b51a4981644d613a9cd751506c2c2ee642e7dc56056cf95771b476650a2eec26

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_24d3ac5ef12aef200cff7c640e18ef46.html
Size

126KB
MD5

24d3ac5ef12aef200cff7c640e18ef46
SHA1

fa00a86d0c51eb3c9412db02c401a4bc01eb7986
SHA256

b51a4981644d613a9cd751506c2c2ee642e7dc56056cf95771b476650a2eec26
SHA512

eda03ddd250c2e667cb8ff6e3bdea2a4649ce7b997aa49faf6e6a130d9c51c1859333287d5e0ee787a6ad6f2d28d0be94c195be9325f7d7f5d73600255345202
SSDEEP

3072:qFfqbIrqbIV9LmuK/dOTPAkE2cyXtAch7EAYKpNgBebA:ekIIIwitAcPI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
1692	msedge.exe
1692	msedge.exe
4784	identity_helper.exe
4784	identity_helper.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 4308	1692	msedge.exe	82
PID 1692 wrote to memory of 4308	1692	msedge.exe	82
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 4004	1692	msedge.exe	83
PID 1692 wrote to memory of 3940	1692	msedge.exe	84
PID 1692 wrote to memory of 3940	1692	msedge.exe	84
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85
PID 1692 wrote to memory of 216	1692	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_24d3ac5ef12aef200cff7c640e18ef46.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b7646f8,0x7ffa8b764708,0x7ffa8b764718
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18258666963053595193,10711307568336086254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
860b1b2a3e87913c06bf88a1c07e80c6

SHA1
cdd14bcf493de88e2884113d16d714f8fd04ce69

SHA256
7b9471b740a8a10cbd90961712a5d888ee577cb8c9595f35254de41df6d2bdea

SHA512
d1030e6086fa6ae17dd7c910d95a4664aef6333c1b6e7a064765730f56c567c8a6be4cfc4611147bf435e78ddc204c6b5f6a267e07ac99fa309f12eae0babd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e3af30d50c176a2043dedcb268339467

SHA1
76454d6114ce20697dd708c30dc6a2c8dcad76c2

SHA256
abfdecbbb52d8c74f6be2caed0b3d4f497c295254ff6b0b57048c8b0a34506b1

SHA512
5fa83ea693b3425b74eec745f532421250ea6c86bfe3210db4beaee2426635e78cee45eb70a0ff6800b28d65ef229e764bc69598a8b824d64a7f3eccc24189b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
397379164ffd1258082e3954e672938b

SHA1
79222d0d4cb25466b8bc5b64c16b8f8a70b07b68

SHA256
33bdfd534a58a94998860d612db5769fddb63f8e95bf5097657139c1ca0bdb7d

SHA512
1e1e9e56973ebe8ac9589cba4e579cf09b4864d43cc199c2d566778e81280fed3846f2f2e4192afdffc08cad0022e4c2d43bb8db2d572e6a47ba070621ebfb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
547df768ef4ca22c4973d31a38c9ed19

SHA1
b42c7e5a8e676945e03b7c11deda8b0d2bda2dca

SHA256
fc5d4d1729e6e9644709904be30794908c3c9c7f1dfc787d5511cfbb2210dede

SHA512
5f1574704a9262d1be48eb20fd34f430f8db7d92e7a88fa3665dc5615b800967b17f177e1ca748a76ac248c4c7c4c660339bc41e0fcb1744b454425741e1e24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13b6e518294a24e73ab0c6aed0c47416

SHA1
e94339a44ba140832ff03867be2b75342e9f3724

SHA256
6f02469d756b6946a8415fc269c07fbc4fa2f930f2c234c53d8b2b7bfb277f3f

SHA512
2e833f30dc5829b0d9102a19f9b849cab917ecc5e699f02b34b783510af12db8469bf64c595c39be93e0aa8ec23b4391f05650a62c2f83293e7a745778bf55e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b5dfa6fc0834f47d279d04bf2eef4ba

SHA1
ba3f2ec22b0b679643458e993e8b8002eca2f93e

SHA256
8c66925c88771caf3b742c264fb60df8812c2ed8c8800ce2630db6dabb993763

SHA512
6fa52d0087c029507cbe13e1c71385367e4a899da04a73710a7812c1c8cd7e32bb0d957093494c54fd4c776ae2f5613533edd63c76bb03cf8394209234f00b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
38461ec1098e0a4c05d8d7924205c42d

SHA1
4c01918c82ce3ef145d022c5ab46c73523b79d2f

SHA256
2324283eef80aed087fe449f69e8812d28ec57ae1cd2c015594d9721be014be7

SHA512
9517bb7be983c5d151a6df14ff3e7c20f8f16b623b96294e79f7c309c5bdd399b891f2ebe0f569fb4e57387f07c89e2d6519e030f6f55dfb6f680320bb9855cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5955b7.TMP

Filesize
871B

MD5
1d4999b34fc138c8b9762f8f784364b8

SHA1
4cd496d90ecf1398ba4c08decec1541ce4936c61

SHA256
debd57541b6efd1bc54169e8cb37a14f62d60a335fd121825a499bf3d8030fce

SHA512
41975b80ae600060f50124716e375915a5354f9a16ec5f4981583a78526ca77549f405622d197e274cac06901e3d89307babdac52103999b5ef210448a03c3a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c096fc1bc88e070a5e710ea094a54404

SHA1
fb847c54e5a3eeb5431ac9cd5512ddc526a82396

SHA256
b18324472a370a8c14ab0cf3c1c2e31b167cbc3ae4a04833567f22e41892b648

SHA512
f782792ec7e30eebd6db3dd4db47120525ee0bd1be975a71f8dc701da5ad3cb1895e4141535852105a2b2ad570708d2d943d62214b1b048af70d49d5ea73a964

Download Submit