5777684f8c2dd68e356b69ec7ce43a5a5f504089c9ebc4c83adfb7ca4f632870

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 09:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

56a4426deb9a4243f1427bbf51e85f19_JaffaCakes118.html
Size

40KB
MD5

56a4426deb9a4243f1427bbf51e85f19
SHA1

cad9431e6fac37ae7fbb85baba0c4e9ccfa9207d
SHA256

5777684f8c2dd68e356b69ec7ce43a5a5f504089c9ebc4c83adfb7ca4f632870
SHA512

49727a41fa70c004a52fea68892077c0bf59d57f9d313a7df7ebbab8c818a73c81150de43d9ae206eb97857a1538c2e4b9a855e826dec31c86a74fbdcc68fa88
SSDEEP

768:dZoLT0EipBmk9sR4/5ux2xlkeSG1q1qs4NqcbADOsk3msSDHYw5akNv3Cw1RXtpD:foLTupBmk6i5uUjkeSG1q1qs4NqcCOV4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
3004	msedge.exe
3004	msedge.exe
32	identity_helper.exe
32	identity_helper.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 4992	3004	msedge.exe	84
PID 3004 wrote to memory of 4992	3004	msedge.exe	84
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 2320	3004	msedge.exe	85
PID 3004 wrote to memory of 4064	3004	msedge.exe	86
PID 3004 wrote to memory of 4064	3004	msedge.exe	86
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87
PID 3004 wrote to memory of 2428	3004	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\56a4426deb9a4243f1427bbf51e85f19_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa14a546f8,0x7ffa14a54708,0x7ffa14a54718
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,10107477547313683230,5196141767983957933,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
7937cc8d8ccb3b7e7afd2ef829d115ee

SHA1
4c6b358989445a34f201308b47ca96ed5a4b33ab

SHA256
a0f778d0ec5246d9efc4a2280c85b2b0ca5bd34570d875713b0dc1d582361ad9

SHA512
dcaac68e0d1d4d23dd3d09e5bc2409279f6f0e967605457f0740e7fb6506139b2e61c290186ec0adecd30d198e32eedb329653bedcf4330aa8f5b55544b0988c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
5c1af49253699744f4820326b22ab1fa

SHA1
932b7936d0d7bd1efa8af2208f02737cf0e20a79

SHA256
c104cb0f4fdcf07e6296646e701dbccf9d7ec48747e9d95ac82f861d89bab949

SHA512
eabdd25e091edfd9bd96f18b6c21931edb8fe10d5c57829223b9674c34c8848c9189982c2147d5a1e0191dd1f42e79e58c57e7e0424775546d18fa52f3ca4a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a83abcb251a3724111d892a967c6f8a7

SHA1
6c48a8e3d55b6696bf0731c0f08e9ffabf726713

SHA256
4647373ca321a81e786fca7eb90582f03bcaee5b54a0fd96d91bd9f1ffc0633b

SHA512
5e8949c87885a036ac95ca9c53ad4585997cd6533148fb3de74fb077dbb625ca72dbb3a7288a348556ceea177b7cc13e848a17ccc2b8d6370ddab02c6b527077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6ec5998a582f395c0bcceff6a14ffd59

SHA1
d3877e2b06f69f12f2d38b3bbc0b7f0066edac98

SHA256
430fba251b73d20254031584cd7cfa2c86fdf29fbaabf1c3de8f66780e6abe3f

SHA512
6eba5bd0693e51bebfb25801a32277697953f1b150e2080b77a262e81c364c49637f92af16b1de276ab064887ca5d4082e2cb93ce6a09f3566d8f5fe6f60a7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76021fd53b161f9965cbf45b3f8fa6eb

SHA1
898221e00c890e1d3eaf16960698314141a56457

SHA256
758706409be2cdd69b02ce80bf6890a37ddf23c8a20b154a237ef4cf0c472a1f

SHA512
e1cc87a7b977d69ef7dee1b9616fdb486e934cbc1fbe4bd792b23a72cbe854597844bf1cd12c837455d13b147390350efe8bed703740582d4d5e37f1dfff223e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
29783d3c8c3097b344632fe43b57f45e

SHA1
f1774f0c903bba04f571a6e150828c46552cfbcf

SHA256
4f1ace5e389ed58dcabdb0a2caac6956ecbc6417d75387082d8ce36c8e5b3c2c

SHA512
8507e9d9cd4c228938ae0699bd7b5fda5c99171527014e36a4bf6158a2a6e823a7905f584539ea7bc160a6d14e9762848aa98d6fbf0ed26ea60f99577b279bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a24f8e57797a7573885c36bbdf87ece2

SHA1
9d5ad26b2571a4e05e793df4d536f761298879bf

SHA256
fa2624125e018ccbcbbcdca7fe30361f8a47f21050a0c6de20ab2883fb9868dc

SHA512
d1d82c5a0058c95d65462c19c6694a8cb7de8d24ad92f20d792df130a8f0fcbfa5d49ddb9c0315727d1286324fe6c0856e6fea877451c89b3d4d0737b0615d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c7424e1c70665b43170aa88296cd10d

SHA1
3480514880a7be98a6965a835bd063c40d5acb27

SHA256
00e24c5e938273cbe7295217b9fc43912dc399ae01ffdf3ab088fcc9e307bdf5

SHA512
b65ba4a4bd7a3c9d3066b31e7820b7d54e282a10078acae3a726abf49d2e5cb531268afedec81971e6cf4cca089036d215d4aa0dd5ecd1984cb5db63aba148aa

Download Submit