fd1ba9f2913acc02c32de11936545fec63660c5cbd2e6cd7ec61fb9b7cfcc42b

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25a05eae3848a0da62749280973827c5_JaffaCakes118.html
Size

26KB
MD5

25a05eae3848a0da62749280973827c5
SHA1

b0bad44d84b422077ab8c254fbc73c51f20b96e4
SHA256

fd1ba9f2913acc02c32de11936545fec63660c5cbd2e6cd7ec61fb9b7cfcc42b
SHA512

e4b70f10ef32e313bca6b2fdfea2dd100702d6c206000fcdfe646f2352720cb0a67aaf23bdf39c25b2710de9f812c9b2cab2e9963f0cf8a25f74bf205f9cc152
SSDEEP

384:oDYdwRXdU1tpNoInteubcq7Lb60kYQuIfvK2BKKX:iYDznteiFL+0kYQffvbX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{29F38EE7-42CB-46F7-93CB-E98AC77CC21A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
2372	msedge.exe
2372	msedge.exe
2024	msedge.exe
2408	msedge.exe
2408	msedge.exe
1772	identity_helper.exe
1772	identity_helper.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 4636	2372	msedge.exe	83
PID 2372 wrote to memory of 4636	2372	msedge.exe	83
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 3588	2372	msedge.exe	84
PID 2372 wrote to memory of 4172	2372	msedge.exe	85
PID 2372 wrote to memory of 4172	2372	msedge.exe	85
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86
PID 2372 wrote to memory of 4896	2372	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\25a05eae3848a0da62749280973827c5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb19cc46f8,0x7ffb19cc4708,0x7ffb19cc4718
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2033265670890874477,17958901222867315013,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

Filesize
1KB

MD5
285ec909c4ab0d2d57f5086b225799aa

SHA1
d89e3bd43d5d909b47a18977aa9d5ce36cee184c

SHA256
68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b

SHA512
4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b21e7202be68dbd71befc7b780d54961

SHA1
7558c26429ebb0f51ac6efd0ba8001ce11a1042e

SHA256
2450b1dd248d1fe0d03e4279dfe867d360b16cdfc21b4e87896f7dbc43b9f33e

SHA512
edde8bcb1258203bf4a88591590b882f766da87de6aa057ec78c192de39e91be8013fd97cd5039ded6a1a192ad2fb2aa03e42476255da32c4c2fd9235d4431ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4302883f3caab828e3a0beb43c375e59

SHA1
012b6c347395772a8dd976c0b4940052c7d3c043

SHA256
96d1677a77cd7175235562572058a8d82bf81b428763b76e3397b9df37d79006

SHA512
1602326b6f0bc0963f5b01776a571f64364dc6e3f2151f8397af7a7eeb26c06ccd55912b3ee9ebe3926fb8e6e6a5f7df8eee9e5f23ac974de115b03b57c0f92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
840B

MD5
30e99846f2bf9de0f5f7cd7444a10393

SHA1
30cecf966c7dadf49918c909991ad855ad5ffd9d

SHA256
b407eda1b830231dba36c3bfb97d9164cbfb042a29adef8415737edb16a7bce9

SHA512
613881215a41e136428352391d52ab2e2af8bed9c6452dd23b69d3793b439c09edc0155bf4c37949838f29055ffbaa6636a5d56a61b4fd2b556c4bc4b5f31a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
34e65d25dbd01c20033bbaa575aa8f85

SHA1
fbacd30eb0fc048149085900b8c3651ff99ef611

SHA256
431e813d8fb37d6a227dcc21b0fddb71dffc46732e3afa6c3ead0ccf21c945e6

SHA512
0fb68ae9b61aaba10ba3c41f99169ec582b0c88c990681ae5099171ccb1c69dc6ca69f840256115bd02c7b3fbe1102833e9cc2e2fd92fd61ec7a13eae36f8b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b703f7d833df4f9ec299c76ca0eadd01

SHA1
bcba822555c4cb6e26bc6441175dbbc582a927e9

SHA256
aa927c006bbc27e14e49a5de845880fab2a4fec0ad403741e0871b76655b4a4e

SHA512
6dd0515be7e65edea1ec0e81f093e698054400d0f134e9cefd89e368146200f64ebcae14701353d363ac76ee7620975a365476a0469b78f078e1330cbd1fc640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a87f7c8944a9eedf76b2b50e3c163a5c

SHA1
833fa00182ac352c0a91fd1a54ff5359049b4f7a

SHA256
856014d7d34bf96b5d9e82755e9cfbd66586c0865eccde6f2f17589fed8c27c1

SHA512
f8187d0e5fba542e04a0d48a109d37892f9129dcbb7f9a8f2eaade25be182e192c5341875994c32eadd24bae5d4184b818745af0dee6b9d37df9a443e21bc901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e5be1869fb9e8b11d919640704f0c22

SHA1
6ea63a2184892458d68a8b64114ac622fbe22ef1

SHA256
d568df9e0712e8e0f01cde981a7ac904c6ba34313c9d2c081f39e4a25e8360a2

SHA512
4f17d64636c4e2ac03ab522d2e5b49c9470b0c9ac812407f2667cdac8e6ef30fd0a941489672098f064d2b77812b25fc6233694db09f1de9e8cbda4257ad6d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd78ab4f2ecc7ca6075ee33458b0b280

SHA1
eca3e7ea02410b56883dede6caa03ff556d7cb85

SHA256
b91ee1d187c496f9b83db5cb9b3c1fdb0aeed7d7692d5b4880c572391d9513b2

SHA512
0b77648ad3bfd800489ada28b758503635445164d89889d2a0f860c9326c85bd74a23ec08ea46e677f09ef61334d182807f5a0c9eae70a22fd960747629b0ef8

Download Submit