5b1a0057f173b3b919c5e65803867c496380723b4745a00b13d3c135d5eca624

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81420cab563929ec7fd3735c90ca5c23_JaffaCakes118.html
Size

250KB
MD5

81420cab563929ec7fd3735c90ca5c23
SHA1

1f210ab8cfeb0af9441f680187f67a3b806cc79a
SHA256

5b1a0057f173b3b919c5e65803867c496380723b4745a00b13d3c135d5eca624
SHA512

94ba4d2a7fbae81783332e7de1158305a690e11910b900b8c6f4607b8784f00dce5de3cbdabe763dd31034ecc06cc1e5c598f729e424cc5fc1032fbee6488f6b
SSDEEP

3072:++Y2MYJ6rHfgaToXdYKOKmwwr4t+2n/fld63oDFTT7/t+L:+BoaToPUq3LlV+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2604	msedge.exe
2604	msedge.exe
2028	msedge.exe
2028	msedge.exe
4216	identity_helper.exe
4216	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1736	2028	msedge.exe	81
PID 2028 wrote to memory of 1736	2028	msedge.exe	81
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 3956	2028	msedge.exe	82
PID 2028 wrote to memory of 2604	2028	msedge.exe	83
PID 2028 wrote to memory of 2604	2028	msedge.exe	83
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84
PID 2028 wrote to memory of 1084	2028	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81420cab563929ec7fd3735c90ca5c23_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e546f8,0x7ffe32e54708,0x7ffe32e54718
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17331597515632624099,6169777259141760339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
229acc8e09ea6cacbc77c6ee83f816df

SHA1
8012b60054c85abc243c2c1e7f00478ebd248a78

SHA256
1d0998081ac310cddc8316a86171a32a7ba33d897dd4a8df30faa6cb8eb1e4bc

SHA512
ec0a30a79a22093dc81fcd54a24eb9de07e7958d10d1a551382efa700142201b2d415795693ae0d1d2cf2df8e723fc4f31dd36a5f6a0e0384d20420eb0e888e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1f9f759fc21d46dcf1352af9f23222e1

SHA1
c50f46446f0cc530800d820875b85ef96fe8e2dc

SHA256
c04203df9a8d78bad04dcf10f87123965e27c6f702ad161ac748bb33ed567af9

SHA512
69105007116ef3c4118cac2856edba2a5259aa9d960590e39c9d8b1c154a9fd3b5d4e9219f873717be49ac440edbbcb0cffa4bec55acb003604240c9af8f9848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cc8c8bde399f8372be0f97826f53e7c3

SHA1
c7dd86a59448082a33219325d943fdb22a70a530

SHA256
9a099e26e21bc7aad6739801cf368de77f004d624baf666e9396d8873ad0969e

SHA512
cb8611708c6761939c61754bec1100bedcfb8b5a045592cb2c753d15809e9259ad48019e1440a1b8a65c96f699f3b0d26031e7c47050bef3657de8761c245691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
db98eb91ca4cf1005826aff581154253

SHA1
4ac588159c181f083b38a456a4800fd73b9afd7a

SHA256
2d2cd5dbc1cea4b700e64342f2e58b2898e16d3fd698fe06290faf6f4ad62738

SHA512
b64e4935acfb2d8b81efad10b49221707f7613de2f6834927be10548313f9bec4ba2544f0c639dbf0b2b504a72120677802fcd1bddd40103ca44acba1bbd958e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
43e71ed0cb78fe6e1c945058a59a1886

SHA1
49123aeb44f190f4f32c5091f745db89abacacc3

SHA256
3dd29b1af8aada8f5e899539cac8e25f6524746a3d5413209d40fa374672005f

SHA512
4f0ddf6a0139c21ae3b48ac5668706f9f676eff6c4cdf98280b117df7a4b4472240b4a07eaa4222fdfe761f4b546435e38920b2d029a8e834abdb27cc2687368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
27f996981f43d905b4034e4d81781693

SHA1
0506ed55118cfbf168aee0e0d63fa05c87e5a667

SHA256
c8de876d68b633fe64dcaf5a453fcc592cc8de540511b0c9ab2cd799e07e76db

SHA512
899f0071d372110365356fa49de2f91776144e7d6a834494b0ae3faa71dd04c16f911f6551f66863d7e3f6bcd03966d91d527c4b8b34164d1f013c13cbf14168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b644f7ef319ae534cb2e04c468d79060

SHA1
82312a049a2573318085118948feafb20987373b

SHA256
0033aaf32584aa7cea3d12138734ad47b8a04adfb075865d27c0884b8a6c5f59

SHA512
da3625ff7e28875951a09c44f749e0aa1ad9c526886142f684fd96dccb75bd104341df626bfbe8ec111cfe4fab136675c3b0be9e45ebf734c0444b2c05e7a409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
388945be58739f09bc22d95b12a6099c

SHA1
472dbed1f7a9826b7d3cd7bf4a38aef93d7f4bb7

SHA256
5bf1b04cbf5848c966bb9edf5d0f97a521ff6bc7393f20d74c6d448b6142bb21

SHA512
9eb306d22261a3d0b74a96d10a6c52cb080f3f1e50f16a3b739eb274831c2dc7d1aefa69897e7248912f64d98b8f7b0ae1a39314a3549fdf6b368c4b5b3186cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8854da9fc86dcce6c55695fd01c879cb

SHA1
0f3272f210313e36e7ed70597e96faebe2762c64

SHA256
5822e0f6262574a4663813a70382135ec95c4a5c1cb3167d8d92a51abe25cccc

SHA512
d9b20a4657d184a5b66767000cd320d2d99ed57332e90bcca28accf9728257cc809967816c24775a4994cc28ea41b445a0a8944e850cc06d58c0235ee0741543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
422a48382070929383ad1680337ac521

SHA1
82d2621b639bcbec576ccb524a3bbf8981b07dfb

SHA256
7d604278ae6f16283f77f59e2d8beddf86260b185ff6d7108910ea9400f26c01

SHA512
247ebed606273cb0c2818a98dae6bcccc9334f3f4ea1db36a38894a31f9e3e6a8a1c21a78f50081c01631a691b4d38f95194e1290cb1fd729dbf426c4f950d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b91a.TMP

Filesize
370B

MD5
2dc48f89aded825f9f2909ec0d0f5af5

SHA1
098d29d73be41529277725e6c97562e6b1810fab

SHA256
af3babfa5441b38b3dcda7a1b88a5aab4e25ac0885e0c45981f07209b795124e

SHA512
b3d460950d2073c109116f19e9c46226e124b23f5486ae2a94494bbdf66f3b0dd61820732703060fdb376f8ef652c46ab0ac3f4829bc0813b71794eb5a0c6046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d5ae70d3b5ae4c50f6fb6d5c90665f1

SHA1
b0bdecac821485160958b75b9b88b459eb7b8da7

SHA256
7eac211050648ca6f508a6f0a48cfeb487ed70d71bab06f38ebd766a7498e104

SHA512
4832bcd19116d5f68859755d8072456b41e149384c66099c4614fb51161b2d58307b75772ed24a86c4859faa7d3170ccddd688b9fa0af0b341c79d4604e29e1c

Download Submit