41f3d8134c4c279c32ee15910998d26e3a5b1e9099cdc725a1768181c5a513e2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce41fdc8ced1b33e3ebf75c96effb8a8_JaffaCakes118.html
Size

156KB
MD5

ce41fdc8ced1b33e3ebf75c96effb8a8
SHA1

00379953645db4197cc81e5254b3645f688be772
SHA256

41f3d8134c4c279c32ee15910998d26e3a5b1e9099cdc725a1768181c5a513e2
SHA512

a8c3fd76e08b4ac4ac088b1e406a9cefcd2d25aaac52fab2e1df8a3447bd5a208b0ca9fab6f61f1e6a1504468b179b165c49cb72b7cf06e1d5c3308ef87aa5bf
SSDEEP

3072:1vEyvEyvWLEq2TvruOW1Pb+N3OV8uT3w5etPo:sLEqquO6VZo

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1256	msedge.exe
1256	msedge.exe
4896	msedge.exe
4896	msedge.exe
4016	identity_helper.exe
4016	identity_helper.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 4556	4896	msedge.exe	83
PID 4896 wrote to memory of 4556	4896	msedge.exe	83
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 2464	4896	msedge.exe	84
PID 4896 wrote to memory of 1256	4896	msedge.exe	85
PID 4896 wrote to memory of 1256	4896	msedge.exe	85
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86
PID 4896 wrote to memory of 1140	4896	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce41fdc8ced1b33e3ebf75c96effb8a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93cf746f8,0x7ff93cf74708,0x7ff93cf74718
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17870871716628666876,4259843622526837963,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ad6373f0d1e9edaeef9bd0f192c36d8a

SHA1
9a585db5e8ac724a1add3ec2aaa221282931d4d5

SHA256
1fbcdab2feed355e910256c180b73115d43a620ab2ba249f35d81eaf7827a612

SHA512
7d86f69d0546b3fcccb5d3862def12ce6be1ee102e5ac2cdbf5b4132c1aee02da6aa86f31dd3650ba9899116eed61430c4093b21137546c7cd95751419e773bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
351ac59a699ecd7813d5ca7778cab861

SHA1
db726e0565a4c7be543ef3669d40e4bfe518ed36

SHA256
597f9846f535ca01d2ec6fed4ff3931d280e41cc233cfef42bd76c8dd035fd59

SHA512
28f1167394a41fc021ea7cc64317967cda99e4f2237b6088e39275e97aba761b1bafca636744c09de03bef1ab63b4894f4c284c9d8be82c8da7bfa9e52aba911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f9ea135bbf993f55ed4eb94eda009129

SHA1
3faec49208de9e53eb68aa1b6b7bac18db9771c3

SHA256
40c85511a38f18cc83a521d489512704dcc8201ecb90203ca434519b442e6ba4

SHA512
ec4907ff518704e4f3e1f360e1349cc764107b8fb955ab5f39dbfeca75c7f808777e7907a5d9d5b097b84bef16c826bc7cf1e0ff50b6342c14b43470ad7c9dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ed5d990b5c7ca14d67fff6b20d45e85f

SHA1
fe1cd495665e79f8765aa8ae2f0f5531485956e0

SHA256
6efeb31dc222e9f17d4bf524f89413c4a8fd34ceab98f5a06af3c3aadfa18705

SHA512
35ef4eb76024d381fee945e52f6d1c7cb204f343b7803a72369c1814716cb5d45aae0feeddbe99dff769cf083d846d8891acf87c7dd8763ee5492f65aa349c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0005a524d53fddce0efab1e629d67363

SHA1
7948f57c1a53df906a6d4061fbc6905f8495d6f5

SHA256
0f7cc9b940571292cb4886d3014857a57134a8d31141eaead55c7e58858b5e58

SHA512
b04187d6d48f08fe2834b7687c0ebf749a3fe5bc5c48cbbfc0372d5c84557dc42dc3cd69a87efc279e86817dca960e1c9169ee3c3946959a90d21eb5a982b611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4f0dfbd6de42ae2b96b7d2fe5b2aa32d

SHA1
5620423f5770240ba29494ea77f55252e44f9fcb

SHA256
c6fb63f538237f3585afa0d4f3873a2d5ce4df7051aae939207a10ba7ea8caef

SHA512
ad7a1ccb054c065397e6fd898d0a0e895f1e653c65d193ac10e7198fd592b322112537e14745e3d822317693e57e81e925eb3e24bb7bba8295eb93cc16a7a735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aba4b4d103613f76b3ca46e5ea632030

SHA1
6d2e47e29b886f206186f659fceb35e8bd4ceea4

SHA256
bc6d7a0e7823f55ca81545bd094cfba4ef0fb651fb43dff4496a17474efb9402

SHA512
5685d608f58c65e6e7226e01054744cff862ce3d8af2ee033678f3f4568a0715a5f2dad288f754a1c88139d207b673a4a0682fb967c96b6068a93f56352263e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
638488c0b8705c124a3a7f73d7be0b35

SHA1
f5c748e185d8da6ec6cdf2495dc231e781215e8d

SHA256
7704dff3b866c343da2de3155f1b6a36826f8cafd08a6755dc0e12df85d4d495

SHA512
f183b40173216eb548fa2bf026f32de987ef4daf23ca7d6ee98c3d49e5345d53e62255a40bc909d7d0b5564f669b6f07b5aa9232ee55bfbea980842a72f5e029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d6af29a82a76a04c7b7963594ec20f8f

SHA1
93782aecacfb86e993ba56d1c65cca9894c4f9fd

SHA256
da16ec5d3d009e7456d0d7e2b410f77ab61102ad62498d61ee924370e751122c

SHA512
d5decf48071a2d9b9b072337e685fa4dadc87ba4ca53e84cae532baa2effede73348f9f0f441e7b34c2b41aeb5e5a301cb5848fa8e9532ebf62c18990722e389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ccff.TMP

Filesize
371B

MD5
93883ba24a393b4c213a229db055a7c4

SHA1
7b801a7698a8f91b3a97b191ae186741747a5f01

SHA256
27d1409bd330ae9f8e123fa034bf22d23511ba539f97a20a112ca2bd4d68ab26

SHA512
3a154b46c584c906206dd28320276026c6170a2a0a4637e5510b2d3074cbd0379cfc9789eee50054aca07e28197757390ae3b79d9f40cff6e2e0290f1e99c93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e6d809766b03a9b01d27d9f245846be3

SHA1
ee2b670f14e5c140a2cf33a080385bee76dc4652

SHA256
80427c3f439d15d66cf1676c3625be93a79c0df6f64e426bd6559b39e79059a6

SHA512
807b7ba161ffa4ba9489dc5e5011595c967df2310f596ecfc0871d8e6a36d4ae2eebe7a7338677ff453fd3355f77cfc54c8108d430324fa1bdae1bcc94561de8

Download Submit