03e4f5496c403b1fc737e60b09e1afefeeddf37a5efac5176a11a93427372b3b

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c883967114206253d26827a6bc46883_JaffaCakes118.html
Size

78KB
MD5

8c883967114206253d26827a6bc46883
SHA1

5501565f633720806c9dc2bf61a0b49ad54df221
SHA256

03e4f5496c403b1fc737e60b09e1afefeeddf37a5efac5176a11a93427372b3b
SHA512

5fcadb6cc41418640a4979a394b90081791aa79dfb581cf3df4593483506b0aa51da02f91e3c6eaaedf3bb7148f74689ddaeaa9f9ee8c8ee7f5f4d3b938ead6c
SSDEEP

1536:NTf8UfCsOyZ5aTO3EYhDKGfiNKxb6e/6FRLhP2s4Aag4zeUX/sQrquij:N/ea3EYgKiNdmIRtP2sRQrqVj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
2248	msedge.exe
2248	msedge.exe
1128	identity_helper.exe
1128	identity_helper.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3784	2248	msedge.exe	82
PID 2248 wrote to memory of 3784	2248	msedge.exe	82
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 1900	2248	msedge.exe	83
PID 2248 wrote to memory of 4444	2248	msedge.exe	84
PID 2248 wrote to memory of 4444	2248	msedge.exe	84
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85
PID 2248 wrote to memory of 116	2248	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c883967114206253d26827a6bc46883_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe986b46f8,0x7ffe986b4708,0x7ffe986b4718
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9111811867902579425,8199887008353945426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
211c6941332e393c02418d7a198cb989

SHA1
5c0e7b1bbd092d219ed1d38d41aa3a38b3f2f5e2

SHA256
1cec807ae57ceef7305b9f3b975eedfa27f44c52bebba31d58a438654d53ebeb

SHA512
a4268d1ac6b3a6652b347f7d166a3e1656acf73790296038467f595b1b1d2f9d7e52e78c811cdded866d53939531155b06eee6cbcd570878d05b517121ffc73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ebc5f3699b7a5665ba4349daf4ad17a0

SHA1
8e914403c7c0f6af55f8f14548f6990e9c90a36e

SHA256
9233d1298e9bf85c03b2a428cae16c2ecac9fc8dcc0ae8a2914853a1668f3976

SHA512
76277b7a2ed7580f233999a842f4244b989996555023279c2dc6f19bc36ee2175c66ee5f396bc3cca1cf75aacaffbf5d540c2caaefec1afbe181d8e33047d316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a8452390a2fc35a277158cc945f3cc7d

SHA1
727b98f2348c18b1c7ec7eac9bfa4917737098d3

SHA256
b3ef1bcf8f3c3617423c105b1ce72a09038ca43e6b10fc39e76dc7bbb5439aac

SHA512
7f2ef123fe0cc4b5cb7ea4fade6b31f44a51f2c2f370c2681e0912dc4b4b6d1aa6350b142463d0b670e47648f3de60f963ba9285e4702d2e25fa97bc7c071ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
399a08693253e9d9f7f21498cbd801fa

SHA1
f33265bfe1c28c63647f2538fddcfd9df246fd92

SHA256
23e1cb48d24b0eaaca3082085febb1f0d06d270d8c97557105fecd421d71b09f

SHA512
5a638e89b2461f2307c799d8691153aad57b0f76226e07d5cf2c7d8285c7f660afcf7660aea79d54230d29a95890f69bb3c6790ca237bfd213523566c0e0d7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f4d765cc4f488ce6df4f8db1b009e38

SHA1
feeaa78211c39b901a2784c21f48fc664115a750

SHA256
078e8c22b9591041925449d66306313eb125f01a9a1ce5defab7e8b69fd772dd

SHA512
90357e6fd039544fddab0ae949ae7c46ce1c4d6ac11d6b896a6babd0f50f7b6fafae80a6e9a7544f3bbfc56df3d266e7acd0c292a525afd967ec9602cb9d2b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e0389b2997f3b3504d61cfd0411b020

SHA1
1814c66105f379b34bffa26bde73754dc9a38904

SHA256
6c13e64260036ae811e12faf3fb9774bb78484f1e89832632bd5717755c81856

SHA512
b062d277ce9b894b3a13365e48fff477f1a4fe941f1da50825013b86085f111bd8df50ea6c8508ad7f696470a3594637e484ba0ae3fe5bcff89c193f7099c94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f6d8e38e2990f325bed19f5b263dab96

SHA1
72a4672498fac052178fb8c506b36024920c4289

SHA256
c2fd18871b480d838b1f8b4169709c607a57aaafb7a6f1d5922db788cfe58b5b

SHA512
8a46af6ca0651f145cf30a89fe31e0e08609b94cd5ca54c7ef0d38cfaafb73861758abb8e0e0a0f14a1bc05919eab0fefef8077a5a93701c894d545a779430f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf5562f6905152d2a9510b9069b089fe

SHA1
58b194a8818639ecd0b4616a952035f8127a2a8d

SHA256
195f174bd7916491d2142abd1c610194d51ab37a6687f9a6663085f22828f1c2

SHA512
b6a72ca33c975376e4ceccd845ad68d2e9c5eaec3a3cc928a2a1955b1a9e3c8f7295c7339a0efb85c3faf680ab4049d7d6c5a7963ed063a66fb60036a9feba4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
e29a0f47bc55f86aeba2b07ccfbc6266

SHA1
520dd5b08cbbea2682586f5929c85aaa1294b59c

SHA256
0884462b9a3ba43b9e9e7044eb6d2adb83cbe768c9f7795b24bd4325020b6133

SHA512
387b38196490d42e28b92e8e9c488f06b21a036bc28fc6c1bb571af1d2dfddfe3f52ffb8b1cb11f86cdeb025a599b27869684346f339e79b7ccac8ab4c757c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586ffb.TMP

Filesize
537B

MD5
20e760e7866dd63cd58dba7835d1f20d

SHA1
6f27809e7e93e280fd868b70e41fd2584adc1bad

SHA256
8d208a37f99fe6fb46e137008de48cb700ee7ff9b3da24e792315c4661f898e0

SHA512
559b167359a7cff28eabfa34a31f48db34b190574badce9cbf96685a39faa215bee967d799fd2062529d20a205e966b55bbfff078e378128dc861390cfcc6aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32a61e6b1ebd0777d8264c49db17e3d7

SHA1
8a98edadf335a9f14e5c2ff4e2f8af41217149b0

SHA256
29a1209cd7f16df7ac7acd0e77c852146f91d800b41cc56dc85020dfe66bccde

SHA512
665a8c8382509d4ddace30d78fd9ef15fbc5176382f5c9a4c8b51e1a813a806f7ff788702219261d9c6cf5dbd72fc0a567acec038bbb05df2964f2c3f21450a2

Download Submit