54a8bc3cbe4953a6b59f6913182cd6fc59e8117cc67c9c3be8ec9a2ea0fd54c4

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65da40b1da671caa31fa2fe0657b3542_JaffaCakes118.html
Size

162KB
MD5

65da40b1da671caa31fa2fe0657b3542
SHA1

0001aee80280cc9020171a3b22ce2d84243cfac3
SHA256

54a8bc3cbe4953a6b59f6913182cd6fc59e8117cc67c9c3be8ec9a2ea0fd54c4
SHA512

8309445d2758d87c53db301ef4e9dc5e865a5e5d7ffbad5fade0f8fdf7d97d964422e74ef28a4e07cf71889cb86bdc6f5bc83fc5bf8952965dde341373ca1dba
SSDEEP

3072:CjY2MYJ6rHfgaToXdYKlJmR4tT8SBHChT592eGlaLWI7BKHtFM:CQoaToWWHY2l+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
748	msedge.exe
748	msedge.exe
2476	msedge.exe
2476	msedge.exe
4272	identity_helper.exe
4272	identity_helper.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2476 wrote to memory of 4904	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4904	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 4636	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 748	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 748	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe
PID 2476 wrote to memory of 1876	2476	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65da40b1da671caa31fa2fe0657b3542_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0x100,0x104,0xd8,0x108,0x7ffc002046f8,0x7ffc00204708,0x7ffc00204718
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
2⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
2⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5500 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12498808174014613779,17776960377298754298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
2⤵
PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5f769b347ceed369396c5e62e7639d68

SHA1
54f0a81bf0685ff3abeb3934aaadbe5eefc6b321

SHA256
e9276a8f4fbcb645fce24943a099075c3e4b61bb620999b5d5d74a4645dcf9c4

SHA512
8ef0665c378712296d67d728be91b2a15ff65206bda76b5f3d5a69612985dd73fd14a6f651ecf53758acf2a5103ab279f4d4ef9c61e2ebd6451e1b068167b409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
52b3e1e7639931a4586012c2458b1f10

SHA1
cfd6cbef6f7472ccc072db5225c5893975f921ae

SHA256
e86746ee4b37d1691538eb87338c3f8e2a71ebb3323daabe46e7ac4dc595e4a0

SHA512
07aba8269781708e8df6f142d5baf98ceaea278bfbc06039b51c75765cc23771dc5730ff2774695489a9cccf611de6a667d390e41b8a8d0b4981d98c9e58f17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ba09d6ac0d002bd80c7ff841c76c5443

SHA1
c41f2e30c4f9b2155a358abbbd2649d322af2454

SHA256
8dc4999bbea2509b9630ff9a02bf0c28d005ed02fc2f888045df186da6016c86

SHA512
d0aec4ef526c3f1bde3437d140dd1ec540b68f750a105b51431c105512210d1a59f4a6c4933aeee5dca4c39d9ca76e75a789610477ef5ecb35265c4e233a31b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
28455b1ad143c4994124b42cfe0f0f2a

SHA1
c83c0912f222c1afda261fe44b31926ec478d3af

SHA256
42b9cd0e4b13a2a4375a3d3a6962d8e748622064c732f342922a96b509fcaf1b

SHA512
7f6cbe597596d92edec4333fe748d204ff3de9e950ec38ebd960ffc26442d31e015a4d36e715c00a6b2a04e03fdd2e3f1268f9d24432bba09ce5d49f8e4b47e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b71f770d37910d1c1e2618a7ab0d7c79

SHA1
9a93eb6f4a06e312583576de6dbad14d9a94289a

SHA256
b7d512b0f6f7ade2ad1992f678ae6aeea37ea22481e7c504606a19eab870d08e

SHA512
688cfaeae65b09da87b44f3dca9addf4dc345aef23e44c1cc5dc71fdd5df4c476c5dbb30765c391804574ff6f4b0af88d70e9377e0b93cc930990bf7e89e898a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd148b8357ac8cb79ba59b1c0e3867f4

SHA1
c32c35ca58729483294901dbca0dacc91d54e281

SHA256
683b7cb298ed477ca4556a27e525490adaaff2a93a4853bc26d3cfc16c8779ef

SHA512
7a8e120a1541defe9383ab4b9897273505fde9543db72a0b1c05b5dadc9dc22cc2efcabe91b4c66efc6215a0d0c74e99b5575fa551f67f29221531b33b6522cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c9a228e0a9361d2364ac742f16171e51

SHA1
d0105dcbf812ec93343b7d036d4fb67a52cd5424

SHA256
6ba506cc5d34355afe6441188f3b3b06bf238237b0e42c4a19b1a2342afcd75b

SHA512
c959cc9ece2a6ee7b3bef47e390b2b21dd97f7fd64c4e1492038f926adc8a09e7ea4404763bf1008e808ebb63962f1c3ff3d5c41cb9e7c69890b6d93bbbed632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
957ed03d6951617f42c6970550abc508

SHA1
6ba358c1b09fd03bd3fe34511537aa76db3107ac

SHA256
e87c6cf1c8575dda316e5cdd892f14bb97f5065ecd980ccc2b0eeef74a36b8b6

SHA512
d9f4b43dc5b809d9ac0d6081e5f87aed6582510abb0a22123bc8039d6bc22049b8737db3ee06d411157400830f97ff1fbff4ff5af42fbec0313901bc4b323f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ba6b6363c46ac9a245d2f8051e6f58ab

SHA1
a73ee6f339bed35a2f3e9fe712e6598f9d260959

SHA256
04dd3cf50c3dc0f84d69d17f2ae43df63447b432e7a6094aaede02337297dfdb

SHA512
86016a05c2334e94d74e254a1f30ba4befed4ef4a0a1ef038152724e1afe1469c890bee81d9f5eb2b887cca2931435e544600ab3101fe30551bf475afdd9c236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bafe.TMP

Filesize
704B

MD5
815ebd50cf4b97b008249eb4268dbcb8

SHA1
fff72b111c26f74960ea6a19fd9a7636c937d059

SHA256
63ad570a5b850a17cf3e4b0fefd3d5e01a2e214c3d838501e51e6ad403e78b33

SHA512
8319ab063a2da1322644af6bfe87fc95674e56aecd379db32814d6de7223ff222e84b93962d60f77291e63a36164529dbd41a7923d7a710387fa240c48a696f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6abafc584e3a26f8fa2a146b9fa54d3

SHA1
bb77d7c471df6b7786088d310381fc0ad962eaf4

SHA256
c27b8f1543b80b728dd7215597cde2055e29bce3c192ff330e7b8e3342aa6b1f

SHA512
5c705d3f2f78d94be7ef876e9c5fbb8fe68b70dec588bcaf26ab0f6fe972fe0d7a86073778bad2a96c30fcbeed175d05042826eaaf002cf7e2d6ffe9d2bcb8cf

Download Submit
\??\pipe\LOCAL\crashpad_2476_ONXCTQYBVJYGXGSE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit