cd2e888b16b1451e0191da857ee8a3a5edc6250a87abfa96e105b63b5df901a9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81.html
Size

168KB
MD5

ea510997ca1bfcb1cf122f451fdcea81
SHA1

c6e9eefe6f3d525cfe1f10bc4d0f61d18a1d7893
SHA256

cd2e888b16b1451e0191da857ee8a3a5edc6250a87abfa96e105b63b5df901a9
SHA512

c1cfe30be6959fd781e7c4139aaf11ffe3b4dfd35c20d93b1687cc348f8c145f762e9a066c3b3578496b240729d60e3edeaed31d1f3c01bed22fc1c87837544a
SSDEEP

3072:FhYGwB1eoPGGz7Np1C+4/aAXt8py4sJIT+NbVsac4x6+F4MAABn2hWByGObuWP+Y:DPPoPbp1C+4/aAXt86Vs4bAA8YQ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
20	sites.google.com
7	sites.google.com
19	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
3940	msedge.exe
3940	msedge.exe
1644	identity_helper.exe
1644	identity_helper.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 3924	3940	msedge.exe	83
PID 3940 wrote to memory of 3924	3940	msedge.exe	83
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 4204	3940	msedge.exe	84
PID 3940 wrote to memory of 740	3940	msedge.exe	85
PID 3940 wrote to memory of 740	3940	msedge.exe	85
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86
PID 3940 wrote to memory of 540	3940	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd71646f8,0x7ffcd7164708,0x7ffcd7164718
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1196 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7e391b8a002ed435ed5f6bcddc0c5ba1

SHA1
3777bed06bfcedd25624d8122af32d156b71d0f3

SHA256
403b8f743b6816f59b02ab2fa166396f4c8d2201382ad1ffe555716d7ae306ba

SHA512
45b70e6a72b48146884a952dd797a69fa2ffded12de94306ca47e4bacd0e142fceff2d380a657f689643832b4c2dc96f2760750590a0a784f9d656f771c71985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
fc877b8fb212780044b0ef6397272cbc

SHA1
7e67ceceff16133a15bee7d2740ec1b77ea2547d

SHA256
c26e97c5d76984d5a626d2abada9dc4292cc82478ca766d74b271a0d2fa69ca9

SHA512
7ef1deeed3cbfb3f35986d7917ebd6f1ef9d789c35cce2a6ed500a9e8594366272701bef7b91f7f834dd26e7d5e00aaea3078960aaaa97558503c1f8cec1f718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2db18a578baae37e6bd30bb80826f058

SHA1
13a8123c09a6cebc06eecf181d1c54e36d295274

SHA256
20dca466550bc8bdc3fb1667ed0027e5011784b87bb72f633162e92ca753a383

SHA512
ed353f847201b6927eeaa812007df6c9300a808ea0a4877c0154e2d461448113c6de10767d089e5aef33abcd347e42a27fbf5a4acc82ce0c4d229d8927f28eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87b27d7d099d03540dc55eb3f730490a

SHA1
0f7a98deb9cd7484cfec56e563b6ded095539058

SHA256
5ba3cb55fd5c26202aac7894327266570cc79458f70a6c22f077500579263b80

SHA512
5b8bf28fc846c4827bf2c79588dfb8db0540409323ebeff13cf441b6b36c2a8a16e6ddaedd0bc07ec62328adc8c93349ab101418fcac0db131b01b0166f9631b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0bdd0ca3ba846b2107e315f533854dd

SHA1
d6f2ded795b0974b31375ce71004b3bc4a702b67

SHA256
3870538f716ca5b4f28d5d2e4b216a24813360f6b4c2071959e1b633ba602173

SHA512
47f9d45d2d54fcb7fc1d69c16e6e5bc41acc3f99597011aac817b293f95e32dbb83d93c684fc485a2b217c0b338723b5cc7c11c137231014f994d9386d592910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4523e47fdc73fe34f569ea1f95dcef0

SHA1
e0bfefb2fe7e5c76449cfe112236585ddf1f0add

SHA256
ad7117d2df70745e68070425594790820a5f95931ef50a158361062b2f3d2cf3

SHA512
06a04a0098c05820b4a752346845e44998b244ea7f2631fbf498b535c8f8625a1e56534a45a4a8b6574aeb1c335aa19b9fac2db5692e745ec00f8858dc4f2dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
707effb03394fcd33f70f7e34abc2c89

SHA1
f3a10e22fa13f756c2cff89f7dbf05a281311b44

SHA256
e9652d4102c5bb9e9ff528b3d4ff0081211b750b12fb36b6bdf1c6ade3d7b99a

SHA512
75a50d0d05e2ccfd9f46bde3f92ab716d13febc344d534cec7d914c3f2d504f327f08a032bc2f13059a44020628a73223fb3ac77ad4d0f234da79997d517afb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e8c65194e3b56bceae5fc56a9074e3fa

SHA1
dcc894748c57b19b45d2a448fcf19c3dbc269d1f

SHA256
7302f998c08bc1f152d78e4d73ca97ea06344a3976f4fbdcb584f55f5ea97385

SHA512
4e880f03c84243e7fb07cbb4c1168957d2db5dd2883172e94a7f95f66dca1f785bad62fd903ce5cbcbe9e513a89ba4923d7c867b10c407b951d3b0a9810a2791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582527.TMP

Filesize
371B

MD5
d87c4362100b2f9d08855d650b9d0ba7

SHA1
fc0addec45a863f0c9622d89902b8f62852f69b1

SHA256
7f8cea3f4b1524be2ea78abdaeadd7648d2486f032888e3a5ab4cbab98eed2ab

SHA512
4cb0add90b3becd700ba3f0ee6da8a61d32a99cf5d6d76702f5d176053c7119660eccb960ed21a24e02f6c6e644887d5767e0230912c894bf0903df95ad84677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb782cfc11eb5ae982c670d5a9d049c0

SHA1
d191777665c68c9f8cf158757e41f67ae881764e

SHA256
1935f48022812ffb42b0b1cedc0dbe2c310445bdefba466f660df938f42e89e5

SHA512
5109bb55ddccfe2cad9071aba6ab4eb1c61b824aeaf9bf301984e9f46ee37e2cb0154942c259b7eedb532d0c151f2749df4fb7b703111063e2295268a6463c5e

Download Submit