27ab8ce6ffd47d90d0d68aebbabbe0d23ff1dae6e34eb7f6a246e0da83d39c5c

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65c9aca5333238d1169f326dd3975406_JaffaCakes118.html
Size

115KB
MD5

65c9aca5333238d1169f326dd3975406
SHA1

fce1e5061af96dd041f2f45f5c0521df70208abf
SHA256

27ab8ce6ffd47d90d0d68aebbabbe0d23ff1dae6e34eb7f6a246e0da83d39c5c
SHA512

7a004ce1163084dffa85208a406224bb1839b1da6c7bb902243be0a8d10570011986789d1ec8466b84df38d8fb9b59c5102faa3f6bf7f97ba01e7c32cf1bca67
SSDEEP

768:thFY4JAqPn7rQJLizjO4xvefweazd4c69no9wK88SqGS2P+uXS9sPbflsuN:thR1PnYLgJLd4c6FK8JqGS2mg5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3016	msedge.exe
3016	msedge.exe
2344	msedge.exe
2344	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2344 wrote to memory of 3596	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 3596	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4072	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 3016	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 3016	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe
PID 2344 wrote to memory of 4892	2344	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65c9aca5333238d1169f326dd3975406_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
2⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
2⤵
PID:5252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9722770155540013839,335895374426760676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x15c 0x340
1⤵
PID:2616

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
9ce95c4167bc1e564efccca49f726898

SHA1
194ce6978c79ff265007aee55b5d2e2dd94df9fa

SHA256
601ae064e4fe2ca671e9f9690cba887cb6d48b3d7286e2332bc531222397eaee

SHA512
3ae21634c62e6f3cd17500c844ff017f009dfeb3b0c9e3a6e8c1376f254d081d7a63fe9e120f94025f5d5aa726349b912134b93ffd8eb8c811574e6d116e1864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
1024KB

MD5
29a9da07f9f62d317ed15e451d3d6e11

SHA1
0de0d51bdbc86644b68df8706cead0ab2f8c91b2

SHA256
2762bcce30069827ecba75dadcee888ce1ac64338dacf68fc16fed4231af3354

SHA512
77c5656295a4982e5a2b97cc904849c16326932e713e2596959e17bb147b8e9955eb9fe305189c73f4054bd2196b2dd885a1931a883151f9dd4d6ed1ab1f53fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
ed7a1a0fbe1fe2ae9764968525403eb7

SHA1
8cb839f2206ad91fef598012d53e8701b88154fc

SHA256
e36c875a1d953a17b0a4988ed18c7d5957d88b9fb4e0a7d7339b050dd28a3bbd

SHA512
b2fb650b42f45c48ea6a186a39d8b429977aaba11f6289b2cebefb1f8dd06e3cfd219543a058f1ac9d493146cab97fcfb9487a1e801033e273a9fe588c9f3043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
eadd6989dbc4273e63862e91089bda84

SHA1
f920a0277f55e22823cee3a6484a122448d55af4

SHA256
670a4bafde3a71a6ead2d7b899511c9c1f0464d68d18327038fc2905f9dfe08a

SHA512
0ae2ccf6fdb6e8450ffa68139ef219de0388f4aba15eed19ce76518f7833ede05dc5cf5d13597a5f114747d670607a9394d50aad53e3c86336c467fcb239a47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
febd759fa75e0cb0cbba191faf259dc8

SHA1
208f9642e5a01208d48dc58de27ca9cea24be1b0

SHA256
13f9f8b3cddbce89840f133a2a00845001848df50d618fb514b4ebe8fa3f19c5

SHA512
3cbf0c29477970304975f2774e2d8dba5c0a9e3b1a687caa6dfb9cde6577705147c88ac2b943cc0aaba4369537772f662e331f318b73510f8742083d74accd28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
e215ebc203e4b52f3b717289fa3e1144

SHA1
49d4f3b636fe01c0744b33445e50c6ca54808a36

SHA256
8609fecfe2d9bb4fb49d24b2a1feadc4e3097bc045cc81adb8bcc6eb93cafd1a

SHA512
396e967a68c6ca57de3a3b7d99b52439d9d723089a8b4559a6d907c2cff026140853dd41607e4b356c74ece47d46707eff84822948e112921ee277318271cecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
73ce6de1eee48bab71648213ea68c9ef

SHA1
1cbacf779a5e051a7afa02a6524b6d8d6f5d32c8

SHA256
2afbbe94d87858f55e9ac537b465a7773ec93c91ed8005fdc560015ba22a5bfa

SHA512
39a56700ffce69d50044182cbb7ed0f1c3987eb582177e501a0edbe4751562732cb8203f19d593cf118a77111e1ec0d6c586fb8e9510cf6c9e3e5a0406d6a276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
aae2818cfdf1690e3301246296bee425

SHA1
4c741a3a2569fc90fbf6d166cb8466b811b05fb1

SHA256
6f4f95cb6f8930417ea4013509266eccc63e3bff2af2f1f57d32c69358fd9109

SHA512
5eae180728d3127a28460b71fbb49de0c9fb997362a0c0efdd1b7ac7df5bdb2a31696b745f5b4f8106c63d44746333c30917fced99cea8b1cf27612a3d7d9012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
798c1998c385b74a5edd36482859e8f3

SHA1
86da16e7215640b02310b12e454545d3b3a8a539

SHA256
aa2aac63d9b24361c55437da264c774c0d63ead09dc478efd944f14a810dd0e8

SHA512
785936d44250a318b37edb6a78b4d2accb170e2c2f6c9dea8e34c1704ef04e67f5bb079fbc2b322977f4d7c89b1ad7c9eb898bc430ebe8f544dc978c70f59032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
88a19b6ee41a86294521af48a1149cfd

SHA1
4e8431ab243e9f952080224307ee346fc6184657

SHA256
bae5cdbc1086dc612d04f2989faefab260c0056bff5b8b7b6af8d378dce3a79c

SHA512
d23f7a33ab500dd1ae63b4c8671c2ae0da76f12094debd8c053a8e97cdc1890ff17fa5d3b0e9d8a18dbf0c5f67a1a65199283f1070a8e9d530a2bd40513e66ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
72e8d36d828c3c4868483727372d50df

SHA1
7d36e2e782d48e55755bd6c4857c6f308af16f6e

SHA256
967ef496afd56eb6b3842514c26b20f144ddb39865b44385fce86414c133c664

SHA512
bb5e11ae6cafd6dbefe4af66d8c91785942c084c67d7b47c18d66e62415cd31ae59564f4d40161d415d4811fcaa759b722f9c6b1ba04008a37a57822941404f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c224fc5dcffae9fa4466c5970ae2710f

SHA1
1ebd9883320d4d2198d4cdb439be7b426986662e

SHA256
9a39650e950e961bc94683c5e3bb3da46faee0d2662090e1efbeeba2d650d796

SHA512
f0e4b8a14377c66a79b98d1a5ec2a2fcac89541fd5a07153cc493d21f9bbf2a24ba9fe219e9bff033bd77c070b2efb2558a5a2b8749beb8850685361e3648408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e691860e416757fdec48c4e30ae47d8c

SHA1
5fb46ef962ea5f15773c68b5ee3d131b3afadce8

SHA256
568a327a3fbcedc54232b0b128ac006672e24e663193c17eb2d3cb6e28fa8125

SHA512
3fd320eb51c86ba3abce76cb19cae47382dfd48493890fd9c7875a124a4200fecc276c7a5b4d82d2d90caa59cf66eb737a5be771da7973c76155531e22cda3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce9a.TMP
Filesize
1KB

MD5
21574fb361d3e47e78b511d5fc284486

SHA1
cf410dcf21760fc8cab4f7dc9930d179cc8f1e37

SHA256
db35b5417e514316b01212819d24477ec7f4c777cbcf67a85bb2ab3e40defb17

SHA512
224aa6aa2118d049dad66ea6a06cdf93c45610f1854c54cb9658e1d3a2ab280f2418e39504a198e43741b7f41354862db554143e8550743ecb659ddd64710570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
99bbeaaf102df73df37b60fcd1259d22

SHA1
4a388c3dd7d53724f80d7ae2ad37cbc2ec881b02

SHA256
c2a8d71722ba83f2dcc3a5ace5b9f9e06d7e6f2831efdb2c60d380f84668972f

SHA512
236fb2b8165ae5b86da648fd4ddd5cd08d28706019530f310a3abcf2e2fa80963ac289269bf2420055405082b3dd4433efd0815828d45cd07956a4498426bdad

Download Submit
\??\pipe\LOCAL\crashpad_2344_UGACASGZAFPWDXXT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit