2c543b20fbcdbe3f954fe8f172a7aa9d5fcc91d1d48c930339d344632b07cc23

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd47508c4e31074c4e790f8b83dd55d6_JaffaCakes118.html
Size

84KB
MD5

dd47508c4e31074c4e790f8b83dd55d6
SHA1

49fba35996c471ad70e0bcffee8917d231495862
SHA256

2c543b20fbcdbe3f954fe8f172a7aa9d5fcc91d1d48c930339d344632b07cc23
SHA512

9032eb27d23d055c433d0f0ee3264d0e1e76afc28ba881651914050bff567e356ee7f83e0b2331ff15fb3f9cab54e6e8c418750bc5b698ab1b1a9df9c78005e5
SSDEEP

1536:53OGolpU1zc81QP9p6wjMyzAjri/hP//iUQpx4J/ZozbGBj72j/Bj2EjtjuuhZ8Z:5+flpU1zc81Gp6wjSjW/h3/ix4J/Kzbw

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	sites.google.com
20	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
2372	msedge.exe
2372	msedge.exe
1256	identity_helper.exe
1256	identity_helper.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1512	2372	msedge.exe	85
PID 2372 wrote to memory of 1512	2372	msedge.exe	85
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 2448	2372	msedge.exe	86
PID 2372 wrote to memory of 1912	2372	msedge.exe	87
PID 2372 wrote to memory of 1912	2372	msedge.exe	87
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88
PID 2372 wrote to memory of 3684	2372	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dd47508c4e31074c4e790f8b83dd55d6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e39c46f8,0x7ff9e39c4708,0x7ff9e39c4718
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,581750107811389053,13122445230125437564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
0041e2eff5c049adafdfeb594af2cb59

SHA1
cb2629d50f1c0c4ea0f81d0e87a1e4a8ae19f40c

SHA256
d115e85b402f12f66f1531e92f9c500d7a9ce92f78d8833659e0ab9f3b3e5752

SHA512
a059d5ac2afecf50b06d552566f1fcb884b36696bab40e301c6fd9796a99a342fe8331f05076ebff66ef58b7ce6f54663dc991b1560e7e7883c7f4cff526d241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dc33cc817a218c3eff572d5aa3acdba1

SHA1
eefb1db02069e30410fa75b8820a9d329f2f6513

SHA256
1fcd5c0142f42d7a9f45d8c4054ff632b65fbd17787acd9ae9f8131446cd5f91

SHA512
70bd92ec7972b817772363e4e201a251302c967e6ca4e5f4ef1dfb6028c71b8c730761b34a477bc889ff3e12b3638ac6d4aa0c9daeb461132f61429aafc4b269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1e915917194e69e2d934661021f0ba95

SHA1
6b5c5e3570d4639c968900c57f7a7820771cb98a

SHA256
71a4ba372fce79543e1a531ff0f578014a6f5a589ae54e514ac6d3f37f40db63

SHA512
e69276918e5d6ee5c79c35dddd26ed3faa67da2583d38f0988b6490389c387c62d5257a8faa2d063076facd466f5bfd48795a0dbeb60da30860ca3e33c233dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60b304176cbfd846daec7ea10911e3bc

SHA1
595fa7fc968471ee33cdf747daa21c9ea9c2e5e4

SHA256
8ad2c325ec0d2314f5548ab661a9b9898d905e4d26735d62ca0edf7ed5e3234c

SHA512
cece5b96d43c53ab7783169aa2753ac5b0fcde6390c2b961611b47f22a5d47533198808e8de3f8b5ecd5e800c86901e10ab4c90988ac52ca77909b359e2b16e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e16f92bd82bc25abfaa74179f8bcb693

SHA1
af28eb5d164824319aaea5f1532003accfb3d549

SHA256
36705a061bb19434c8a4984e81bda4711059ba7a02ba56de3e7612da225ad6d0

SHA512
778c00ec1d2c492db44cc7822e062ba93134e76db959ee5ed78a72c796381d25edd2bad129e51a1592263460a1805c7aba423e186f84b1ba61c5a489fa60f2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5cc84c695a423fceabbed4ef96050e2b

SHA1
2efe1c517ea4aaef73ec5cc799bf14c04b37e681

SHA256
c0846222dd28103ca46f75e7a3c64269c4e41b02c0a81a42ce4d08b26810806b

SHA512
f7f74f43a23ae6a5510de457deec1804df0fb1e75a28055c0332f58225425508af310294093f68254c7f13575cc509ff943bfe4b34f635f3cb0c8c57f7d997c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd6192d7181e2db44ffaaf2ad392b5a8

SHA1
1eea98cd996b40124de305ceff2a0b9e1782726f

SHA256
d05a84c03dc1c99e9aa79914a6d37ff493be13f86e715f7a350c73779a667de9

SHA512
d4fb3ce890b0e7b4bfc89c0eb24c54d8f6b0f186ab2f815aaf454cba821334c5caadb969874163d8ce5a45969ba163ddcab59bab3f15f5ddfa1685e94830f289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a37d0bff8042e816e7f720b240494f02

SHA1
87944f9436873d18ec274ceb0dc38153d191e29a

SHA256
1beebff470c56bee3be40fb951bb7cad61893254478457d3c08bc6b1188aecd3

SHA512
0a46da0c0d7539d1fb87e7f27990388196b760e3a9c4ec5f9c09a2b4e585fbae514ded0db67ed87da8e52a5055ff083e888bf53bd281ce6ec0df527dcaa66382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587877.TMP

Filesize
370B

MD5
fc9910751bc0a498b0df7c00d33160cf

SHA1
da623b91cbeb1538a537d9b4fb07e1724f3fb150

SHA256
0ec304d7fc19b4cb06fdfa57b1f1852f56a112091ecd728a04fda97befca97f6

SHA512
9074750a61b88679d9e2d36cf9038d13154103ad91b6851c2e97b2bff518991087f4931480651094fcc00e23bfda1c35ef613a020173259ac406dda272b178c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4e1a27b3dc016db0724aaff36643ebc1

SHA1
9c92c30ab04a08a8ffcf27c206a5ac5a5d2248c1

SHA256
51f4d5328b23cbb6c55db1e3acd057f11b7914f405cf5fcb4180abd1b40b1c8c

SHA512
45454f167b9216d790c53f31e191903c6282623c8069903c54c3b261a939a5eb59ab53825a2cb8d63465bca8fb67e28a24cd57d66fd3a76b6cea106d2ce8a0bc

Download Submit