f25d97ac3d1442bbffe0f5b1aea7deb91148776d3d0e6a9f40eedecce3a3398b

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696d64b955d7b9034d5f173597f507f8_JaffaCakes118.html
Size

62KB
MD5

696d64b955d7b9034d5f173597f507f8
SHA1

3da1afee0c54b505a4381bbcd18aae0bd515ef2d
SHA256

f25d97ac3d1442bbffe0f5b1aea7deb91148776d3d0e6a9f40eedecce3a3398b
SHA512

d91d67ab340cc25471eb2ee4cce214f4de8ce30c49b22533c9073d8b2229e560b759967f9b09549fcbe228312938c272bf7e05e51fb8a1fe107a6722b2021232
SSDEEP

1536:grtx2542E1O2o4yUahK+njhT13afI8T7ZdzYzak:on001OjUag+jhT13gT7ZdzI

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

10 sites.google.com
14 sites.google.com
17 sites.google.com

flow	ioc
10	sites.google.com
14	sites.google.com
17	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3360	msedge.exe
3360	msedge.exe
4712	msedge.exe
4712	msedge.exe
3656	identity_helper.exe
3656	identity_helper.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4712 wrote to memory of 4728	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 4728	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 6040	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3360	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 3360	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe
PID 4712 wrote to memory of 5788	4712	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\696d64b955d7b9034d5f173597f507f8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d4718
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
2⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
2⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
2⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
2⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
2⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
2⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
2⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
2⤵
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
b3fb295e86aac068a056c072732ea9ff

SHA1
8afc6bc0d5968f68918cd47a4cb6d32d43e15434

SHA256
e12e960f6171a430c2f61619609abbcd4eb71b2636b39b4052b700e7308a1c81

SHA512
73d18401365ab3fa01284845c6f723f4c5b1c476e6936c5e29a50eaa403e4e2d0dd78b6b6faa8ad9ec883d081b719cfa1efe1e9a79ea7483b332c33e02e882a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
e5161f9b433ca9d232ccef17961f81ba

SHA1
5038c9ef020e4bfbdc4f1d3d0c9ffdc5be183d5e

SHA256
45dbd87e7b17de39212aae56f11d099b32aa7bc33d1c5149cc3a1424011ecb86

SHA512
7d786d94a258f9ce3cf7b528d3a1363905e87c41e8a37fbbeb11fdd29f4027e8be89b870ecfb5fb72a4f006e1cbe2399dd4462da2d271dd40e7ea37b0427a9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
d76c1d0cab4c6353aa296adf52de4f1d

SHA1
714674de99c4609ae15e2a1abd816f9696238b5a

SHA256
d4ad8b4e748cf8766996921b12709cea1ff65ce8861b60ffe2a8711e7e93d817

SHA512
3c16a3cd36b2496e2791e7c430aaa6f86dd14d6d62e4bdba5876a0ea47a7137d53d413622ab25f789f50307edb4431187789bbd57535d89e3697257180ff8f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d0254f107be6e89686d3fe4335d5ad35

SHA1
7834b989d13f8077300f0fa867114a0d40074d2b

SHA256
59c1450bd527399cc585804e0d22d6f1489f19416fb4375e54959b5ec07123cf

SHA512
2c076561fa24251b796f42e54eccf69e2170107dc22d26fcd8f0243d5ef4357a74fe94ea3d417a048f8e5dc348fcdca8a3fe9074714329aa4313a90faa0c04dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
74cb86404496b1ef11720ceae1bde0a4

SHA1
d45a8544521fa41eebf852b27a612ed498ba1e26

SHA256
df20e8c7fff4551c284e71a77adda60b225c886ab902122092a8e7700b2e61dc

SHA512
38e7fb137196689622001da2d45a93a67736921aa830c36211d37b27a5c9f472b149848dae71cd33197ee496179793da97d4a8c8be63b9324495267886234614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f68df1681c0e72f27482a0dc65bfbb05

SHA1
b470ce7dcde18a43605f24cc1b01a85afd46c59a

SHA256
047eb24166a52247786fa613d043521297f331f2ab3a8cc75a110d082ee72466

SHA512
ac78e16fe4cc76db72f4f4fabc5ea18ae2a87a67488d507546507c9c3290f0dd07a3759e6921160a4e129a5b2ff0ab2b6d71badbafc0c244cca50c8ce3ec822c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7b05286059b30d012349e6c0020bee78

SHA1
65439624c00c2c5b003a5939eefae2edfc3f7e2f

SHA256
4a0f00a74f96983c8f6dce75185fc1833fab178392425ff45899d09cfaf3f878

SHA512
12c14f4e0f914d9677b68f687f0055e8a1fd0e027688b190d1d826a5c90406b54c0a0b8242aa4046dd1e29bf6d19f1b79803a0aa06b1ff8dca110a8dccb05bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
2c8dc141e24c5b36fcfa671c829b5c2d

SHA1
443925f4cbed3a19723848e0df64e539873b0c32

SHA256
aeab710a7295f69cfe4b6987f55c235cd8c5e7c1468f1d5d044faf02d3ff18e9

SHA512
2b98455017e09bea613f4fde2414a4b6211cf3e704c27419996b319ba4d73975c69dcaaac98795660a2be698be1655932d6e26333e62f6cbd8dba0854e63c5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cbeb.TMP
Filesize
203B

MD5
760b83f9d151a76ce8976491f60b5633

SHA1
822fe120c5c267de023097148bd4e554f8115dc3

SHA256
a15a5efc1bc0404514bd1b29db6ed1a4f4b915cc9caad9e7697451fb0fb11686

SHA512
61a930deabe5610e5db5da76d28c3aa34c3e898ae07d4234d937e7988a47856432960eff701146862d0273cbb3a2c224923854ef0840cdfa1f844a3b26ddda70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d276e05ec8394e1f41e66d3dd0b7d835

SHA1
ff2a52d10131407d905378fd429e783aba9a49a8

SHA256
95e8f0d3ac29abedd15fd53aee29079ee0b9db5bfcde3a4ff0e48e79c06bd5fd

SHA512
026bdbec59e8e17e4cb8288746e894394b5fe6417bc971acc3c7dc6344455363dd0f4d2c0ab82f5630d5d01dc3a0ce45c80b74b562bb98b48172f523bb3ed6f7

Download Submit
\??\pipe\LOCAL\crashpad_4712_XVNGNMFNVJHYDUSF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit