e3805e6a681a5ca9ca00533e697764cc15fb5444ae9e615b7a0939abd7d2da68

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70f76e5ea1792fe873fb0a73e2d3564f_JaffaCakes118.html
Size

174KB
MD5

70f76e5ea1792fe873fb0a73e2d3564f
SHA1

2099ffe5168b9a4144888746bc75d2e066315195
SHA256

e3805e6a681a5ca9ca00533e697764cc15fb5444ae9e615b7a0939abd7d2da68
SHA512

01e3b9087d1c26a60cfe3d437009c19a9b54015b053ecff3cdabb030e3b2b9841c08f6f13e6bd1332a2facd524c6d8d010332a6655f693b02ad71736668b437b
SSDEEP

3072:d5ofbRDVKUcjvG8rMUcXmNRS7rml8K3zxamogHj5juDresKYutZCjFr:d5ofbRDVuGXmNR3LDxamxjuvjFr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
1412	msedge.exe
1412	msedge.exe
4056	identity_helper.exe
4056	identity_helper.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 3456	1412	msedge.exe	83
PID 1412 wrote to memory of 3456	1412	msedge.exe	83
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 4204	1412	msedge.exe	84
PID 1412 wrote to memory of 952	1412	msedge.exe	85
PID 1412 wrote to memory of 952	1412	msedge.exe	85
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86
PID 1412 wrote to memory of 4956	1412	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\70f76e5ea1792fe873fb0a73e2d3564f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,2486726571487623894,12037325469672153358,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
bea2e3ea3b6851d5f67eee7b5232362a

SHA1
c36a852cb39e5ecde700a86d1719cc13da72bb10

SHA256
a126013e8a721869deb71b27bcb0e27f3e6def01c6bccee13c09aa50fb007ba4

SHA512
ca08b7c0de28a71d9563bf77f2fc8d06a1942f0b4eb230d8ee524cb7d6c84a1442763476a2b97a5c2b1064aeb0aac259021a9917a47726e7ce3ee59f6073d160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4effdbf9a6c1ae7c2a99726ce4175a89

SHA1
60fd55707bad0aaae40246cbc57d3fe4820ece94

SHA256
761bd88ec53b9c7cd7c3c41816ba214524aa3b457b59fe04dee62752a42e0666

SHA512
94a817e92a00db6ea483d9a3659e811da3e287b5d32bf185157d1a2ff86f96e226b22ede15702e766721402c24377b3ad1f122daf1a7afcce86a2ecbbe9242af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9e46512d4c212208d848e005f30ab149

SHA1
95bda1b7508e5c576a928a6ff5e8b4e83ece075a

SHA256
11846177564a37b44335a20bb60defb4e632684bccc75542a39e2de2455164f2

SHA512
9106312fbc3e82ead23fe47e84af7f18559e5c19ee4aea2d90f68eea03bdfbd1d4e9778a68cb2a5b6149a655cbe2b01730306414d475941b972d20b75c53c6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5a9f0c724731796e7a77e304bf53fa8a

SHA1
60b7316f112876659faf1b6a3fad0ce2beecca2e

SHA256
1d7957048a5bc9b6e76e369053c60c2b0d38b3958de4dfc3733b89423a1ad729

SHA512
a77541bcc5774ead1470390a83e841b99c7d231280c5afaa877e31b68d08fc3a5d551ba543910300223d0d87f6369a756d1b2230e394f6e6b767ec4ae119d98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d353a852eb81993fb3fe6b49706ea36a

SHA1
54795e156f97d16a1aea97f8e4f57f8e68321643

SHA256
cb483c5f6a889009f0ceb61101b6d9b1e9b897d933b5fc4d7c8d8e0c4afa10e0

SHA512
d53a81ccc810b501cc3b964cb46a2b38823c0c76a02ea515e0e83c3b82f3e0b79fd9e8d376edf5ded64651c8cba064327f5d2e0ff11058df60c9261a87f84093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
abe288c1b599f9063b2f42c154d2d8bc

SHA1
f54ceb38d0513e9067ca138fcd49e3cee0749c8b

SHA256
99a7137aa56ca5f26d322558fafba121ab94d28714692b8c4d9b27552cce387f

SHA512
c414b6df8692492e525b290ba40936b9b38efadf365ddabc549c702a5df9d189d436b6c2828ad9b55bf6655679c065e6a59537a4c5da2ad8a5d6a48975b77601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62720705d4a56d02aee55e0e4fb903b6

SHA1
aa5cf683e413428dcb7b207e50db752cb58e1d47

SHA256
c3a259d9a781e19ad1ecf53111204550cfb180975a9be64d53e8a14c2d5068e3

SHA512
293334442ab2eb3b5374b325461aa3db50f202cdfb0d8e1731bfdffe5de13befb27eae1fc013fcca7dc82bc7692f85d0b35b8e1ca200e8ee7c094906359d6223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
400cf20a284f4b098e8e42605f6ca101

SHA1
0684d77df065493e524723f84616e6a8c1ff6811

SHA256
82a87e145666da6d334d4160a91aa3b9e24250b180f3dac196daf5f209ce8b9b

SHA512
a03fc57b8cda97736454ce72627cf6c6dc67d1049cd07045c679fbf20f07b2e32798ca5307bfa172fcb83b1afbe524056ae70a218742098a747221f561aeef68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61f0ffc40e9478b11e6d33f4f691fbf1

SHA1
7c085ba781943329f4f55a5746d314ab92ab605f

SHA256
4ec44dd61f3421bd7779e1327b4d6cc839800ffd8f9b977f17ca4338c0cb9c90

SHA512
8dbbcc2542d33e6c9651556ae6aac88202e6b14ec50d8eec3f78234a31a9fcddba010a08e7d960dfa156a66cb1658906d7f0393691e66f231d8d5c9bd1ec0f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b487786c4b44f8277b644b0cdd2f1ad

SHA1
2883b70c2fd561c2302d0d080938f371bbdc5174

SHA256
de5490601652207e66d04903a4cb10838459380bdd50158b14439e39a35ffd76

SHA512
c2b9e90c63fb8cf596c7a36c0e3881cbae477be659b789072dcf5efccde40c8f8d4160687692e648ccf3946852d3bbee7f56fff104ffb309e7cdb05113b07f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
314b175e9b348814708f92695aebf096

SHA1
cbf14a16764dbe9b0bd43784a63cc792410e4ad9

SHA256
53baf85584217d53843b8c7c08d78e0131c433fa8856e6730394abbd55be9b83

SHA512
95dc085931cdeb00985cb00607b5c1998346a58303c9376b29a35eeaf5b077c01cd0bc53d3f0cd18addd162c4f648440fa3675e43f486fa21dd18b4f309ad6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582556.TMP

Filesize
538B

MD5
6229a9bff9ce5dd0df900f6c32c40e77

SHA1
38281847694ad0368e8e333b083e8a921eeefb89

SHA256
f87772b9ae579d07e631a11b3b76d67c13cbed9653072347a5d2678c7ece79fb

SHA512
3c224289694505dd3cf0163058e78e4db30ef78cc53421f2f0c1a22089b7c093108f17f0d82b809fa37be8d92c7946981ac9d0e33c2b6982ec8f430e38910ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a036037d-1764-4ccd-af0e-2429ad35b003.tmp

Filesize
7KB

MD5
1e6434cb3c2a6363f8305b251e55f5c3

SHA1
3e50bf5ede4f7d1e2e40c96f340b41c9ad380e5f

SHA256
b5e4a3683b7270d45bf76d42c92c7e9b00a022ea4b88c4e48c79226412f419df

SHA512
501547c30ee7ee11ff4e2426f80a5e6a6133eed27d474f52e84300d18b2c3f0ea735fba234286df8e4fb14aae3ba4b29fd2d81b7645473472072b548156bb10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e50236ac508bbb615b1935e4ebe7e910

SHA1
0138df143fcb67d1f4a222067fe99f72200ee3ed

SHA256
39b9622fa142b667a09280ce03971d4546b530c24337be0d4f4fb231fc97a038

SHA512
8dd70fbdd2d2e3502ebdc367fa628c8f833fb99d2714bb738d10d07ae58dee66f7c24950e014980bde7f0f53a801bdc05ff6d8e266857ce6345f4dcf302567ea

Download Submit