eac01b4e743a7f1b6f3c023540e8c923746848c58dee480495078998c7fdd762

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6936a438f086071cb462465fd8004102_JaffaCakes118.html
Size

171KB
MD5

6936a438f086071cb462465fd8004102
SHA1

000564105eb046c72065e4143935df37d070e710
SHA256

eac01b4e743a7f1b6f3c023540e8c923746848c58dee480495078998c7fdd762
SHA512

af0c9df3d2d7082e45f0b18b7409f95c17c8d017935f0d86fbec9a9409bcbafbeec7f88a4ba9b703dcc8bf376ff02e0ddf29bed6d88482d79280477e7786d8df
SSDEEP

3072:VkYfbRDVKUcjvG8rMUcXmNRS7Jl8K3BDEUFHjnresKYObvj8:VkYfbRDVuGXmNR0LxDEdj8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4016	msedge.exe
4016	msedge.exe
3508	msedge.exe
3508	msedge.exe
4716	identity_helper.exe
4716	identity_helper.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3508 wrote to memory of 2188	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2188	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 652	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4016	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 4016	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe
PID 3508 wrote to memory of 2648	3508	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6936a438f086071cb462465fd8004102_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
2⤵
PID:652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
2⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3248404685107894457,12638983695558482008,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
c5ae9797aee185e36f92a3765a1dbece

SHA1
f31937855ac3daf0ef770a621544941af09d46a6

SHA256
a5428488f341ec9d8c7020c0a9f76fedaf7cfa37ac6ca1d4fffbab30566301dd

SHA512
77bde3c830d74b30887daef889a57904caac32e6ccefdebaa19088def9ddf2d3485b1f25d64f55d5591bb96787a02b6ec9706191ad624997477dd703cebd91fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
a041d1c34f6f8a440daaa70ccb907cf9

SHA1
4e942eb6d0d6d99e978372258f4eb0fbb8fa71e3

SHA256
08074f616950013138de2a333a1b6e71663b5c7ad09d949148a48db7d4f10a5a

SHA512
6f0ad5de3e6837a8eb09a7c709c45bb540f4a0a62063478d8376f25022a2cb6d0e8879f2b74c7c8cdce84356a44f2da29b0413871b6fa6373465cf41b6591965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
600fdc8e01bc63e59e1fa5845c9f2075

SHA1
525e987079e4068db9edeefc04d576120a8e904f

SHA256
727a9d7f9ae69a826a198bc75619b67415cb8653c4d4e7ed76c4474f0e5aca71

SHA512
ddd9c299ca9306b0825179d21630987cda19799ae0b3d2f48bf7dfd125d9d3b557299b4390225337442f98f6b17c324d58f5ef00299fdbe9ad4be913d2aecc77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
43f70d4e9b252acfb9d618eb6e80ef65

SHA1
bcb2393e7423c499d73b2996388fd7c491fdea83

SHA256
2682195e5a873d113a90acc4b8951dc247ca3a0006d551ed5ac9fab32a7e3cbd

SHA512
3a9fc64fa04750e96fd524caeeeb6df0ec4d005fb322fc840f2448a6bbc7638c717181edcf802ec9baa1b18f4ef96417ff4a1ef1df67abfd4c2d3d7b2313dae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
2172b8b592051afb96d687e652afa0ae

SHA1
2883ed380176095a543f046be0dee2d019f169fd

SHA256
4cdd1af2ea24604db006be9fa2b104fa8068cd4092721f73dbad5cad2d78e03a

SHA512
a80564a7c34576097795b40cf72fbab6bbfbd013058aec8f0fbd233404a55f3f3e05a57b8bea2187b5e516224e2bf12279e6510acdb7474da97179e0f551b9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8e7a0c2be7de5281c44406067ecd2f48

SHA1
59fb8f1046ffaa340f8fbd67df15c98bcca9408e

SHA256
ae220936fdd61cd5faccfcb6e68922daf7e720819e81a53273773248da4b84d8

SHA512
6ef15f3b3e8750c5cd59e1194bd6ca5446861f4bbd8bf9d649fe9828fbcf4b376fb4228b89b3d160cc2a68299d28171747f24707f95fb752c4f187852d5b2a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
57f23262d8a3dcd883915c3004bccb06

SHA1
20fdfb039c15150a81bc11e1a353b81f86cf0caa

SHA256
002ce41d1b11a8ebc7af6aa7605ff44958b691ae93b6baa8e60c51989f843a79

SHA512
9f54a8aede5804c67755efc9c7b91c18cefede68a1189d52f4ae3f64de5e8f2ff0108ae01d3890f0b3015a1b33de2a7a6bc77575789d301952dc7df13e7e94ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f53e6d69971cde80ca98a15e1ddd82fb

SHA1
a220ec0abc8c2c10587bad90ab60ebdf657fc5ce

SHA256
66b26e032063e3416421502f8f18ae7f37d6f852a15d5b6e1b0b7298c511786b

SHA512
3e359623a83a70cc6384c2e4c495f88b567ecec7530daf4bd286cd441c6707c86e17aacfbb60c065b102127ff06a20378b59808ca83b8406fbe9c6496d84fa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6e0cefa2561a5448f20159ad4d0c3064

SHA1
d91d8c02da012d96b258ea3370817ca67eb2d92a

SHA256
298d4b0d0404d2428329e79ae633f552bea1419fef1648ab80dba132f1c11079

SHA512
bda8e04878c57301f1acd1616d2656fc1cac09d9907955bc0be7b1f1de48309c153aa97d76a779a69382a0c46491718ed992401493465502012d980b500a1d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
94303054709943938f7cd5a5f765abfe

SHA1
bec48d38ba35c743eceb3d6853bbb1d8c7d01489

SHA256
7b53f73933b8fed25296c6fc2a1d7901af24dc3ba39b8d69a062ee1b513a4db4

SHA512
ed1f7c709389210b221eb777e90a7b668243153b51ea50cc00088e9704c3b01bafd1bc0c8438b9fcb26486fc0534a6f69ca9104237855ef55ee9a9b502ef6dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c11d.TMP
Filesize
366B

MD5
bb9fa7a328fdca0432ad8482e82f9fe6

SHA1
98c1de91759d2638c16b6c0c3cd8539dc7de6e6e

SHA256
0bb224eb8dce57af6f87331d21b3796eb2e82cdbd43060e3a45cdd02df66592a

SHA512
d17601342f3dd5463ff70d81841314564e8c01e19ed0aebcc8661f6f2fdcbed9cfb20a0e83c7002a8bf42a8e16f60cc79f1bf998494b7652531986e095d16cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea786454-4655-4cf5-a032-571ec50a1be1.tmp
Filesize
1KB

MD5
40613ba55ed92f1bdff2166d67c545d9

SHA1
1da9f43a59e9d5ea233c93446c3064e416614905

SHA256
05612c1bba313c1899f80b4e7339888379e17414f8ae51afa82e0f7e04dd9ea7

SHA512
9728a66d1093f27ef1294b1a1975dfcaaf241cb535b21fabbde7b9ee6be1b7188274d641d9b0d7732c32d06ad498a86be9ed84fa91604af46c76f9d7f42b5e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6fbf33c2f294ff0835bba9efebf93790

SHA1
6192443e2a20743fe842d205d7adda78bebc38b6

SHA256
0d9c74eea9039eb6276bac10c6fd6de40b0d42c8c1713620bbb0708171a7545a

SHA512
f473cb29bc0eb97ea6b208e0bc497514d7846a7ae685778b00205434cfa37f6fb809699bde8d6c6aa5cb3e91dd7278f6e0724d7c330b85fd89d55eb5360ade5a

Download Submit
\??\pipe\LOCAL\crashpad_3508_DESCUCDSLHCAHNAN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit