29d649d0daea63820c001a439bd2fa249e01cf902cb880d55e62e2dbb4bd4105

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65ac67cff575b2bdeb2fa7e82087fb4f_JaffaCakes118.html
Size

62KB
MD5

65ac67cff575b2bdeb2fa7e82087fb4f
SHA1

a664ba45187bf8eefe8898a663c168b03420e103
SHA256

29d649d0daea63820c001a439bd2fa249e01cf902cb880d55e62e2dbb4bd4105
SHA512

c500cbb8454cd0a56df1ed8024e1e7176462ae7713a7b51b025deb55490a89b6a9a6b035da69a0a2d91076398429e60c0c983c1eee924ad863a1bf8df7c9b36d
SSDEEP

768:Ac7xYYS3iLFhS9qqFhAgGfnXuNJZegjp0soawZsZ+fFxCBkqigal1jNE1512SM8v:Ac7KVqqFSJXuHp0scu+fFxCRwE150M

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4652	msedge.exe
4652	msedge.exe
1424	msedge.exe
1424	msedge.exe
4388	identity_helper.exe
4388	identity_helper.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1424 wrote to memory of 3284	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3284	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 680	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 4652	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 4652	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe
PID 1424 wrote to memory of 3552	1424	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65ac67cff575b2bdeb2fa7e82087fb4f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85efe46f8,0x7ff85efe4708,0x7ff85efe4718
2⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
2⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
2⤵
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
2⤵
PID:3288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5520 /prefetch:8
2⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10647468776808618660,12238976337558955795,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x510
1⤵
PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
51cc4e8bd321b99ae0528fc17f512959

SHA1
b239b65bda5330f9474ad503ea8308623510675e

SHA256
2620bd66ba675073561250e8bc78977e67da757bd48c4be3546324e0ffd6a836

SHA512
706bf0473da9261f176e011ae1cd0251ac7e796e46a68cc04baade5393c88539e5c81528e4a867e3329a58c659f98e942695f7b23185e5a234658333ebb36079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
71b14f7d56f10fac4ef022d2a568428a

SHA1
818cc807c182fc81e189abcf6dd3b9193a0bfd6a

SHA256
5ed9a661fb94d1b0fb597d5ce28d8f32a1f07e10f8582241edd747ea1f0ea5ed

SHA512
23c183b6ca9dea0d044fcacce1a9ced1a85d2bdb9917cc1125cd26a383e14c65d9c890fd72a9e5e38329f56683056a4c0d63dbace30ad8fcfed613a3c8fb195b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
1be16039f7c390d00ae50cf17b4bcd06

SHA1
6b7000b2ee0536e2fa36f608f13092d216a871aa

SHA256
6a495372d1db965411b30d9bae94ec1264939c36d18cf017cd78fd9a3291c11b

SHA512
da698cde85d9b7dae9377b1d572aad4849c6d0d92e7455bfb550819ebfbcdb376831db6bb868fa865f27f8c8f21b69847f51d28b63e5f6175ab97e65f85eb940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1d1913d16eb4330643a712ee02fb2c48

SHA1
29c3251d9f5b9ee525a0721b49b805c2286fe32e

SHA256
7ba3255d64b60215852cd22f74d778ccb8a129021ed65b7afd77dfa19fc8a25f

SHA512
72e6326a8073f867fad9b5a4142cf83361a296ef6248bc0b0328fe4a7292857ba80695eeb0ce7bf96d70924fe99e70b1152adf8c146caeba95a047d246a47cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f8cfd5923e35a7be4c6ba501ca888dde

SHA1
334a5618f9bb862a2c6ad13c5c392daf08ab51af

SHA256
76fcccb96b14e00306a3e225feddf282519a221d24ba9ed5caf50a664e567d2b

SHA512
52083fb495730e0e31de1ac90b80d84f4a5840f4dace43653205e9bd1545eecadf7b49c9ab2923074f9cb275b514737ce372655a7698b1e8f508fcd95128ed42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a41829d83088d2f48b945eca3eb5d393

SHA1
39ece8977c656f0efa62df130febd8c3e65c4642

SHA256
8d338c60e9acef6623ca97fb5d9859ccbdd4346c1980aa2ffaa8802bdcabc992

SHA512
c2e4226e4b8198db6cb6cd56fa5ea0f6316239856af2f74efeb83a14dc4b2b43247eaf86e79659091f98e2c3f0e6426c2b496cce24db681fcf500af5e0c89bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d9d3b57e9cdd72d06e77cf8a98868a25

SHA1
6d8c16c0a2d8470464c46a622536953399c24ca2

SHA256
ac16c035abd3e87c8db72717210a5fef5d31d7aec4263079de6f1c3636e7a737

SHA512
ce6afe559967f0d6661fdc7a327f1916f71e9a63a28e9493f7131dfa414e8f76cadf7059f12d48b8e3011ad85d461c667ffe7bcccc9aab3593533eb217aebba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d7c867f2f13a707d5b5961e863c3d65

SHA1
4f3b416bdde9ec69b69b0a4225a6b115e4688acc

SHA256
d439b842bf160bd32fb60db97f1e889cec102086b53bd0006b0608979c447f54

SHA512
fc0925b610aa03cec02ae77ac2fd89123a1d0f5894ed867661c1ff00b19e2b937179e25437f25035d8e01b6d8024e89a56588bcbfa136147d09a188bf262b77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e07c54a39120e5b25cdc7db0404cf30

SHA1
3028712e0b2f833debec8ed08324e99139cb3c1d

SHA256
416453d229bb7b3ff243f3bf8a1217235eb0f2ea174c097246ee2246c9eb7a4e

SHA512
fedc60b3fd4e699f7ada139b6f8406a30bf354a8be9c9217613bd331b0d40009c121d61f62a4551595ee7511f0390288ea08e202de74a20ae4eca45ec198b498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2fd94317de83370ce91efe2ce425954f

SHA1
96fe7b71177ba25d9cea7cfb5d1282c501525f06

SHA256
7cc2414ae47fccedac8988b3362bbc9a8913569425cc8686d48c8cf509262498

SHA512
62dfc52ec0abe6186d5b295c046c0fc90995a1b95d94fe31ac8a7ff08d16026a9c0cec51ede5420b4e37b1ea241260af7a7e9aa1e6fe9e104784eda89c442cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a7b5.TMP

Filesize
48B

MD5
320b0bbb83fe4a801d62d9659b9f8f1f

SHA1
bce9f31c2750b3df13c504bccbe77135c749e517

SHA256
81010e5c406d1be773dc31bcd58889b1d91efab04623c88f3e3a2d452abfa44a

SHA512
14fd084a7a2f00d801489687ba1d174e01a7fcb0e5fca5267a618c8815e4b1699a2cc8d7967b6837cf3e249071de35220fb20d7c389fb9fa86f410737c8c9500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
41c3cd5e856fb9970fe44c1db6a290a2

SHA1
1e749eec224b42f8cefbfb85bf004cd53332527d

SHA256
f8fc839a6ae3e07b41a866b96f7f1de90b31ea77fde39a825e1303bd0ec485ea

SHA512
05415e202e21d6dc6c0e7f83e78befc181cc802872f29721069c7feddbc85ac3bc1daa26b98c24fdf1928b32d380fe75d1dbf5ed7281d239fb457d079184d178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
735f785bbd959cf5826bc1bf4b9818f6

SHA1
16d39741d3897031eb16fc054a8777f2aebe4061

SHA256
677c91d0f2150c52ea6dc389a1dc5119f2d9ca6eb750417a1be6c617a99816c0

SHA512
a62009e7a0ddee868d498e9e2efdb7e3c4539a1a70aa85bd14c7d6f3e42f2823a02fef5b8e782ad84fbe7587a92fa0a6eb5d3eb44c16f51556ba0b43b11c5b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e786467894f61a660020236f0a3991f8

SHA1
01f53cb056a75062f6adb9f72471d4f5786a5691

SHA256
9d2e45865f50e788749a7c5e451b76dae4e90af1ba18a7f5ede201e64aaf5658

SHA512
4b24d1e025b74bb9c0f2f919a0848f24404f7d38d47359231d5427d5dfca6b07a11af729ae9f2b68b670541b7c25e8ef979fb46a0cdac73fb4ffcfb0974b0916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
47672fd64d68c0c2a9dd759c0c8c80ee

SHA1
f445a5a740c856ca6b78e532df8a3fe38335148e

SHA256
7b104e7ae413113ac92a7b6a595cc1606aa512c40f43f4f3a5ad3064bfaa0228

SHA512
56dd7fab42794132cada9c4a23e99958715126f9fcf11185cebeafb65a8e8cdfa7583b029e7cd775d845323ff381a10b0642f21cd091c9bd8c6700d0bebb29ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58770f.TMP

Filesize
203B

MD5
8f6b5b3074d67d6480226191a4187522

SHA1
05cff97dc91202891854f9aa1ffdf01a39990c9f

SHA256
cbf8480fa9ccb2600cb2932bc6cf5b9f7d295359b48696cc105cabde3a3ee201

SHA512
d729fc517d534d3d7d4c4af0c471ba64472236ee1be8bc65e6723c8f5dc55667658ff83821cb9e4eebe731b7e5db9b6c57c67049abe7c3dc5b9534d1e81d2bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
726e31026d5694776f5749115d14b75c

SHA1
f9eeaeecda74ab154a23299d3df15e36bc02225b

SHA256
9499acca928be27acd6a40395ac96c600a255e6728f48f3518f5f27c7f56e2f7

SHA512
af3d2ae5aca910e7cdee48266ffa110c0c2c9919e944ef9c67d483983018d4995791c130ef14e816e8f01c2addea5e9907361a44785c298e6bd754f97fa8b241

Download Submit
\??\pipe\LOCAL\crashpad_1424_RWQPGHKGMECXNEVW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit