46b86d6fef003835ef525fd3d7e1d163626ff6a5932ef473d12830e1fbabe96a

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1bc72a104604255b39a1de51499c8d8_JaffaCakes118.html
Size

54KB
MD5

a1bc72a104604255b39a1de51499c8d8
SHA1

ed50619c3b417d69619340ff28f10f11c0554087
SHA256

46b86d6fef003835ef525fd3d7e1d163626ff6a5932ef473d12830e1fbabe96a
SHA512

02753c9aa9a2504a1ea826e98f82784149939544b5a660c6749e4dcfc95ca3087bb0019ed0a11338ac9aaeb3a00023982d030b89c5587e45c31f51462567288b
SSDEEP

768:PF1T0EipBTKXX9xS0OOSbBHniKVLS3fKF1R76s0vo29svc:XTupBTKXXW0OOSFHiKw3fKB6sOL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
4656	msedge.exe
4656	msedge.exe
4424	identity_helper.exe
4424	identity_helper.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 2856	4656	msedge.exe	81
PID 4656 wrote to memory of 2856	4656	msedge.exe	81
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1876	4656	msedge.exe	82
PID 4656 wrote to memory of 1188	4656	msedge.exe	83
PID 4656 wrote to memory of 1188	4656	msedge.exe	83
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84
PID 4656 wrote to memory of 3464	4656	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1bc72a104604255b39a1de51499c8d8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe966546f8,0x7ffe96654708,0x7ffe96654718
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6707601511728159035,840842939622354517,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
c04d5515b539c7803f856b0c706fc833

SHA1
d882e282853967c375eb74a75d8db670f057307c

SHA256
bda364f01d60657d413530d8729583d2879fe58e5dc9541e116f1af7a1c4262c

SHA512
437015ab34eb4193d08aa9ffeadf316fc99eb680dc8ff611416c088cfc807197a3413b218a9f524c810b9b04a7bafe2b3ada87fb677a30be08fe49100b7c4af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b53fd350a7db096942f7e4b118ba8df3

SHA1
b1c60673c889f5973046feddaf06eeb5acfca179

SHA256
d771929c7ddaa19032c441ebeed81ca732a6d586209634d95d323f89dd4b98aa

SHA512
ffb91a49b54cd21b9bcf9bd06daf2dd1f59e32c27dd8b0eddeb536d0c0fbe65761fb736ac310af4463ebfc460bdd34e41a3386a028a314811c9baa2bde757e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1bc8b728182b2e0d03c75873e7e30156

SHA1
cc0bfb83887ee95894cb9a7f42db48e9cd4f7eb7

SHA256
c467de53dda3d5e0a6f3c9880e78887b13810ab3e04a55c4f95c86f295604f58

SHA512
24ea6a7cb95db44cfb1d9eb5188870b664280d27ea8860d7f0b68e18a27ffccad0b733b03983f7771e2fbfb8eb7c0e6b78df6b650c633a2ee5cf0bf61eea4ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a57905c8366175dff0f001f93b2bcb07

SHA1
74ef7e9c5c9dab9222f196fd43e839d430ada3bc

SHA256
82b777c01698ed838cbc4b333dd9b1078739fad6e16fb478c96c0cdf56519e8c

SHA512
ff83a2ee1eb878fe947e8ea9f55ea9274c9d9c31907e18a2a404c5985af356341c8aa82179b138f047552d0e542d3212ee65d38399533e403db04878432ae30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad35f1b7849632b6547960b9d91ba66e

SHA1
c1aa86ce1d52a645e4311b88b2d82f9208230d37

SHA256
560510f90f3d7bb5dd85e630e7404d5534b1e7f95b167e0207a2bb35cec15802

SHA512
fd4d96fb22ee77ab1afa259ffd96a89d82e45d62e8afe8a89c60fc969b15b35edb75cf6754f7d76065d628b7418e4f1a9df2a565e8d26f83c62377a674b50e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b89224146f58d23f361b6c20212f75e

SHA1
c0c3068d00e512e5656674645cdbe450613dbf29

SHA256
0d2d70d8bd0e41204807c81e71414bf905e775ca4f5d4285b26e79a5f803d331

SHA512
63c345d01481cc7850f2846fbb44ba0c8484db53f1a5bac37e94aaead1dac782c3a25815594ebde69bfcafc0ecbfe3cadf045d76928bcf5a4c67377555f35e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4afe9625b7fe843a7852c523db08961

SHA1
679e0688e8edbc722c8e1034b3b0f22075f9b583

SHA256
bd82324cf480cdebc0fe11ffb17934cc1c62722ef2b233d43f7e0ff9294d04e2

SHA512
3fc5653257297d35f1ccacd168dcb93f8ccaed72d90a8b31b50bc05215c32f7b171959b1bd5d13edf3f3b9dbe6fecebbd86760265d2cd45b3661eaa7df0409f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d263dbaf7217a618d672ca62c7dee6c

SHA1
d063f31d7e1b6719941d93fa58948c07391fb54d

SHA256
441bd9dd58af6487097c0766f567bb357c8eb114fd5e76eda2549f449059ae21

SHA512
1e03672700d97d3942963d574824884f014525c08c7224f28664162fef35314362765c57596d8d0458eac4b06d615f8f742c544556dbb0d5a2de8bb87801cedc

Download Submit