c0d431092912049634050006bce3e91fa77bd1f51327a0da5ebb49a3ac6e7633

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ca78df4b9ea92c989fb66959c51fdde_JaffaCakes118.html
Size

274KB
MD5

6ca78df4b9ea92c989fb66959c51fdde
SHA1

899757f5ed1f1507b6223ab5f741687013c8008b
SHA256

c0d431092912049634050006bce3e91fa77bd1f51327a0da5ebb49a3ac6e7633
SHA512

7997ab9de5659b4d234974e3d61ccf95050fa77292e5661299e857d8baa9394efe886a89668a00b8e2f70b128475efd05834f8d649ad2a94c5111c028ec52233
SSDEEP

3072:BwpUcjvG8rMdcXmNRS/RmpYrl4LsvScWDpRkR8peKEb8BR:BwzrXmNR3RkR8h

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4296	msedge.exe
4296	msedge.exe
3428	identity_helper.exe
3428	identity_helper.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 4728	4296	msedge.exe	81
PID 4296 wrote to memory of 4728	4296	msedge.exe	81
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 3480	4296	msedge.exe	82
PID 4296 wrote to memory of 4788	4296	msedge.exe	83
PID 4296 wrote to memory of 4788	4296	msedge.exe	83
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84
PID 4296 wrote to memory of 4980	4296	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6ca78df4b9ea92c989fb66959c51fdde_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4ec546f8,0x7ffc4ec54708,0x7ffc4ec54718
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9941237249993496098,8421967316836092144,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
95e9d3b62271a514075076b0a483bbb3

SHA1
8af312bf4ffec49bd6ef574ed854ef8f3c399bd6

SHA256
8a26ef569ec43ef38bacfa182142ff7c431f67cf0f43c7a84035f04f8cf49e00

SHA512
19d3ab50cb95b567b43810c46f3e541fcdc9b05600617c0b6cc40428fc53356e9d754d18d00b8d044aef1a374c839b04a02fd3fd6ef011b432db8071b8fe9e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
788cf2c1a8f282adbbfade17d30e5532

SHA1
d1d5cc252fb9d1d52bfcd94abe0547b7fec5760e

SHA256
e8a9cf5bc437f3ca6813fcf0315a72929ab4ca82b093238f29835fb723f58120

SHA512
87a3b31c8cf3a27880937963d205494554be3ef88074cb93ea704e34c1bd3c4512cca0d046d3a26202b3f6cac9acef40f9ace24e22dcef7cf4930fae2399aeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
42eb027a8989abb0ee1fd9521e70614b

SHA1
b5bbfd19eb26f7d1902a27db54ea40b2212aa4e9

SHA256
79d2526c1cc134b57dd18be0f096a24ddbfb026d5cb75d41ce2bfd060835a697

SHA512
a7465f1f9769437ea40bc32da7ddbfba1dfa78d2e1bf6289658ccecafd3ba7094254fe434919a51903679f3aa75e1e269c32d84041b3c71515c8944103044179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a1750ec52f44d3f637454f8a972a89d

SHA1
7c7437b304ec46a47bd2b9e682ab131045d98146

SHA256
9e9f123d306218dea211568ad6599713d11f4c9e2674245aa7ac6cf39973442c

SHA512
a0f02b1d3d49081a62f6e675049a5a8d8cbb38590ec3906f67380ab1017479869f8cc79c4f0bf220e8ab015d3e4874e73844a975f83fdfd0a620d0c8006a6751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b29b45e51646763f2a62c970ac33938

SHA1
73769c895838ea42e97402000ab245e5879dbe6d

SHA256
73b07aaacd09c767e88efd0047739916ba2b0ba7f40f3bd4d7475404feb1ad01

SHA512
4b2df99e8620099cfff6203bb0cffafcfe46210233079bfc9201ea26fd2cb57c96ddfbcabcfbe2365bddb33eabe930afe817072bc86f31f3d077a38a3a57f5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8be12510e2114fbbb7f723e553403b5f

SHA1
446162738562e9549d49a4a95284f53cbc861e64

SHA256
333a97fc2ce4a78d3e867d5d8517d7e21f859b49a6d7c0c5853affbb2509ed17

SHA512
4ab8fdf4448e1f7482bcb90a07bceccb0a34f0e7ffccd4a9ffbe07838c4781923dc3b387ba84c60c594796963c4fa2981e010e773cdfd8279446fc202ed58153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
415caf9d38b77b3632bdaf26e2fd4c5a

SHA1
655f7b85b1cbc6708cb62f7d0c929e2285613f6c

SHA256
e5718a03e68e3f3a899a985c474bb93c34e481d636cae59a3570d43173dbfc48

SHA512
14fac9a136792d86e9f4457bf25061bdf968b264030e4d982ec017f1aa3e5ca3d9558ff51b87fdf10ca514424a436942456d2d3b420693e66ecaf847d65070e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
24d3b0741767f88133677d2e18f5a0ac

SHA1
71ed24ac53e858b053420dc266fed0a2d6662ed5

SHA256
5a5e1eb9010961a649876de63d24efcd0a130457414ba97c37081fe52d43a7db

SHA512
aa052b39482723bd9f2c30bcdd61578db3147a705cc65fb57c3bd5839ad2ce5f93173db3330fbc4bd71e66a78a312fcd0cd3466170987581f4398dde047a5443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580e53.TMP

Filesize
48B

MD5
34e4897ae73b6e6f1234e2366f06cd02

SHA1
4996396021715fce8bab5cccddd8b04d45feb822

SHA256
a2313438a8b95e8d4a92dc747580776771e7bcf71f419d48d84fabd4d3e1fe1f

SHA512
3a5d592e1b97dfb20f81fafd8723c2ce8bb6a61ee9125597c021f2e727f402901e9c3365c1f83575013c7e9638447f3fadba2d83b9a5c308dd4643542dc66bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd64.TMP

Filesize
707B

MD5
2995f804682a6320a23f8a2abc51b978

SHA1
befd209e1a1c3e82e7e1a65f9818d627e357b347

SHA256
97b761a496811c5fe75d207bf49ff02ceb58bea3991804eb52465a66b1bd24cb

SHA512
cf5dcb37e3b1612ad5f3b5767aa8840dd6772daf40b7bc48ac5dd212aefbe11f8ca2aaa4b8a68b012377a3949f5883bf51e5b732e5a484206277382cc5bf6691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\afa0b771-71ab-4f0c-8d42-e8a354d15efb.tmp

Filesize
2KB

MD5
d0cac7fa5d30ffc42757fd06f331ae15

SHA1
c04024c5b2e512f1125aa2ca1d6e1897c8c9bcd3

SHA256
b7680c373d758b2b5585c4a6055397578e1f475dea432826a80aabed8f855840

SHA512
a3bc4f94e4ade69aff2b8e551d35b36cbb48a51e0d305fb52549bd016bbe76c4eb3328caac4fbf94705e25ec7370b10b00e159894b53c027c0db3e83d4098140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea27082c06691a0fe198a46d586b9439

SHA1
ba047e7ae91118a4c994d6d5405ceb51c0deaece

SHA256
304b7cd9414e4c395e9bc1e076f810a0db2af9ec15ac52f204a8811293966cb2

SHA512
fe33d162cb5d8826b960c74e16e180cdf6ef990db5744d6f18a4bcc0b3e6c4904e7ad9448b2810d0859bb63c2c9d5d89afa6d5fce31a870040eb8fc5d1649cc1

Download Submit