93fea691261ae25038f99cf849719825abb88892c27826fa19903a950de5535c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0d2c6135e9edf7f2c8661dcf9ee982ea.html
Size

85KB
MD5

0d2c6135e9edf7f2c8661dcf9ee982ea
SHA1

841e184633067c8bb43e55b6ace1d6f842798cc7
SHA256

93fea691261ae25038f99cf849719825abb88892c27826fa19903a950de5535c
SHA512

d9f62ffbb8471c6ec7b474f6c6be7e4d319b8b9cd2da4597968c23c82291f1446a338b23f69865c93686531272ffb7fbb3fd089247530df7d0533e6312be7053
SSDEEP

1536:8DfHH2dLrfjXMDxcD7tInH4g8gPluegEeeeueqee9eeteeeeEeeeNebeeeGezeuf:aHWZjj9RInB0KoD6Jb1V3P

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
3748	msedge.exe
3748	msedge.exe
2040	identity_helper.exe
2040	identity_helper.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 4648	3748	msedge.exe	83
PID 3748 wrote to memory of 4648	3748	msedge.exe	83
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 5112	3748	msedge.exe	84
PID 3748 wrote to memory of 3952	3748	msedge.exe	85
PID 3748 wrote to memory of 3952	3748	msedge.exe	85
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86
PID 3748 wrote to memory of 1844	3748	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0d2c6135e9edf7f2c8661dcf9ee982ea.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1b3f46f8,0x7ffd1b3f4708,0x7ffd1b3f4718
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15775007014977983698,10358506359890437146,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c96338b93d892a81a0bd1f253f9a6851

SHA1
488bfcb71786622782643646a4c811a9bdaed2f9

SHA256
7483eb7470d89c32a85c102138be6bee831a4f8d15c55dbe54708180222b19c4

SHA512
afae59a6893fe7878bddf382b7d2b23262decebf321bf71445ed2f06106ddd1c6f48a863647ed921e10ea731fab4e9e63b7628cdcb846548021461a0130b6adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
659804594576bc02b3d5e8f861409d5d

SHA1
f15d973c7ccfba9f7923cd108797af7ff50dba2f

SHA256
11810cc20d1e2e716e74f42184bbe52d3d757f1bb9acd1588522f1aa6fd0b031

SHA512
69f4ddb589d4fddd3921c33d79a2f8de103c7f5797024186862ee3cafe725a98926124e5aeccdcc5f0a90a1d5f4dc3f57caab80f8fd2b55c7fa5e86fa13b3cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
268f31610063f57be8d62c18ef432312

SHA1
3ce48881a504961ead8cae508713f450e29a23ff

SHA256
5afa61cc5681856210289823d67182cda71a7d77ab5cbcbe3060373d9f03e36f

SHA512
da0ea2199ffc484c90d1c54505665fdddaf9c1e7998b90cef9e72e26b1da807d80bb56cbb837756ecf03448add448816a8eebd5a06cd9607c1e9a04d335779f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4906c87a268da984d60287f8322da11

SHA1
2cfd6610237794f1a8b86c6ff3dab54d445a387b

SHA256
503e08ee6d8531ca159865863277c441dca26a5b13d1d3ca74a40ecd7b8f464c

SHA512
203b49e798c700a5234946bb86085d54e9e1dd69856d3051041314ae08ef985340b4d008adecd39f5e68ff6e368a3cb9ed85fbd26a180fccfcd0f4d99f0866f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ede6859ebcf97d7b382cc7a4d9a259bf

SHA1
12e3c7b868e053b019efdeaf91f0056e5c743efd

SHA256
29445f9bea529076fd29679a3bb047a1269da9a8220b311becafc5d4aaaec15b

SHA512
ddd5107b619e65643f803cdc20fdda97e26d6b72cf90226d53e6f9293b9233f8ec1c9d9bbd95c59f75c1071f2a87df154b68b4badf049c87c58decf647ed0688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
efe4c0d9bd36bbad63826d53568645c7

SHA1
06d2d9111935abec2019aa68adbd7b550e6a72bf

SHA256
62c0d2fb3e9b6309319ea11138ea5ba9cb8d632863392c98559cdae36471c2fc

SHA512
36ff261083e3531deb83218811b25349bc5f16ed2522e586488d3739244fff3b438f8e89a8eabfb1f23534d3d6e317bb28a8e7e51bd9cf100794662a39b85421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
24a2dce61b88196f0399787072cdd3f0

SHA1
7aa87cdf092adae6238916f801cc4a6e3cf35a57

SHA256
f8fe2af434ce99b47856dc887426d0ff5ecfc3c7064a5c6908629a4b9c9e0282

SHA512
1e8188621906d77c3b776d3095e4d5ad2459086cd4df82a7adf7b91229ebcfaae6dba66195924dcf1b3ecf8a9bfed68596b7e296f7866ddf21ce8fde00cb7fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
95cd2172d8dd489dc4065c5ee21fe787

SHA1
b3212e5e037e68101b6c6a9225de69481d2238de

SHA256
91bfc1b6ba515c0f3c77ca71e4ba8cd53728d44461dda3f15060ac711d8a03af

SHA512
645c553db4d5ee7f7d96b958820afdd50d6e3d89520f1cb816d4c591f90da6cf3cfad008b15b58a22393217b986566e025977ff62273094a865ce36831437b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ab9.TMP

Filesize
540B

MD5
88c7a3680c9fe4b348ff27463afb29dc

SHA1
ec9c59a74027dfd492cb218f9fbddc008a0521d8

SHA256
552201f31d8b1e3f0bee538c778051f375f759cca193eca20df76b51bf2525ba

SHA512
70e96111d9ac94290934f19c6d735fba0720eb51204846ac2377874536ec789a70054ad44b0928e31564937330e1a38b484debf4f5a877f61e5cdf9e21e7a9e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aa06322661afdea42d67f8d48a6717b2

SHA1
7673f50e6dd18516627f69ce004f804021e415a4

SHA256
09a6ed1490fcc766f8f9f6f17b6daea6f390af482865e547ba3082ff561b2a32

SHA512
67e52f5b37d21968a14a097fdfb39c3ff84eb5b417b52d858ca4fc48a1ad12b8b40c1636e9895d44c2aa257c8ff185c2074139e67526a610d82f09aa1ea08983

Download Submit