553ec22fe3c23a6e09610d41b30c36f921155c51853d2a5eac10093dd8fd2542

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c8ae926a623e9089123b2455695224b_JaffaCakes118.html
Size

146KB
MD5

3c8ae926a623e9089123b2455695224b
SHA1

d1a6503aacf1bf5d46223efc5411cd520b50ab35
SHA256

553ec22fe3c23a6e09610d41b30c36f921155c51853d2a5eac10093dd8fd2542
SHA512

736a8f253ddd6348a95a17d303af12e010d2f493629d183b499459e39b37434c99579c3c1e554233edb67cd576e702c5029af98dd8804bb4cf9aa0865f7987a1
SSDEEP

3072:HFSHdFVTmAp0iL2OX8F2ydazjye25RxWK5y+QtekZpu63iXsMG:HF8DyAP25RxB5yBII

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
3056	msedge.exe
3056	msedge.exe
4620	identity_helper.exe
4620	identity_helper.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 3128	3056	msedge.exe	83
PID 3056 wrote to memory of 3128	3056	msedge.exe	83
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 5000	3056	msedge.exe	84
PID 3056 wrote to memory of 4388	3056	msedge.exe	85
PID 3056 wrote to memory of 4388	3056	msedge.exe	85
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86
PID 3056 wrote to memory of 3588	3056	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c8ae926a623e9089123b2455695224b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffbcc8846f8,0x7ffbcc884708,0x7ffbcc884718
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9930577105627096362,8273695904535750590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d15fb5ac65bf3ddcb7aa3daaa1608245

SHA1
64d7b041cd8044ab8382a2a8ac878d50a7f1b27b

SHA256
dd6fbe567376f76b6dfd70c72fad117c85eca21d07293402e09c27eef91436a7

SHA512
18d18ffe65b1f59b41e32699e1d01114ea80494770fb19ce12d05dad5f7ba008a4ecab8b80599a981970429358a370c78ad789d37724175dc344e53fd7eb367c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
13365915fa9a270af3cf0317c888ee29

SHA1
bfc0899c8ce344a3d700da37784c8b361bb299e6

SHA256
41ef03c73cd6e1b80c0347344ded2bafe7a1dfd334e448906b08ac4c2b4d36d4

SHA512
9e0d91970d11b03e7d29b7d1e83bfb97920637d25ca8f164f29d056b956476d220f02e64b29d4d56b703b125f1e9e022555dc52ed3bd80f07292d2d887917526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a91c88a1275ae5df0c62debb21bfc80d

SHA1
8150feb3bd0c0ac2e5c318d2b4900173c22e6085

SHA256
87636191f42f5a7ff2c38661debe84b57be30bcb1773d6fec2b5c5bf2a072771

SHA512
718e7f41ff34b18c408da9c1b66528e8ff80ac305792ea11fc827e1aebdc0148404351908013244d351a3d7684541f2d7a2d6ae95e382c31a64669ab7a0313b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
13a155cd98e812426e4392f7144797dc

SHA1
ab092afb0112a7030bf9cc481f4a9873e900d08d

SHA256
3e8044b9556144199184db6da08fea8da0bf8877c08f9e3c1a159f784127d4d2

SHA512
871c3079187acd70b4556bfa6278f4ec0d40ae32bdd120f5c64cce96c3a7d6c906ca9944ab7e6c7dfeb84d013e10c1108bfd6647c0820fc93fd4058b64e190e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c6d0111c98aa47863e6a5cae73f966a

SHA1
45b658712edc5519bbfb8fcbfee527316000c65b

SHA256
5f2b83050ef0278a4552837514d0432f174faf92804ca0cd2bacaf09e0ec1337

SHA512
94422613b68cffb86b5fa273c36487a2aedd46479648f269201ecf5da0f474fe1da91e3f401d0eb422f648d5fe5ae9147e7aa167cac6b8be72c2b47d73cdb32c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5358c2fee06811123a6b86533d8d07fc

SHA1
830dcd8a7df45cd546f96c310303f9c95020f1b8

SHA256
c7649e1b693a84dbf58342a036d341cac1a424b0b4172be57ef3149f0eddddae

SHA512
023d3a8541584f85533b722ffc3f92bdb8d301bfb933ff29b60cac10782eb2abb3a5aea57e5460a1d5bb82f84678ca39c43e54faebcdbf165e24ac9ca4b418ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2870059c24e1d2d87499778447747cc9

SHA1
5e7cbe9f1c4fdf6d8d51f242540a5e3f7a1445c8

SHA256
dde917d246ab5ba4e761bb8cd0c771795ae4e425b3397e0dba3524f3a01d8054

SHA512
42bd29a3f9775d464a6623e5675c2a033cca5151d619a6d9ba6eb52004a8efb8c12fdc856d3004b848d19e0aa8172026640555f1a179a2c2c26ed7f3b2da4fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
4cf88ac770cc84f623b7ca67ea44e037

SHA1
1b6fbd2887bc58b54a7319d738a782bbdd387041

SHA256
c464f9f49adb5230384c6b4410fc50801761f92fdcffd2848dc15ccdf33c5ca1

SHA512
1f8806d7c127ef6e174dfc0858603c4f7e9f3cfb87eb557728a42f2ad922902465154b4af17dffd167d122a03c957833fa5672fb2fe14d873015fbc045da47f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
44f7f67a791b9361603fcb8949e1cde7

SHA1
206d1d0c46fac24e415f47e78a00f423e33a3d9e

SHA256
7681377af08ddbc9935db22f239bd65bfc6e8dd667f9cf49dedd5e1711dd950c

SHA512
bbdc7ee2f05cef78e85339371d8cd9681220b069bb1ca69f2bbd0ee898d513bf9ac8df5dd5ace00739cae9621b9aaa530e3e4221cbb5a7a274918969ca7d79a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
de68704cf2e2324e44d1a2e986610985

SHA1
b06a0ce968c550ce53215780771c754c3ee87682

SHA256
f1587cbb9318783ab2d2467e87c821642c97194ae38d4b070a61f4a6175dd74f

SHA512
0fbfe826f80609ff745549aec2c1f6a7f49f56ad6a3ffcbf87d690429b63176b7530ba465d49f74ed2f7d9ab1f7a8ba3c42d010a1d4b959a872759afd095799a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c6f5.TMP

Filesize
372B

MD5
54bed8bf81ae4949059df7d3960c459e

SHA1
f4cfa4701f1e2431f00656e3ba3393325aa1d985

SHA256
40eb9ab97dfa8e487e055857ee26ce38f5f04c6271e79345584a544d26e2187f

SHA512
df2b6c8da6da050c952bc020b16129d73da0bbdb2df87cc53c533a2b262cea09ab847ec9091c7afe1b0d44459e712441729954b17f71f3343d5b62465ca17680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b65b6a49b95bc45d299d7bfa6b4787e

SHA1
9438c42986ff96b662d59977580fb0c22be11405

SHA256
85398b907d93b7da8c7cf368098f75398b7a56a519d70a9bfab28ac8460774ac

SHA512
49b4e5824abb72612b13052d5544e16498adc90c774030350506bd89d5735a6da5115f2766b1bc48ebe81679e68df4254c3fd17d048af154c589d9d89ad631be

Download Submit