489bf465414b6736047bbe16f9ac60357af5846bb9af56cfe3a02d51b768d7d2

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea90121f6312f0792b7f14929a742ea3_JaffaCakes118.html
Size

89KB
MD5

ea90121f6312f0792b7f14929a742ea3
SHA1

cb7a9ac46403abb5acc0bb31ae364007875ec4a8
SHA256

489bf465414b6736047bbe16f9ac60357af5846bb9af56cfe3a02d51b768d7d2
SHA512

1d2e959b8c9947a23453c260ee81b762ded0baaf175d6c7f3693d430ffab8b10a896a95d435caa77b4893be26fb4afe279c53516c1eb512b600180d6038ce404
SSDEEP

1536:tRUAnpX+1Y2MbETJ6rHfgaToXdw7KOcOh6e/6VNEutHmChL+DPVb6tA4id:p+Y2MYJ6rHfgaToXdYKOSmrutHmCh6DT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
2568	msedge.exe
2568	msedge.exe
1408	identity_helper.exe
1408	identity_helper.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 3980	2568	msedge.exe	82
PID 2568 wrote to memory of 3980	2568	msedge.exe	82
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 2368	2568	msedge.exe	83
PID 2568 wrote to memory of 3680	2568	msedge.exe	84
PID 2568 wrote to memory of 3680	2568	msedge.exe	84
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85
PID 2568 wrote to memory of 3700	2568	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea90121f6312f0792b7f14929a742ea3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82e9a46f8,0x7ff82e9a4708,0x7ff82e9a4718
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12784252280602828773,720336389881989001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
82e6fa34b1f7b177b074c8bc89a6e044

SHA1
11fb6522de1fff96b2b0bfb4ace3c74f0a02ad67

SHA256
06d7396a747cf940ee0105eb918ae5b384617fc402da4211e2a967958229aa63

SHA512
dcbdc23da7ccef9ac76b5fe2f514a04888a859e5edb24dc708594ec30c9d40f716c23059f2dc580c79ba22df41e78be7709e40da24210f3584fe55bf16972c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
41aa51178c9a64a5867d0c07952e4a2f

SHA1
ad7dc65b63a9ad92ea3a8e16629f306919bdbbde

SHA256
b0c3d22e774e7680d7765deaaade42102e482c3cce42e1baf30e1889e72c2e99

SHA512
30fdca59f89a171ca3b4869bd1ce9900d42719cad4473ecfc548a93ca4b8e59a8a4899047c3f9803223e21166049eb54ce1860f217c0a0e9deb7d599438649b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e630335973e7605e4bad49450a4bbbd1

SHA1
0f7247753a49106954a05ae15108bb7049292031

SHA256
3b03ce59434a6713b4a8e4a270d6ffa3c6b5e0a3acaac0fd5072dbf2aaf4d186

SHA512
60b6c22509927ac9a8b8856c59e73b691088f8f239b569e2d6b45b8c7b4959a4b11b59d74f2102871b09290bb308a5650892e77ed0970f4d071feb8c36e76661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d6703cc5050481f066d1850694ef2d03

SHA1
b1beb4c471a0a1c9b7ce6e5af79a4f86bd207f39

SHA256
51d77bc42cc7fd905f8fe217f0182e996302f129fd4bc42fc13c7632d31a3989

SHA512
50d0893ec1e56cb208f185919f3ffa315b756219131f21d4da08f32d2da366283b6907325824905b3b75d85a6d8435aae137e1631a6d53f91a515b2a4ad4a3c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dad0a7343918bd0352b04bf1d9fd315b

SHA1
90a48d5dd53b49372f6d543a5da9f310156b12c7

SHA256
5db818786284a447c3dc7e2227372c92cedf0114280718dd1cb31e63d9b56f2e

SHA512
14563cbafe7c2a2099de668fcc5e62a523b8014aa9936747997c97fe0418058bd7cade53650983b613d886f038f61d877ab962b5af13383079114e6c0c3db59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
222a85ab421d1f537ab75f67ce9bb944

SHA1
cb0ba9b8c7574317b06fdf4e34d2390207054df6

SHA256
1fcdb41c3f96c1aec87bc7b2be5dd41bbe629a28d3410e21b54c665d10ae47e7

SHA512
0b0718610e5ad10d0016b3e8666f7dd8e2cdb9f875d1b8d47ebabfe810aff10caea83b422c3558e675356d001ad5f2bc86a3e7738bacb71d981c75b8be84c473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
531cdc563b5ec225057472c3fec8e825

SHA1
00cdb2e3e4475af73080fdb30e47e15fa784d85d

SHA256
3943692166e01f882aa8ffc8222ef7b67715535a035d665c978a42edc8ea216f

SHA512
dc0d287cb80e5307e24d9f1cc35d4dfd7e53a451b86482793734f1118485b9ebe7b8b5dc937ac9275e7ed3a6eab92e9bb85f7431b91d6aa048d4201cf4ceee8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
566170c2415843750d8ce60fd3084bda

SHA1
9bf29794479d75c40d5bb4418e3bfa6162c66581

SHA256
2ee26604d144cdf2fd95df53e508b3cd26c6ba943bd609e765fadf9ad068e283

SHA512
376e4b169544c4cc74568664fb9306b5d2179fd57fd296f5bbcce7a6d2dfa9ac01817767f1e2ede23866b0e985154f70ae39886a9045a4f56d73af5c976536e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
8d1042fa9762494f886a1c681f426696

SHA1
238b277817b73f7884538369adb762c9574c6ac0

SHA256
7c69c05ac3c8ffa71ae3052d524da02373bd72d6d25ed0327d77a1cd04e1b721

SHA512
8351cdf911f2c312ee1cb234ecdcd42f685cf6a309a0e0100f63ee76ec41c9cfe4ace67b57787ee6227d674e516581dcc98d0411e85cfcc4f406b16ee39b6150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e124.TMP

Filesize
203B

MD5
fee5960323f5e5858bd4fdaef536711e

SHA1
1144d1892885d89b219e7b727e5af5a06e3ae211

SHA256
d046116024896f7fe57ffaf838e804879a256a8f0ad19becc5e3bf1e0a9c8d41

SHA512
dcecc324ee2fed64b7f7fef24c8beb0044626f89851e6959081cd413f775c3fb22a8803f0e24389fc2814c8574cd5fbe84a08ac2fb635599ac445febd6df51f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d86aeb3ded4b77e332867726afdd86cb

SHA1
b0302396b19c9f383c8c48d7af3ab1785983fdff

SHA256
a4e6b455f05e085158562314d30c01e411f414bdc9a8d46961d439740b9ef3b1

SHA512
979aa0eac8437801f05702b50b20bd42f6d99c9e6156dabca78b924aebe91c43ea4def7d6dd7e9299e497c66867eac6bd6737a412530a1bdd4416a50c1b64f6b

Download Submit