1e81b782cb18d7f429ee78e95a22b575befa9b6ca0ad31833b9afc318bda176e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e289e2122ce2c38c78c675b9c4aba47b.html
Size

1KB
MD5

e289e2122ce2c38c78c675b9c4aba47b
SHA1

9c79b4a63eb2b11417230cb3afe1a3c22345700a
SHA256

1e81b782cb18d7f429ee78e95a22b575befa9b6ca0ad31833b9afc318bda176e
SHA512

e9dc4cc18e56e013c83a323d6b9ee6aea9f410985125016770121980534e4ce4d064c52313fef98012b5074b4f22dd9b3895b8d66603523f3b3c3f20e818b971

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
5032	msedge.exe
5032	msedge.exe
1804	identity_helper.exe
1804	identity_helper.exe
5388	msedge.exe
5388	msedge.exe
5388	msedge.exe
5388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 2664	5032	msedge.exe	83
PID 5032 wrote to memory of 2664	5032	msedge.exe	83
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 4532	5032	msedge.exe	84
PID 5032 wrote to memory of 3092	5032	msedge.exe	85
PID 5032 wrote to memory of 3092	5032	msedge.exe	85
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86
PID 5032 wrote to memory of 984	5032	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e289e2122ce2c38c78c675b9c4aba47b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe649f46f8,0x7ffe649f4708,0x7ffe649f4718
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3162747250150379663,1387360581116504594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
21KB

MD5
f71f533e09708639939a1470186810a5

SHA1
299e4c2020b7452cbfc720338fbc8f51b8d654e5

SHA256
9b2e6d1e8a0192406c329c4b1868e08b8abbb9c154ca0d900b5315b70cba5aa8

SHA512
ba3198039dbe25d6a0f5423f4479abc06c870a79eae28612b95fa9aed526d8c16166a475ce7697a7661d5367cae6920d3a0ef0716c0ebfb57cd810c99addecc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c501b017b7c1e8934fa9061676b7093d

SHA1
1c24b3ca6a834135c526d748a58ce0d16548bfa2

SHA256
16ab88bd5d215d2774dfbd2a797201c630e4c455d4174a7230b19f3f28df85d7

SHA512
73ef114dd57eaa98d516d8ec5f3cd5cf6a1476a025772df05c52e796958e96d0d6b6643420a848f752f2176c76ca7d0f7f0053066e42166d8f6f7976767ab3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
af140a61c5454abfec2c2807822f58be

SHA1
5693d1d21bb3b9c6a87a167ffe0a3267273cb276

SHA256
79749d26fa704a4b3cb9a7a032de538637b5c5953c3a9e364ed564a1f3f62846

SHA512
ac05b78fd62d372c0947c5cd6c879083aa8069bce9b8a22de249280742586a065dca5afcbfbfae807fedaae4e5d11e6b16f2cc57cc558b371ad7b701b6328dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc66bba4d679b7380e9c29dc27a4980a

SHA1
7e781170a72f14cb06922083920f861983639bfe

SHA256
996394e8e85939c750d611752a69e09fe76a804ae719b01cd53b21560a9ec070

SHA512
79032b5bbf978e9465d6e82a365eb513d8d3048a40db136d238e2067df4a9fa0388f68956742d66d2f19d9aa055eefa3b5d6fd80220eb8cadc37dd35bb6c34cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
990bc7cc9db6147415ca954ab1417909

SHA1
2a194527527a37cf3a5320089b0d908cf74d88da

SHA256
b91e90c6ac37cb2d79a6f3edc0da183d4efadff331a217e4a1a6a8c92c88f272

SHA512
f00481350e29a988f31928465277a4ff69cd9be33d50f51e96fecb92b81c2cf65761f3b0bc110824806e21604ad740745707d9f1411dd5ab6fcd8a7c870b2448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\51e1e263-59c6-4073-a1db-eaa4d163d03c\index-dir\the-real-index

Filesize
11KB

MD5
8d09ab337ebd3fbfa625fc234cc0b628

SHA1
bd253e62ab363701ae32314ee7d75048c8f9f67e

SHA256
d2db5c05f0306f178f82d36344676a9ff2c232e7b962445fae494c0f250fa073

SHA512
c849542cdfeee988aa913389fddd3b4ff703e1331f8955ec1af52c09d1af7e797c02fb431b86226eb5a1412f2b3ca595c574bfce6c7b44b18e5297db627729e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\51e1e263-59c6-4073-a1db-eaa4d163d03c\index-dir\the-real-index~RFe589cf7.TMP

Filesize
48B

MD5
7cc38b454bf8b1735198b853dca86a3f

SHA1
68f2d8ca1dcd1df544a5ccaf69e69f34c8058519

SHA256
8d7331330fadfe67834e750f3e1d71682853a71c9a7104e6fc8a89c2947c39b5

SHA512
d1ad30fd21e1ff64c2dff233064f573006f594c09b9c06de99f4bed12a606c68a3b178b808fd9f1b6e434442cc43b3f3496bd74c25ee536c6789603cec3f1011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
70b6983071bbd56bbd67bb7fb7e1ba80

SHA1
8e51d154a60af479ea94e672789af4ab839d5d60

SHA256
93153a911f72c7b6f46643bcabe9162b9a27e7b7c96899f9d27abfdba159e2ff

SHA512
0dbef00754b74f7a0d1b231a3d82ae8f341f6416891760657a7e2a9201958f15555deae539d36cc4af5e5297f8c731375bec7cf8cfda25e32a66279a7c63bfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
89B

MD5
d20384db1763ec360653e67ac5cc54d1

SHA1
adef426bd1a5da298548246c56fa945ca2dc9069

SHA256
301e4d81286e789929b306432df0930c9ada2166b3aa670f2d5fec304eb4242f

SHA512
19e5907b8060c4b45ee14ca9328c5ca123078c0b82dc0c39e7aba943b63b14a5fe5d63ccbfc40c5e45749a4a6d2b8f330cfe2d9c19734fbab61b78ea4c5ffa8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b6d0cdc758323e251885d8be3655fac9

SHA1
4436a5164e50ef5827eae519df3927ab2b3e8367

SHA256
6e5b53eeca6e024be2aff401f59fafb7e485d3d3bf976a07191cc7f09a26705a

SHA512
a9703d651d9f667f0bae99b27de7c4a8a277a0cf6148a94611720f09edb9808bca022d8734c7bae571e719c4c01e2328b7747cc06d8bfff469cdcc8f601fa5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5811ae.TMP

Filesize
48B

MD5
6acc2cd273bca4d96e9625b716faa3ac

SHA1
67187ed66ad775d8ec4ae6a200ad98a1daaee2cf

SHA256
31ac0171a89e7d1ef5eb555d0c6ac93537e332ef3b17bd0504bb2f557eaa9d12

SHA512
1dc63fc82b22956a8e32cd4fb63030fc79be8936d06888d80d50653a58cf139ab0fbd097606b8e013c1ac1b6249e12b9966c89cc580d9bcc7821da59a9ec4c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
375697e8fb55e48b4c7def270e407366

SHA1
7c653715246759ff2087de024fa3d32cacc2f243

SHA256
920da26eb5c1fad613191b2572fd372780e7b2a0fc29f26f3765dc470099681e

SHA512
c0fbfae4f62d3854302057113035b32297e6f368b309f1f5451e110221bb6a70646e7e2bcb0897034ee6ff4e37f5b8992933f6ebf7ef3df6c0b5f415d5741b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32e238db49996c23145a1c885456a9f3

SHA1
514c3d7d5fd5e7b3ed60487fb4d6ed8c80990975

SHA256
f9d92d6b91179395c34592124c32d57f8a9f2a8b4ead91335b59a1e5c1a5cb73

SHA512
aa9fbd96f74e8453d012813fd9ad4888b55ba3af119eb79a39591f7a68fea3b48967c9e33ab13fbce4496cb272ecef753f6489ac0cfb63c87d0f44586c979b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d83123494012a61ae8b907739ba7348

SHA1
e1380fe75c7aa3d353d05c14118b35e079640867

SHA256
3906b639be039c83261799ac2db03afa3e462a755d74a0bd3e189bee7a075672

SHA512
b1b8b58b3235e00d4e6f7d20a09c2206828bba291857e09aa780833bdabbd12b6a5ee4da67b52ef2e2e9a679b14dbb89437a4adc7c7646600c3c712148ca998f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61d2ec49ecc6eb421b5fc5e3564fae0e

SHA1
3616ea935ecb009369ff48d2fa942015146ce6a2

SHA256
c1e04f7dc4f6487f366411896d19269fc69ae8cdaf2ba273cb39deb72f5e5a7e

SHA512
88a56d4814d9bf3ee0c21bbda7c6e93d3ca76047981a150b43293dc925fbeeff5d0c0e03af6407944b32925762c3bc528d3c724e0eae2529327b266556a4b032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b408f9f08e1d4bd5519c82579f0b1f0

SHA1
71344c8ba0986a695b267440678e4de2d8a47798

SHA256
2a56ab50b7f459b8d0096e9ce8db2b53bb0e08dd71753854acf4b57fa3b37874

SHA512
ce533b13c7ba16e745093ceb51b7e34fad170953888ad5e4a1d8cc9924f76cebbe1b1df78e3cdd759958ba85de9c1034342d4afb2a03be7676aafc173bcb0963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b71daa5c423a0a6ec78b38b86294f417

SHA1
6637a39b8396e6dee21c3c0a8c4e1e7401b60716

SHA256
a6c721ecf0335d0aed84584dbd2d9c6a3cc9778131a64312a85d9c97dc8b18be

SHA512
3b91b734bd881ffd2d6e992f43e027719725b9df615d49cc52ebf87e19d394b8de79352024079c8fe0ba89f92fc1fa9952f0404790dde54225df193a11974b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580635.TMP

Filesize
1KB

MD5
9c9f75e21f0597b483d19d4ef2a26694

SHA1
bcd4728392595988b5989d2f0ed9616c6237a906

SHA256
eae547cc693b7ed65dc90bedc7a2ccfa138363b862ee86eaae73a15da7e5226d

SHA512
5b96615aea04a4a7707141e39b0d818b5e00a812712cdce2677a1a8f2e2768d51b7c0c717b3e24d1f4dd3e232b720dbe9600a991471d0e7be910240ac9a36b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
517f409c0644b1399a1f986823c14b48

SHA1
36b4591369a65ed25e8008b714de65369ac417ca

SHA256
e796151d7735fc7e52fe7d2259cfc8f9eadfe8aa428e4fc4adb3eb9eeff35c44

SHA512
b125d117bef8c5cc24ba30494c5056025112831e3d6a01874e5638ab107ac09b1b56f82de3d485777d07f6f596b9b580d51000410320472b09d8c7b2815cee99

Download Submit