a4f5df13c95224489e535858fe7567052a3dc88c087ae30386c92779c00f07b2

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 10:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2844e553b5800d81f9f1f833c81de9ad_JaffaCakes118.html
Size

68KB
MD5

2844e553b5800d81f9f1f833c81de9ad
SHA1

9d7dcd6b956f5b700d58596c649223b2e0cf4c1c
SHA256

a4f5df13c95224489e535858fe7567052a3dc88c087ae30386c92779c00f07b2
SHA512

e7ced5232b63a8c3f9187d446ab133a1457b220905a7ccedf94889be4946f54ef9005c7f00f5f1ea68e266a2e20aca6a2d11c7df8e8d564d1b6c219eaee6ad39
SSDEEP

1536:zgMTaqrZDxdQxVH++vesN7zq9Rxj6NwYilsm+zJ4cbiZcXTEDBS:cMTjDxUHtxN7O9Rxj6uYilsm+zJvbiZS

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
32	sites.google.com
38	sites.google.com
39	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
3092	msedge.exe
3092	msedge.exe
1664	identity_helper.exe
1664	identity_helper.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 4068	3092	msedge.exe	82
PID 3092 wrote to memory of 4068	3092	msedge.exe	82
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 2640	3092	msedge.exe	83
PID 3092 wrote to memory of 1896	3092	msedge.exe	84
PID 3092 wrote to memory of 1896	3092	msedge.exe	84
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85
PID 3092 wrote to memory of 5040	3092	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2844e553b5800d81f9f1f833c81de9ad_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6abb46f8,0x7ffd6abb4708,0x7ffd6abb4718
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9678910315697168615,10993422598552657275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0f818d52a59eb6cf9c4dd2a1c844df9

SHA1
26afc4b28c0287274624690bd5bd4786cfe11d16

SHA256
58c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61

SHA512
7e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0331fa75ac7846bafcf885ea76d47447

SHA1
5a141ffda430e091153fefc4aa36317422ba28ae

SHA256
64b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a

SHA512
f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
21KB

MD5
0996c07b025d035a26dc5d5b133f61aa

SHA1
076176f7ca2a5f76999af34f31ec6ed08a575b36

SHA256
0ddf5e48a9bb82c6b8269e3fb9bc90da898c4c10ecfdea657bcc3c1d53471ab9

SHA512
4da1395299514673c002d360739eee02e10f5bb2bc71b99239dda204634861a81faaee202faaf96f67f6ddc33faed8990c812fad9af09df39682631d1c8f7bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
45KB

MD5
94019c00785285cd78d6da8a1bdeaf80

SHA1
33ba11bbe8c91eca17a84c3dcae4667638a61b57

SHA256
2ea5a487d117c082ab04c8b2d979adc04c18f496af90ef2caf9910d9902ef8a9

SHA512
b58d23d9333290e203ee3191cbcca4686ae1f9b4c135ee8a8e0f014e7db4efdcffe6aa82b502b2d8e63bde705895a04726d799a4c6b0e22783b6925b4d297d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e17a59b2d1b48060a365cdf71366b656

SHA1
d913a1e1192929a0667a6885c309cf6e05522796

SHA256
7f6f36f0a2d187690435ae929bd52d046c6ed9989fa524da9d2ec6e10c045d9a

SHA512
fb8032910c392f4c5061cf74e7c2ca9d5d245dc9dd697e43cdf937a383ab69b93a8cf7e84d421e25ed7a60b722b87da9e518aeb998f5d582ce413daf3749b7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e9dd79440c90fd6b4dbe08a0fda7e98e

SHA1
7e25f6fa0d13bfb1b39096f2e637aba4b825258f

SHA256
75f192c84d76e3f1d6ebfbe90e90a5f3b4de32d3b0334b889e43be2ed5babdc9

SHA512
72a26cba4db118db6fd346e9a266ebed675bdb67993bca73c8722bb1a6dfdd391892f64ba3686709ecc7a5ce29762f38730c5c50997fb49c7a8b403d473d9324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07d7f229f5e9269fcecdbf3f4e49987c

SHA1
e4dd4c410c26c72c981d2aa7aa788573482743d3

SHA256
3ac16d64ae05ed806365557f93ee7b64c7beb2fb5ece99b5ff068668e7ff2f06

SHA512
791f0506b29b49a7227cb23ec7fd7300a55320b762cab266647f305b20e494777def4408a1d2dbf499d747a72c760ea1cb9d0e50e08ceb0f8a1d227762effdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc4211507a0f26673e63708aabeb42c1

SHA1
5d752e8a5fdf039554b1536416ba203ffc05690e

SHA256
e893bcfd13b2a65de69e3d4c6ade60dc0f4760c20d46f94da22720247f41536e

SHA512
8fbaeb5d0bef7a06f5fb3e8f4c12b336f62da722b146a1af232e26c72347a498bc83d04370fa0c2f544bb409e78d3a173678d8a231a5d9caeac64e488f90676c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dda082e3-5544-4801-946b-de6e0797eb7f.tmp

Filesize
3KB

MD5
925d184d873b9abae07e22223f98bf3f

SHA1
06fe6f69465afd8e1b022d1326eb4d0ecd055e8b

SHA256
0f41f1268b3e461357299838725fdb7a263a066bd59f1c0744d4a021e02476f2

SHA512
bf2ce511b537636823fd1d12d001073f81f080d346310b17e5b20b2afddb323e62f9921ca344eeccdca4e4566d17aa97402db1548fa3f99b7fb2377a48cc1270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38d6448f6dd4c2a9f9a3a6d6eb8fd26c

SHA1
4533d752cbd507075bd09c076752a83e30ce1124

SHA256
3b26f88f758296a3697e307a46ce8716a9e6ab000ade29762faa2b18366c7074

SHA512
4b7d97c446c60d2d94b8f0ae01b4c5acfc39abbfd416366ad03bf221f5b42c0eabdd842dfb837786d21a666d91c4fafae0bacdb58f959a9945c7daf7d2e7728e

Download Submit