59deec198e727bc9e7c2f9f4953d2228fbcc8d1d70b48e827175b2bc3a4238d3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab402a00774bf10e53d4683248f40536_JaffaCakes118.html
Size

608KB
MD5

ab402a00774bf10e53d4683248f40536
SHA1

86d98d5159a02081b0ce6c648d539dc1893407dc
SHA256

59deec198e727bc9e7c2f9f4953d2228fbcc8d1d70b48e827175b2bc3a4238d3
SHA512

fdc57f4f227236421bcd9081ad8cdb8fa4255bdeb4e032778573ca32f2cea5c5cdbda5db6d276a4b933fc650f74c09a6220b3b1ab2e8f5d85f9426e9173578a8
SSDEEP

3072:JOWFLn/ZfukAzfE2ctNlz1RbwnAolbm3+Fkkm4rJAkCPjV7J0YEkLSWq7u9WEltA:JOibg0MB3ElHltnvq

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
1292	msedge.exe
1292	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 796	1292	msedge.exe	84
PID 1292 wrote to memory of 796	1292	msedge.exe	84
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 1812	1292	msedge.exe	85
PID 1292 wrote to memory of 3880	1292	msedge.exe	86
PID 1292 wrote to memory of 3880	1292	msedge.exe	86
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87
PID 1292 wrote to memory of 2064	1292	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ab402a00774bf10e53d4683248f40536_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde23f46f8,0x7ffde23f4708,0x7ffde23f4718
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11390594406226420075,11787228342079824378,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5512 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
100KB

MD5
c8e14becd9d85f82705aef9820e52259

SHA1
b6ce06c6167cc6b7429a2b7f27b3c79e32ffdcc0

SHA256
ae7801fb49088d83d71b0330ba5cd4962098d3ad0d93c3e2dac9abc66c3d867f

SHA512
33da96e67d48d7ae6cc30fd6260dc3c400e164be3ff52d2760a87b23224f483e1554c69e9750cd99e54c544552bd99137bb1c8d676c819b1126cba5216cd2a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
235KB

MD5
621d83fc8fca2d4b74c2848c4ffd3d56

SHA1
c51bd90b50283f15d3650f39dca6e9671c4a270b

SHA256
839a430e51cc8940f89acef5ecb533e03a13ab19e6a7a0e9246354c19fbaa300

SHA512
259e3fb004cb7c03cbb0df901767cf45a7a371deb413dd49dfde464b3a3960f1a244a378d727a789ded67f1fc2c2e2c3fa43aad5c0e2bfdee51bd4c461949ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
237KB

MD5
e4370950294ca065141354c8ad705f6b

SHA1
1de6f0b1528ebcbe26a98375fe380898b111b094

SHA256
f6a23b8175ba52e5f2cd44c09e5d4be80c23510dc1dbe7d17b9ceb25b98e8e47

SHA512
b8dad9a3855d5b44b59ff6d2a45a0f4149923fcf74a9691a209ffc860b47e01f9a71730443f4c7b02ec7a5ca7ee1552227cab33c2315b05d5674420423cbc25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
389KB

MD5
cc1ad50fb318079a6b6baa17014f1c91

SHA1
517379aa66e97a5e29a0046864d9d641e5c84de7

SHA256
1e168f67c03975eeb28c824d9cb7a8410352089aefc9482b2e57819ad098aece

SHA512
962c1ea42bb37b97088ca10ac5b2a13d300987a89ff056467dfe4d7b8eb16ca00dbaaf6faabe90ffda3aeaa9dd471b8122324bacb16c86abecfa2427313f1e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
190KB

MD5
9c24c08312340d920b3f493b10bd2ca5

SHA1
44cfa45818d28d6f2ebb456ef92f512b2a4fa465

SHA256
b6023bf86077be65168cb060d7b515e4cf45b705c28957efe08467e700430761

SHA512
e645fc730520e2db824f5026cdc64144946a4ae801a7bb5a1583d25a023304ae86d907348283b7937c7cf9a6247f0bd0c7ab6fe69997d33347d0656211b78699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
112KB

MD5
63670178e3434199fa37d92862031931

SHA1
e61861dca785dc4af30d78191d28de522dac1975

SHA256
21158634b461c227432865da0de3d707740321bc8252011c9a0124be6528e674

SHA512
87799aa86d2eafd077c153bc5212556fdcab31c705622516dd4ecacd521f99730f23d001be3567b51a26ea50669685dc4e5be4eeb76483421e1b1efd07946475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
83KB

MD5
f2366ff59bec04b129063528983cd564

SHA1
1baa5ea231d050e3c79e7cf287b91641ec9f21e2

SHA256
9a40697600b8b5416e1362b4f07a4f786720edf833133deff918ce0f1f070f15

SHA512
9044ab4818271d8a68c81a1c2d83305619b4c9f4534c70b83cf64b83f011f9f3a69cd60b53f799f16aafb48929b90555a9655ea6461def0819a878d6c2e2ce85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
211KB

MD5
c0c11dc3d05c472fee7bae35cd0c32d4

SHA1
3119b0591046da51dba3733e787fbed577bd72b1

SHA256
c10f3e9d86beef598a32c5ab968fb598af479a55217c88abf1158f46c742a1ea

SHA512
4c6954b4c1e5d0f573afbf5261cdc35aedafd25fc38c9e952762992fa4a3a9e299f12e9a8ab48a385253252e0cd0553dd9fb5d49c0bc4f61fd2eb80c79b2c330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
18831337b5128addceb34e3776939c04

SHA1
64c92fa1fe9d3d099e95ad34537a1fe370cfa950

SHA256
40a2c317e160ad85b4381751c341e7137c94318a4c06cfc47296ac2c402372d3

SHA512
28b179a26542045026eb684ea63de9d4563793fc83576c78d75ec7706c2b3284a7b13ff3e8702e50365167898909be88379b0ef6beb0edc67d86f81024ce69f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
5a351d6450b466704d7d9c28f1208731

SHA1
7436c48361a1333ca7559eb4b1ab8b212e82f34a

SHA256
41f99521f19d8a1a2b1d2523ae33fe339dcbbcbf2633dc83e09683032da51439

SHA512
cb01fe5fa200da461ed538f13bf955df3f76fde44a8a4fdc74a82887055c8cb113f6462a0a5c3a6602110bb4184549d9afcd7a7c26d058268225a7e8295331dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1abb70d4017fd4292de71caf4ccd44fc

SHA1
a4dcc80ad9802150e453a4fc68adbd645c720aed

SHA256
500c005ffa789d4b9f937821b068f2e810ea13d53aceae1e42bae3003ceda6ec

SHA512
10247406510ee8b2e49e6e595d2839c94b3a54196101048f0a0820104f7f093aab53987bbabd616faddb33707e4ad3d77b40f485b57cafdc3d2833d2d2fa302c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d586d5555374b6f2edeb7177c0f036c

SHA1
dfdebe0678ec677997f9fda9f95fb49029d3b50e

SHA256
05eea005f19df874e1a10d905bc9d05d2bb1412149cce225aa73a33a4371b13e

SHA512
888098df58a0b28feca6390b558f7d0c2d13a052794a3cea10fa7e0dfcc328b21394ef3d1272d43c061fc2a48032930e9e81c42709846b8259e9730d222312ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4e356e0840468bbfba1657bc29f6c3a

SHA1
6390ff634844e463d029dc465810b63abd17d982

SHA256
69a7515806c55289767f612beef96b7802cbacf0ded9f6a3cd01359f2712d4f0

SHA512
6d272231ef8a71c497666ad72d05046f12687502e98236a7fdf00b2b7b470b01eb4ffa31a5258eb8274580d1d957b053b3f7c6483f2cf1bbc5034b86c3c6ea3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1559744054a35e770b6c35327964fa11

SHA1
d04ee817eae6867fc25bc809fdfaeed23b7f1973

SHA256
85cf7307159b2abf927ecc75ed23fc8c7e0ad15819a72881120a8b4c2d94d876

SHA512
f5afadf7f2f8ccd2eb050ebc8c4de21d1045c532203f3bf6bb671fb77cc16c89b89e7679fcfb016c7d9fcf3b1d0aaecd86afdc89a92810c4f0452416138af1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5837c4.TMP

Filesize
1KB

MD5
bf6722d2ca92ee6f232ddecba3e949f9

SHA1
e0eddf4e113165c26ce101dd28502c9e59e5aedd

SHA256
e9abb7da9a349db2cad95fbe92154f93c9ccd6d057d60e952b6b4ee95d138807

SHA512
47e9f863ececf543bb9f179f1c6d01e659e8c93a8313e13d484c4eb922aca414627c1ca8e6cda83f3f71696e8a2fbd28d25d30a38b1589605b29f33fa34b6769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
16ef87e410d8d8b9a0ef15bf8429ccbd

SHA1
30f39272491073cd069ba7e2d88ebc3fc12cbe09

SHA256
838e20265566f27d5b416d76baadcbda3d7844ad94a5517f18773bddac64839d

SHA512
ccded117ac154623dca1164d26c1ee028b0729158591237828fb49f87444924f1583fd2de31f2d0718c6ffd4dd0768d6fec34ec7575d4988b8c9bb00334e330f

Download Submit