dc3a6d347a48706950ca43326c6a0c9a65966342457882694ba774e1d2ba647d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 07:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe
Size

297KB
MD5

2d8bbf153927993edbd1c4fd2aba0540
SHA1

ba1e1642b9b7d8c538b3c179f8517c9192f47fd3
SHA256

dc3a6d347a48706950ca43326c6a0c9a65966342457882694ba774e1d2ba647d
SHA512

0b46dbd38cca35fbd215cc4eabf1f393a0ef9b9619c332a99c151acf167823842960d8b1e99fe006503b7896c8c6a8b3b0dfbe1577dd92a9cb1a47dff67abe61
SSDEEP

3072:8eLZQGD6y+I/OhaPc1IC8a06iKObSilXol5z2KR4UM:8epZxrltXorRRR

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\AW Firefox removal procedure = "cmd.exe /c rd \"C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\[email protected]\" /Q/S"	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aw reg removal = "cmd.exe /c reg delete HKCU\\Software\\AppDataLow\\AWGAMECONFIG /f"	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ArcadeWeb Uninstaller Finish = "C:\\Users\\Admin\\AppData\\Local\\Temp\\awun.exe -q"	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
1256	msedge.exe
1256	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 1256	3952	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe	86
PID 3952 wrote to memory of 1256	3952	2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe	86
PID 1256 wrote to memory of 1144	1256	msedge.exe	87
PID 1256 wrote to memory of 1144	1256	msedge.exe	87
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 1340	1256	msedge.exe	88
PID 1256 wrote to memory of 4988	1256	msedge.exe	89
PID 1256 wrote to memory of 4988	1256	msedge.exe	89
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90
PID 1256 wrote to memory of 5016	1256	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2d8bbf153927993edbd1c4fd2aba0540_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.arcadeweb.com/aj/deactivate.php?p=sbOzs7O7%2F8j5wsXit7K6trKwtMDttem0y%2BLB%2F7K6xrCysbOxwLqxs7u3%2F6P%2Fsw
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a5946f8,0x7ffa3a594708,0x7ffa3a594718
    3⤵
    PID:1144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:1340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
    3⤵
    PID:5016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
    3⤵
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
    3⤵
    PID:836
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 /prefetch:8
    3⤵
    PID:1612
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
    3⤵
    PID:2744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:3032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18423977830594870478,1671488724238791056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1328 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
28667ae2e9f1abf21b87c4763ce18844

SHA1
a373aa54dc78b7afc89b2c8f81b3c46951b00023

SHA256
416aac30706ba1a579cfd48843958d11ea1e0be9562a3d90a5910935b7c178d4

SHA512
73e775026d8bda9f51216bbeee31d42f2af7ce6f2ffe6f1d73ef3c64eb5ccb2f8c87525793df116c9775fcd1eb7ac280fdd320274de313c5da8f2b48648e9f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1004B

MD5
4b8f171d33508449b11776f7df49ad3b

SHA1
fad40f5ef1b2dfab5b7651cef4bfcca0b3a9725d

SHA256
b1228ad328328de0cd231101780b03091ea48e3449a3f6a0ba225d76c80ef6cd

SHA512
cc1c69fd73d87cd77dc0819be76cc3d6126ca0dffcc06895dccacbbbe20d326c0667ec6a42064b21a0a1507f7e5c1a4677153e163b3b18ad018eb4b4abda6c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b803c94a10d5b7b7bfd5e284f5edf3e

SHA1
40c5ec901886000055feb7f44020c58b18f2ba30

SHA256
1b3b4d2ded1b5840cd5e4eb8a75c61f5db540681ce0a70dc1f94fd046bfb751d

SHA512
8a996743afedd26599d542ce9d0a14365bea37d58a054f4a4fbaca71824cd56902caad6316fb1b5c81dd2bb354853e4fae1884bc4ddcfa4a393750eb72360097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20985452d103c557eb4b68433cf97cb9

SHA1
ff90a80242247621460b1bd4da7ade17d92f9a47

SHA256
e31fd1f0fe7842a1af6b0ce94d5ad7516e74b2f7798e622668a645a46a11ffe3

SHA512
5afc86e9a09d14b2a646d715c328f6ab35ee3417904e2f2760bdda5f215414116a456d4fea562a6f5535abfacb764568f36ff0806281e19319e2697c32da9056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
38c7be57a091d98238d6bd93db3764cc

SHA1
018960c442a82dc0b7c3b7b7a525f4381b6d6bc8

SHA256
f5606ef99490d0bcc111ea2ff0010c7086bb534c5843685e0ba8e77dabbce7ff

SHA512
4d04dd2965cee3d01afae8b99191a06e95451b5f8ba6e97a8e907c1201bb13d67a410e6bdddb401cff96620703eb421f3b10decf4c2268d482cc7784f80e3118

Download Submit