bfa36fa0055863b776b254d44ad452810d671fe219e3b04e43f2bc8f32908a04

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2025, 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f78e178ac6232c6035fad12062eb1770.html
Size

143KB
MD5

f78e178ac6232c6035fad12062eb1770
SHA1

ca39f3589feedd9ebe01ac5985747a076d9bcd5a
SHA256

bfa36fa0055863b776b254d44ad452810d671fe219e3b04e43f2bc8f32908a04
SHA512

88672bc3385aa9f745a198c69bc2b36792cb8d7c8c3bbfb26f7d95a3a49a1f0fbcaca5fa694723068818fb20634ce55caa3295299a23f4739c4581514bafb39e
SSDEEP

3072:75c2iKxcJy3/hUbBo64uTzaYENYEWYEAqkNJqU5xxortAUHUopiLFuOTjh99ORB+:75c2iKAOeWYENYEWYEkfl543K

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
9	sites.google.com
15	sites.google.com
16	sites.google.com
17	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
1336	msedge.exe
1336	msedge.exe
1704	identity_helper.exe
1704	identity_helper.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe
1336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 3528	1336	msedge.exe	83
PID 1336 wrote to memory of 3528	1336	msedge.exe	83
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4108	1336	msedge.exe	84
PID 1336 wrote to memory of 4184	1336	msedge.exe	85
PID 1336 wrote to memory of 4184	1336	msedge.exe	85
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86
PID 1336 wrote to memory of 4424	1336	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f78e178ac6232c6035fad12062eb1770.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3e1b5454-d656-481b-838e-1d04fa5d1b81.tmp

Filesize
5KB

MD5
64988075c2e11986a62098ea39294161

SHA1
39e6983bfcbe09cea5cfee6c5a2fbd6111756e00

SHA256
c50b47e93c519437d15afafdcae118e700cd99bdc0d8b61dfd39edbcec8ebe09

SHA512
390f707753176d5760b64da976f9d5343f397e433a511c007b4aa16e00d501094ea6c1658eab5f7a204b78a426ffc3f9aa0b66f46fa0c75a066b1fd446e9c319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b6a7dd4011bb1a912391df2c1583767e

SHA1
0737273b1cba44bb69bc5c83765d8d925359f4f3

SHA256
f559cea6dbbfcbce2ee3c3e352298e6395725b25d06c3d7c15e054cbdb6388ba

SHA512
d43c9e6120f50c856786ff19029e8d75deac7dd825a03eb049ab0f72d78015bd537200fa129a25b92b119ce82c39f7e092c7bcf9cf68a79b31ccee1067d0cc03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
e92614036a3759016298e274ddcc2973

SHA1
3661d53c0d8adbea0a3ac9ccc0fc680b125f0f54

SHA256
d0802fe99207375aadf6848986455e33c1a0a1129d45fcf852e6f962cb6dd4e5

SHA512
536dac8af0f41229083d17f29100b1cb49def1487bcf7203d3f33e590af4ca226ebc022a68545d0040d950ff30c4340f48c4388db2844d057174e37a233e4709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aba15b613e1457541d441fe4f4c6718c

SHA1
7d6798af1fe78e0d4fa4aeb8669885d100c62488

SHA256
f5c08880d2a875a322fe952e9b7fb3d103693c87c959719e95e161cb00fce2eb

SHA512
976e8e2551c4628734e77a717a79ba2fcc1335cad4dae1567096f3520140d30c6ee8d758c9e39416c5a41cc4b62648cfe456a1dfe1ac9de5a0e8f41dc43b4ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d52dca94bd0b2d014ea1dc1af1f845d

SHA1
b17b4435b72c115a221b78b10dc16e33ba2e7b49

SHA256
b852f8a04e6bdfeaf6b35c72e98b7b3b245e8912dad575b4b227d228fe153723

SHA512
0be902aad432ca3bd4c15fc4663bf59afa6af3dcf5469967d6e772c3936629b4f78d267b740fb938966dc6a4aca68a88bb36124f5bcedd7b383443976d8f1084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dc6dd85bfcb2a8605260965161588476

SHA1
61ee30a11ad404747a79e91bacb0a56d744ea365

SHA256
cf4c28758e74fbf6a46dfe9fc1f8a469345acf8294ea78283189b527b87fdc08

SHA512
1da478163655151d1d78d54049dd05e0640282faf711a95c60a009a7061b2486ace9f9e6a9f8dfbb266dbf5e45cd5a965dc5d5ad3e9b6ad461a416134b23a27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d0aa577542449e37ccdebfc514730719

SHA1
ddf24ccae889102b5d61e766db529d8ba2b44368

SHA256
5f977f1b7a13231832eeeb19445572f4d83cb7a322114a34c12902642bfc381e

SHA512
6eed41ff617af5c39e955d44edf2d07ddfb8a39277ac0fbd0b870c0aa86d2f95a56daeab00581430af03a44f6c28a0bea544af754311c0af95c5c456531c0793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
834d13db6490b7c00eddbdfc655356d9

SHA1
5a8f986ce25b1dbc6297c3bce0cf71312a0b6503

SHA256
00149cf9e4967b8cb8b9967f9597a32c5f4b89dab5875421ac4559abfb0c2fc0

SHA512
6d0eb684174c24b34d1ed7cb06d649813c534f77b78299a104d7b0e647d2994b4dd0f46b2d0d5922cc7bce81b8fc26d337b7b29af4fa0f0b5455cbf761efb6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a73a006149702ad7630e5ddb22fb2261

SHA1
2bef02d202167d1fec11189130012bb794dcafc7

SHA256
5141bcc8a2549672d55e295b17989daa78c0c03a1840c3cc9299136da982fb8a

SHA512
2d3931ad5f223256222d1aa78b2ae4721baa47cfa602aae0426926091cf883e0d729dad02e03255fc69e6456f2f4e9beb3930df1a5aa3e7d67e63d267e43962b

Download Submit