19694af1a88b56df2a6d95cb38f3f6fda9d9eb4f2df72e248fc4da2f352f514f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdf00e1cc93051c9fcac693dd433e6ce_JaffaCakes118.html
Size

28KB
MD5

bdf00e1cc93051c9fcac693dd433e6ce
SHA1

aca2a05ccd2b4dc2b3f21b19168e582f256a6c65
SHA256

19694af1a88b56df2a6d95cb38f3f6fda9d9eb4f2df72e248fc4da2f352f514f
SHA512

87f90ed2b20164ec6c4e63272a1762ba9b78adb57f12af888d849f4790b939b7a06149ec61fac199bfedfecaeb82f21703dc40237fb458c7b00598609ac9ccc0
SSDEEP

384:KZYBihy0UQeu9Q2/JLiN6woqQuIfMNHiJvbu/UnlXfKnX:eYBihy0UQeGQwLTwoqQffMJiZqpX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{BB3AA898-545C-43F8-ADFC-68ECE39F1645}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
1032	msedge.exe
1032	msedge.exe
4316	msedge.exe
4476	msedge.exe
4476	msedge.exe
3988	identity_helper.exe
3988	identity_helper.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 3652	1032	msedge.exe	84
PID 1032 wrote to memory of 3652	1032	msedge.exe	84
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 376	1032	msedge.exe	85
PID 1032 wrote to memory of 3500	1032	msedge.exe	86
PID 1032 wrote to memory of 3500	1032	msedge.exe	86
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87
PID 1032 wrote to memory of 2124	1032	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bdf00e1cc93051c9fcac693dd433e6ce_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa198346f8,0x7ffa19834708,0x7ffa19834718
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1351608628135443731,4156537793712432364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6524 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8bb03202dcd1cdc3045a7e876bf3b53d

SHA1
16e07022873ce61125aec8be089b7a5a724190f7

SHA256
510a4b2688aa555aca5a27790b91277cfdf02528aad986c8acf95b43a9208dc4

SHA512
2afd3b2092ce824b4059a2fbd1ddf240b84bc24aa682e77bd91b657132f0e5302c52b880089ea02500cd83b4beb2629d60886a223a148ca53ecc19878a09666a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6f0ad3256688d986ce3af490c477ae23

SHA1
a952eec991346b12d01eb882771146a596bda8cb

SHA256
5665a0705bf290306bd882f751ff60eaec7361981470e46fddd7f1957be3b7f5

SHA512
7b7964ffd3f3ef61a0b7846ad759dbddae445ca87fe99d96e6529b25d03958b73f36631673bca5972d14959a5c7bef4749f906379b73aec5192354dddde02c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ffdd5057f85c2a27297f9b7e1b347b4e

SHA1
a849060be1586e5c32024b1f64e42cd6ae1d0293

SHA256
99ee8b12607b2d1c96b58a292cbfbdb60a28cf9518d6978440703a2342a424b1

SHA512
2360c26fd7f89b28fbe4e9b9a77da95d9d96fc91a6dd5ea4f9cbb2053604846539db01873891db5156370454d2ed861341eacdf1690bd59709c3c51373762820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bc935d3072ffb6b77294e2ff75d11edc

SHA1
bc66f39b48cc125984c999818262a491ab8bb101

SHA256
fe1eda09e8797bd95f1ce24424213f62dc9379e89878d5264e3bf984b0594ee1

SHA512
ec88b64d933b2160948f426c02bc6fbd91aafdd09d02625b3488fc445deaffbbf921ea783538d29ced254ff45b98dbd28c7405e7e023eea3ecc5fa76688fc8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a71a4ad4f98a70138e1ecc95416e80a

SHA1
a4b75f041e4918a45b81bebb67ee9ec8ca340b53

SHA256
7e2e541d40b2a316b1dc2554bd83c34e57e3cef0cdf9b209c3ce88aa6554b80d

SHA512
c93ff61d278d6d9def84bef0a2c356c4ea5106cf794d072915c79ea4012b6651514e2c4c96d4a38fe4bc724b9dcdcdcdd63dd3b8803b5eee3082d0818f402dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd33014323c3d39d528a866c2b9e9d3c

SHA1
13d7e9c1c7e0706c8062f705a826a9da0bddeba9

SHA256
902b1a138a978803824a45f49650281ae398e710c550d8697fed8b533d967744

SHA512
30ce63fc0033cae1938dae634f6809b20925e9784991cf701574bf678b50a8120ee65910b31936eaef9ef636b1ebd1decc21e4624829c315e97e0f390a646811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c11febc9-923b-48ae-b9eb-af9058d10473.tmp

Filesize
5KB

MD5
ef01a2b73fadc1c501d710f226818a8c

SHA1
f41df9679393877c645422822eed3a40e353e69a

SHA256
368539a39c67d9a1cb48168ede0ccd69aa5d103389e0eae6e44b454739d37ea8

SHA512
7c0c0b8e499f4a150f8184a29750d34209adebeb12fb04d66af6f5254ea8e0124b4557a5a5033ed3e72990b9ff699141c359280cffcf461f2e1e8acae65f07ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43775e7aae7adf8421204be208dde844

SHA1
e6b77bfbf660150e694a12a379b6186f1dc94dfa

SHA256
96834f46459f5ea8f1c04a34ed53b9ed2dc71fda0404ff4bbeeddb511786e296

SHA512
4ac50dd3cb2cff03ea98e00d27f47a02a75dd81515f75b12f27b700190fd40ce928b9c628d8aff6124e83acb259e95122c955c9e1a04101176ea13ce9c0e77ef

Download Submit