e5592cb25548254f6e9a1eef4e561876993cefee9585ed278b23f7736fabe252

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 10:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b307a88fdce945602ef635b1c18e498d_JaffaCakes118.html
Size

229KB
MD5

b307a88fdce945602ef635b1c18e498d
SHA1

b455d793e0faf696944dd3bec168d04fa708caf5
SHA256

e5592cb25548254f6e9a1eef4e561876993cefee9585ed278b23f7736fabe252
SHA512

63d3276d39ab28faf97b17dc26cb11a9f109a1f8edb5b6abc1b78cb6f8780028157224c475ac0b850012d7dfef17090a5846807a64adce761aa186f0e1e118e1
SSDEEP

3072:CvgmFrWpWaWwWKWYWOWoqTRu4JGKUaBl8Udgn/w:crWpWaWwWKWYWOWORKUQ

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
14	sites.google.com
18	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
3512	msedge.exe
3512	msedge.exe
2768	identity_helper.exe
2768	identity_helper.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5064	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 1692	3512	msedge.exe	81
PID 3512 wrote to memory of 1692	3512	msedge.exe	81
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 1492	3512	msedge.exe	82
PID 3512 wrote to memory of 4248	3512	msedge.exe	83
PID 3512 wrote to memory of 4248	3512	msedge.exe	83
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84
PID 3512 wrote to memory of 3260	3512	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b307a88fdce945602ef635b1c18e498d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bf9e46f8,0x7ff9bf9e4708,0x7ff9bf9e4718
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12242557069443852637,15666371416998151582,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
544KB

MD5
9ed6f48e801c7eaa3b5265a70765c55b

SHA1
660a21e919b6c32ba4dee565e807975aa4a5c9fe

SHA256
7063d2bc4c3b3f08332215d56c0a67d7564ec136cc1b634941ca47b8b44a8d77

SHA512
30f5d114d93d6a7de98ec65a1dc189ae449eeccbcc3c32d6bf1016415f08d279b10e3cfec1f9913e2006dd13b86434a0bc64445446fe7f44c24ab31f5bde35d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8cd98669811c305c541202f369f488c8

SHA1
cc1933dbd0b53c5c83970ffb77f0bb0f8b5ef935

SHA256
d9df5be022c6fbd6ba44d7ca9be90cfa57326c888300968ec1143d69b7ebadea

SHA512
8ec2a2792c8412a0d4a62bffc44eaac8da53e92caa364bec9330cc26a3c44299ee873675dab8c09019e546104c85870fa8be59cab0863c82198818c913190185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d85cbee8e58f804e7acbe0715f865fc

SHA1
9fd4f9500af48e875f9c9e30453230449161479d

SHA256
093921893d3f95c02af8f2aa8ca26859ebe73ed2d44152f6313f02dff83f04f0

SHA512
7353465cf9de1aff844ff39508ad058d31c483e820873933b74adae00ad60744b650021965c556cf7a0795387d5a2713a189dcebce7b4ea06ad72df8215280a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9915731c2ffde9d3c336023f787ea688

SHA1
0daa39c943cb43cd790b0e0631d60ec5f8db2734

SHA256
81920d29133a3ddfeccf46ab578eb038393216cc9807ec2032570adb5961a49e

SHA512
7caf090752f3f82b18c74c7da83a617a7eaacf37fe4cda4b6d7e1e41c531da65ea5cbc53e2d502b580314ba56374c2a074d9e3c61a4618e8b35be937e8617792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4f8a3c3f7e5dff8e21f397923530bd3

SHA1
219cfa5ecbd55c12172968b0d84292b44359934e

SHA256
26207eaf3b4a8eb14cee170ad862521413be3a0767307396e772a9195c330887

SHA512
5945a3358ecde8ac37e2770b9b8f7cfe5d78b7e580ef2040cb9a28d0cd145273e67650c6cc1acf286eda0566e353bf6031506c1969fe5cf5c11730c9ea9efcea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
21662167a1dd18c809e584bf33de5234

SHA1
9fb816a765ccc3a7bcc6cc15306d758db5f3be7b

SHA256
779ba1632a1f79b05c086e89ea2cd46a01d65fb98e6a04a85ccd60059ef2cda2

SHA512
32dbe96f45d35d4504cfd4041c059c6bdcaba0bf7256e09c10f250f603a108e52d752e86d18fae6218a3b8b49c8693b06c73c34e6e5b4d601ed469e185c5399b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
91cc6c76be6c791c517c31705abc7f61

SHA1
d7c5366fbd7874ff7e49214bb175de6ad1864a46

SHA256
ffea88dc64608773c922d6b773ba39adda08010ae1881ae7f63382bcde20438f

SHA512
bf8c3b00926031225adfcbaeb19cf50f8d32db222cf5cc2b8c385d1cdc8d573a9734c0814383cad80e16a993b0450a72caaa8742b905fc420f0284e0e714eedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
699B

MD5
7f6b52fdb6c9572bfeeded8c9b431142

SHA1
45c83c1ae9e087f7e35f5fc88b2a47674d3e00a3

SHA256
4d636e257c42431eef4e0eb9803013049812000b8a596dd71f4c7c50b51e26a6

SHA512
4a05f8eec2532fc59cefe02b2fc6533baff9968907a33287a84207408dd8c12e84030f4ecf3588bc78964f1ffbb06b4b52fed7dfecf5814770d9f6cd1b3c8a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
699B

MD5
995a34d782bf7c70f07a9ab29bf3d42d

SHA1
25203e9d282c607bc5dd424ea4f4f2ca957f8253

SHA256
73342d8e04e05f244718410ccf07439bcb9deb0d578b580dc3edfa68dde9d6a4

SHA512
de7e2c8d464235cb4ed87e80169566a2b930438765ee9f2b19690c473975a6768a9e4240b00a4b4b1c47bc4e7d89f5d38e5cb4bbcb2f72d3bd7aa8abe12c196e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
3c8439aace37945a4b4c775bda4cf5a7

SHA1
ecb9e7e93a4029914ce1f53a92e3621ecb14fc9c

SHA256
e26f0a45a808360235229fe1969391b6f2e4b0af81740ee0417e0b58a367d34f

SHA512
83eb2f783176d8bc5e6a28da768634c03d9dcd74237724017fce5d74b4204e1e03a4ba3e702c2bde6fff48f3b42aa2acbbd40e3df5d8d598821977d9c140c4fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7768daa896bed4d03a28af5d44e0ecda

SHA1
dc4ffe04d55efd3cf90e6b2e088903e66f8a8c38

SHA256
619477684e84d42389e0e6d226a1f4d51cec9d5f2e9b7bac8540485c36487e0b

SHA512
3f5f4c96c2df168415b98ffdac3842837f562f65fd6d9a29e0e5887fc083bbab92c70b9acf6a4492f0fb3bb77588f5acd4ff03d02bf7f3f51c27352f59dd151b

Download Submit