831df2cb4b3ca941a1319dce71968d30f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
df8375a0cb1ebfcc04efa76e7719c27a

SHA1
c6419642c2f12a75c84638c122ec6b8e7bc794aa

SHA256
9a2a5990bc5c6d3ce94d519bd1e2025f01d97287f282a6d0039f6f40dd4d06d4

SHA512
e1a1140a32fa1d8d8151c719ec86470bf2d2268b9e77349ee7c6db7caeb55916b2c358247b22b6bf67e0b65c6c259941c814db5828c68aa507aa0b91d57fd727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
458ee6edec5c84cc0f9cdef2a5371e4b

SHA1
7c04a44b3873a939a2385edb5bf549917b6fb226

SHA256
607797a9631978a725e362fd2c6a0b2a0fc4e07c387be222106de1c14c8f483c

SHA512
8708e9cdff9afb0e2701db5056b7c7cd9b229e8203b01116ebc1caf75a4d225aea3eca5f4b100308c541ba945a73b481cfeb1b98084f9d304d5d13d204c63aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8a1cb644a82a7def4c7d52a1750bf09e

SHA1
0bb9331f547a72b777d26233addecae415acd511

SHA256
1a06480ebaafc02d8fbbc877a6a7a653a1eba2b6cf61115a99110632222ed0dc

SHA512
73412a5e93329c22f9e0b5eb9f5b348ee0adcd47e5b6555e984a863f582e9aeca35546a749ceee23f4ce547b0bd6626f87b9fe760ca30eb244225883724e710d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d817883007897bf5ec814d1b4f110aea

SHA1
8b4ea0bd63df74049af8df3d1411e575df4794ee

SHA256
881259d586b789fd2dbcd8cdf5d6b80a377008096ee71f6643180386fe507bd7

SHA512
84e2ea6a7dadfe3136f2def8650b3e3b4b85f857dee2406121421cc89f7c2e185e2714b1e6b9c9e0d658df4e0dd204e25352e640b1199e064bf230f31ef5007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
447c7cb51b52cd20dbcecde5be88de73

SHA1
a2c1d0d348ab64b65ab53e057691bf4dc32a932e

SHA256
1ddbc9c97c105b59aea96a566d8957d4850827b62bb3823a1d5933687500dca0

SHA512
b339a97d55c47dd4b778ddad1ba51d1bd4fdef4e6f64a3366aa4e9d695477a5571ecc842b74b962de9c3ad07ae665ea8afaab5ee6ad5e4eae1e91930e49b8a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8920a98ced4fa0d5ca6ead5139ab79a7

SHA1
2feafcbfe59248b35449c81b1940030b269e7e69

SHA256
74293f4f536d98599fba96d8485c6a6e56e67f5f6d677743c2b94eac96fdb123

SHA512
6f5678ac2a7b4eb58600939e9988010ff0813105a52f97f61d56eb601d24723d77c1bf9435c4d0ac11aa5af04cc5831f1c9ecaa1a7ab1f54560aee13d39fcd05

Download Submit
\??\pipe\LOCAL\crashpad_2384_PURMLNKSEOQPLSGO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit