6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

max time kernel
1763s
max time network
1685s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
28-01-2025 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Size

25KB
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
5420	msedge.exe
5420	msedge.exe
5512	identity_helper.exe
5512	identity_helper.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5420 wrote to memory of 404	5420	msedge.exe	82
PID 5420 wrote to memory of 404	5420	msedge.exe	82
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 2860	5420	msedge.exe	83
PID 5420 wrote to memory of 3160	5420	msedge.exe	84
PID 5420 wrote to memory of 3160	5420	msedge.exe	84
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85
PID 5420 wrote to memory of 3304	5420	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9c5d446f8,0x7ff9c5d44708,0x7ff9c5d44718
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9427358060785152988,10427488255030309978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3fb127008683b390d16d4750e3b7d16d

SHA1
8204bd3d01a93a853cc5b3dd803e85e71c2209af

SHA256
6306c5c7293fe1077c630081aa6ed49eba504d34d6af92ba2bc9ebf0488bd692

SHA512
2b8003cc447e44a80f625a6a39aacad0a0b1a5b1286eabd9d524252d37e237491d069c603caad937d564d0eb0565224d6c80c407b61092b562c68087785a97e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71d9c5ae-e0a7-432b-b39b-4e982cc1eaf7.tmp

Filesize
874B

MD5
442e17166d314253e7a3c1a9c968b445

SHA1
fe5a93e31e280ddbdf9ce9187889ba9112e1e3d6

SHA256
4cf8151fda2629c1d755aa864f4cd13e447569de24711fd9ade93a80a5b0c2cc

SHA512
716e37d79950250c0f40520768e3ab68d1548c53f2c95cb80cc4686b0b02697096209e097231ab00530f915a3b83ea2cf16de15b3abd334e72dc8877fc4957d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0eabdecfb3b8ab4dee6b8066795ddc5a

SHA1
af81eebb9d614bf4a6b5b9f54411b04c249d9c88

SHA256
0035f05ded8f0782ea8094ed94b1c1bfedcd1bc9ae9f8d877eddd49c5c0d80cf

SHA512
d73a049395d8ad7262a922f5bdb947ac7b36996eece7f9cf5dc6159667beaae3fade2df7e3e2c9b02fb7b77e7f0304b945fedbe61e076c0d5e5cafd648584528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4f18281aa797e47083184eb2dcc8b141

SHA1
6e440c2bd547a24094e03f8b0517f409d7476a2c

SHA256
5da42e8ee1e9c1b7bf549b4ff83cba4af274023ebf800f5c0d3fd8f33769a319

SHA512
311d7b85b1a5c75dd5cb56beb0fd4ba9dfce3ca2b107393a49e86f4f96dd8ad9a9f5e76de9e6e6fecf12b45ce7e68c9b33611d2d34821705f5339ccc04f7acf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
547B

MD5
950726f4fdcad62db7ceeb83f49fa113

SHA1
eab20add78954cb636815154582099d909398075

SHA256
4b44cc8150216218978f7ed5d3b8f86118bd9dcb76a0358fac82a27f7494c085

SHA512
4c671d2c7241728898498ed7b0ae9fe4c599e9f430c964c9bed56c4c5f599ec3f904cf10d80b867a4f93e006f2ba3b8d41ce10c63bbed0fa335691aa2a11c366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f1876c55910844709b82da78402d837f

SHA1
56b3880a5aa86f5a273ab9cb4776f338f5da4b7d

SHA256
ec7b70e3f821ae21a60303a40be2f7a296ab778e76d272f3733c16ac03ad96b0

SHA512
0e23626c2b215a3b32fc781f11070bde8c75a298ded39f381561ba7ccdb7b0da57578f2b29531d5f03b3136031bfe36552106155ce6c31c668243f0d461271a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4df3668a94366fcd1d7f20d007e4da9

SHA1
8af1a0081dd2a63619be5e085ef2106be64f15d7

SHA256
f4834b0337a7ee04484fb93878a459278f72fc71a1606a3a53aea93b95b71dae

SHA512
12607679382822ec36f18d310d4aa04cc6d72a7ec646fc35e43085ad62c09688a48c671a5826f727ad711ca4236f65a21e5ef00f2696887fd7e31a672b2a77f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5136da60785c63682ebf9ff143f51178

SHA1
2dc0e83675e57ee2ce4898f161a13e750f9dc350

SHA256
e1c61beb13b4463a3397b2edd36ec3f2074aee2298d530722b68a376b8d1ea61

SHA512
c997c8b7d6c5d7c4edc2ede2e7ec3cf70fa44814fb8ea9d9d10056ea6c796ad63e18c1e80e0079adef921a6ca7d1e9b7376a8ea27d2f8def6aae40d119fe5df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e11c3d2a544dd4edcbc61fdfad3d746

SHA1
95d92d3525d633a61c6aa21c3aa55494c16394a5

SHA256
9a829f1923cdee24442c724eb285e2fa95edc5d757ed7e3f2c33640ea055e3ff

SHA512
cdc6b41dd864a4cfc0818899b3dec3e4619e3ef98048b8ebd9e41611d635e5835041f481c8fbe720de6996ef2650b5dcd3c91d7d8687856fae512d2bdbed1f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b42236ba6cf0f883f4072690faa51166

SHA1
5ac8ba16b5e9072b1d5b3a59c9a7a7c58072ed31

SHA256
c8fdfec57cb32370a8ad0c6d78806b6929f9ec6792edecb5af6134e7019e4510

SHA512
762244d54f4a23bd8a5e544b3da83c0b90a87eb7812246b034e7e31a2ab1ca16f20f64eabd04522e5e5d598a59498729d88907a2e0a884e271a426a0fa6749ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7850b01dd04ba6c419d56e70080b2eb3

SHA1
dde65480e79e8216e3e987f180bd70065bae173a

SHA256
5f4520ab5b4e0fea4ae02fc120f1b08fc07c0a4fcf55b71596ddbadf47d94da8

SHA512
749ecbeb0444f02cfafbdcfc213ca269dd2aebca55e2316e8ba28dde3926d8037893e04e75e710ab5f518df86ca9ad4153afd47c1c57ae9fd379992556eea1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0677b7272984a6e8d243405b2c644c7e

SHA1
a844ae7f8d5fb7839f1258622142e67953d19607

SHA256
d5107326caeba499cd7c455096423d8ae9417bacee6cf3aa6f814d93eb4f7ed5

SHA512
0680e6d08364b7eb6d66d25b26220c21a4974d249c778f80ee60e5a257d44afbc2013017a8743699c7139d6275b97883940e7b0914bcaf1e2281c8238b64c972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
6d0ebaefecb85690d6d74b65d2ad991c

SHA1
99c1643cc9c01ae8159683e95368ff32e8a282c3

SHA256
28ea81f235ddc6dc78378b5bb9110c6333bc23dda7e72f46b63b60ed7870c903

SHA512
3d4abf9d489b8af01f426663b2fd04faa02602ebd1b2672b5b9a7d5f23fc58ef83cf338ecfb82ff023823c57cf62d382b93b316e0206513cdb697e3f1a432e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
4f926296ea594ffb67f0f495f3631994

SHA1
73f7dfd9fcf471f7b0600c405a186cba1233bd04

SHA256
5f1ba9e308375496fadc86c58cfd49db2eba34d26d01910fc03155971af965aa

SHA512
20c1c1c00b35224692373a1badca01b4e3c3b8dec892d4a45b09f1815249e7ae8dc7c5531728d21b2fe15c52296e6b5e3b323a8909d6c0cdd408a969091ae196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
be482e11e71655aaa1ff550f9083ef5d

SHA1
8d20b3c2131484c1a0b8bed8de7a1f310b2d8c10

SHA256
d56ddac152c0a97824389f4ec737263c6e02f01e15973d2b6d064cd6c1ff1fef

SHA512
2fb22f95e733c305eb593bb87372c4f49cabd887dc00c8d16b28e9ac4e37fce6d801605997914c4c29abba03b5e46d14aeb57d0cf3ed3c45407f9f4af8c12d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f9a2.TMP

Filesize
706B

MD5
300455f624dea5e8546e0d31a4692f66

SHA1
05c556cde24a9d18bc9971c440509f8a567805de

SHA256
e7bd39fc284e187ac6f6de8887e910178560d7fd8149bb16fb7859ebf5d76c49

SHA512
b919399ab58416700dd7ab89296248ea017d6304084feb43dee07da66d66c61d4c3efc7283dbd3ea6b26b824256f61cc5f4675babdc95123ed1bcc0c8916bce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc7a81c0fd493e0b02b5df2fb329752b

SHA1
33fd038b665f598529a48d14f1dccdd7e735706b

SHA256
cb18033303beb4a42adcf27ab4bd1d22fb83a276694adeb0f96ea62ba0e0c280

SHA512
e516c8a8faef9d3bdf6e2db19791c28535e8354fc63fa51e1022ce34097a7d114f9b6a3af2ac3f948ba1677ef04b98340dfc42b42e418b2cea1b8720bf9c4dab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b863f47d6c8cc11fa51f79f3e04e5336

SHA1
204df16b37d2ece0fda2dec8b535b925cf22e7a7

SHA256
3c4f101d21818c8b2e0acdad4cdc8cec9875f767e5cb1cefc309de04e7048b1a

SHA512
e859ac7fe6cee5061db1e4e19437044647c20fe538cd35ee97db7ca3bec2cf2974ebf00d96c2141f2334fb3eb9fca9a1173bc2e5f03bba4ad66891fde5b2717c

Download Submit