5484e6d1b338d942e74c0b731242949ba554910d91f9a9aa96f08fcf8f35f095

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7047348def2cd4e028f91f35a270639_JaffaCakes118.html
Size

75KB
MD5

a7047348def2cd4e028f91f35a270639
SHA1

14fb594b697751588b2ac73011a658a04efd0416
SHA256

5484e6d1b338d942e74c0b731242949ba554910d91f9a9aa96f08fcf8f35f095
SHA512

30c897b08b84e472159d4c2abb306f6f098915bba6bf114b9b0c02e8b780b4bade95c4bea34a64864e89931d046d588223663cc39988aa08f0f5406f8be51481
SSDEEP

1536:/LT0SMZSopfbhuaUWbGjwHcL5i9YEKAe9GMhRRx17astWc11ZpyCmfEYTmo7z19:jMZS4garGjcc9nGMhR57JWc11ZpyPfEg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
5076	msedge.exe
5076	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4936	5076	msedge.exe	84
PID 5076 wrote to memory of 4936	5076	msedge.exe	84
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4308	5076	msedge.exe	85
PID 5076 wrote to memory of 4020	5076	msedge.exe	86
PID 5076 wrote to memory of 4020	5076	msedge.exe	86
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87
PID 5076 wrote to memory of 3564	5076	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7047348def2cd4e028f91f35a270639_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe1346f8,0x7ffcfe134708,0x7ffcfe134718
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11945153722229532676,8059927870913737518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6656 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
c3a1bf5fbff5530f55ad9f9fa464f25c

SHA1
449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa

SHA256
4ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0

SHA512
75aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
29f4bfb1ddcb81786bc7748735839574

SHA1
cc16bcd1d0e9106a4f31c861b378db21e02f1b95

SHA256
536be6ffb6b512c76d6fc8585a2c6a171da0fe7f4a6bfadb0f7accb01c25273b

SHA512
e7d8f34a73b47fe862e6f881072cf0b0034bfc8ccffcf6a10469e8fa99daaa1d2c4243fd99771f3a33baa6a0992b6d92861719399e88d49ac92b3c5c775ec6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1bb4c3484d7184165e13898c24b92cb9

SHA1
d952205f080d246265c7f94d746e30ea77f8d1ff

SHA256
bb9be797db217de17cf40409e34e7d88b8f97644af91a1d6d70c3f01e8e973cd

SHA512
a9a1b381852e6fab995137cece158e6e38e3dfddc22d08286e842cad0acbcf714d6f90e42f610e42e6a8e92b65fec78b611bbde095c3ef45c286d0002c37f4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d8a1ce6964c1889ce403d7ce525b7840

SHA1
4762f3cf5c6a03ca1650671e9c5e0038e6ec0475

SHA256
5bba2b12209f4c975fcf442283c7ca0a570fa40a31dd348640b06d7f0c8c0bce

SHA512
3bde0d037c21a46bb879d6121f33f3d0bb1fa7c92d338a220c4bc49562fb8358443adbff5387724feaa6ada607701891980453939623c6e0b32049a2e12e07ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ed53c8360923aa2149012d797e656539

SHA1
f4562569b6f0e33eba417968c1085fa8ae309c87

SHA256
9c7771eef161b8192c59f77282d08d753132f11aafc8c9e7763e49e773f37461

SHA512
f5de0a0c177b0af9b804f0e58119a77e97a2208cc3c12747bb2c6d8af8f2ce8d0e89ff589d68a08aca9449ca7d31515a9167dccfeb1cfb57236ff7eb9fe1f67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e25621dbfa6b850a6a3b92328a579d1e

SHA1
a3ab13e05071582e6dee0182a28c9734f8326505

SHA256
ec7b19b01fdc3f28615d50a939e54bfadda5c572a7dbee72145d5c169300aaad

SHA512
99a3afaea9194e2d9442af3aaf274d39c60978852213cb715152a0b308008c359f403dd9d55870dcf4409a069988d53b0402f554caf75942625ed3266ed7e5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f7c0660b07e6e20b7cc876e1f25c6269

SHA1
ccd43041fe2911fb0c104f5dfc64ea4be672ec3e

SHA256
21c63ba86a5832febdb948d03a4215a08f4888a957b4747bb5cd9c50318cc34c

SHA512
4e9758af9641185d747353bd6e843c5f6bfd0a2398cea48851ff75dffbd06801774f96a40de7fce35cf61f42601087e983381d50cf24120bc09a6e41c67e9d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e20e04ad5f90572d6081432e2c9730e5

SHA1
adfb9def9e1eaf50780487ea8fe8f9488c549fd2

SHA256
e134dfabc1e95579bb469c012b5d158fcdd445de6c02d6a8ec93a6a36bbc346f

SHA512
8666699738d90b22f7cba54e3f734e10c387e35b8adb6eba792b57ed50a9fd3c75926ce8b2c41bfaf7e8b3b4ff6341ebec20d9217542848e67d901bad35bb3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
b2272fc0cecdf812e93454cd13dd6abd

SHA1
58afbd66526c30761466ebdc85f41a326e2a06a0

SHA256
7a3ba141acfd34d150e14d5c175d714d93e46a7622366678281e2148b38ffaa4

SHA512
5b6d526b3440ffdc84275f8e2a8a76cd349bc9d35909134a5e3cfc122ca243ded34a56072f81d0048b05da8b98569bb642fe921369d6238977fc201a1b3cf56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58437c.TMP

Filesize
538B

MD5
17729fc3ad2d7cfdd59cb13eaafc2177

SHA1
58723081b6393452d2039150d60fc7c4b9b6e88d

SHA256
910085dd5f6b2169e1ac93ab6c5593181489134c46b166349aff9d9c0249bc78

SHA512
8fae198cc3fcefa8ca951dfbdadc7e5131bf956ff1e31b8d6ee38c0dd3e4a8ec5de784e669c92bf426ffdb8309a35d59977c3fb5f97254faa6bd6d46e984b92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8bde729-f248-4ffe-be53-85c40ea6b18e.tmp

Filesize
8KB

MD5
43546db8f19cc2471a322ee17c7d3e2e

SHA1
4f6f3755c26d32405d158abe1dfbe84a44abca23

SHA256
030f3b5d1d6ed9702839f661f4af49d41c48f28a926ab6676c09b707c2ac446d

SHA512
0e67e936cc7fc470cf0d480aac49a27e79902ed9bb72e523988a55e9ff9ff12c4cbc4b183403e2666f93c83fad8f6a93e05993063d9ee4e206bfacbb1c81b308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3e8a78d935308547b9e5dfe69980622

SHA1
b66f8832ae974f45448807d93812f5d31fdd3c60

SHA256
313d043a1da16071305c88af21f565246ba4856c5c928387bee240cb31cc38d6

SHA512
20c845a42e3b42aa0ac3d733290c3d873f8500e116d555a1fbfcecc5bb9170c92c6761b0b51cb082cd07af5dea1de212dd37ab136a3484deb3681ebee59af2e6

Download Submit