c31d51bef9c56200acc11fb19dbee9d557c9b68539b23343b8e8af020c10611a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fd9e9c07b05c6bd3947a31877230a6e3.html
Size

157KB
MD5

fd9e9c07b05c6bd3947a31877230a6e3
SHA1

3b6bb98ad30935cfbfef130dc18a028a84eec1d7
SHA256

c31d51bef9c56200acc11fb19dbee9d557c9b68539b23343b8e8af020c10611a
SHA512

6c15df8f37a94e2ba37a81dc47dace4433fe6f0ca83e4b1196a3e840ed3084478c1f8d01cdc37adc0d43b9e7b735c0c9a0e2a0ec8e7131dc0fd8d9bd10799785
SSDEEP

3072:ZkFmSF3z2UP13G4k5QhLpOatVrbJo/fNbYaaLStRvcxWUu/v66sbsGon4G59t9VO:uXr3G4k5QhL8atVUfNbYaaLStRUxWUu4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
3888	msedge.exe
3888	msedge.exe
2404	identity_helper.exe
2404	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 1388	3888	msedge.exe	83
PID 3888 wrote to memory of 1388	3888	msedge.exe	83
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 3488	3888	msedge.exe	84
PID 3888 wrote to memory of 4484	3888	msedge.exe	85
PID 3888 wrote to memory of 4484	3888	msedge.exe	85
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86
PID 3888 wrote to memory of 3568	3888	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fd9e9c07b05c6bd3947a31877230a6e3.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72d046f8,0x7ffe72d04708,0x7ffe72d04718
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6375080343029323855,3203772685886019546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ea1b6e1bc680914cf1d0c6aa7958f733

SHA1
b7de3054abdc1caa8a557f1ae4846239814e40f8

SHA256
b885f6da8b4f555c301b021b7eeead1153d27a30c524f31a8e6f1e5ce720804a

SHA512
fdef27de71d99c3aab710e3b2ec87b550f8c4d0f1f231fd22e7a06b8a8381f1be36717a3f5eed9ce41b68469d18504ceefaf472a8c1c0a62ffc660c64dec5705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
88b53fb948902d2864246008d786fe79

SHA1
d4c154b35f6e3214a6cd80a8171ecd9e492f0597

SHA256
4b03a5d8022f4c8011e6d3f4409a3ef0160076b8123be6b23034a03d403586e3

SHA512
0d731b0d708370b39bfc6e764b72881fa95485b7dcf386ec83f1abbc44d5ca770d4c2e47320450d3726650b6a9a7501b3354b49d83c9a340f35dad5d00349ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f70c380ab5a598dc9d575a45b26853f5

SHA1
161eb03b816738080f5b510a718726ef05ad31cc

SHA256
bfa0605c0d638e2789c0a5e965c057288a6ad36217f12266ca8252a8b8a7b656

SHA512
6b72d20675c649b3bf9afba42694f1aa2508b13c8f0cf8b2b7912710851f09f9254acf46b2a0e37bc24d0ef07219fa7608307d89d57084f58c1dfdf1ff828856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
698d832fde3ea22f604f46ce4085e858

SHA1
a0e37e6f9adfb169aadf4e97b23db08d012e7b13

SHA256
e789a2856ded0dde3aff27376f49b3aa1082ab6c81c972c1b029c9d53de666ac

SHA512
90f0ae7171581e9922d4c9e94be37afd6ff1d2e321afa5d05370c73cc9dfcd58711a63e83c7a429dd6e48bb59486ae3fdc1aec41a20ced78ef3feedc4915a15f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4e346249ea42a099e0a14b8b513a163

SHA1
df755e1ef9dfdaad717c2fcb17b15bfa1af454ae

SHA256
9c7d63cd8c6dcd7dea2e5be2ed1c9898bbda8722e5509cd4f35d865f3163fa94

SHA512
dc439e41bd69b483f706cb7c89f5bcb00825d82ff140b4e0ebd6b17b8d21705f370f89f5ad5136f71f174af81c876bbcd85c79a7cdce6bd722f112900cf91c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d313ea1933b005d4f9ce3587bf94cf22

SHA1
88cb20b9540f0a26c9a743ef169381c0a413981f

SHA256
3db62482aa0f5c9387c828aab871aa28bd9ac5f1e2ac63d9bfa976ed353f02eb

SHA512
5d5060a18ff759367a96c0b3590d160bf30bafdda757a39b8b6a92cfda595f3f6215a2d0101aa047a67c0c9fad6573c62696b2fa319c351c0baed188c65d42f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93af59fa289ae2b3cd177a11193bc028

SHA1
59703f32a600f0a9475e23494875bd4747a6b7a8

SHA256
ac63a2efb7ba5ec3ac9737e87f8da4caa95b0994336b855cfa3e64a1692aba2d

SHA512
2d3a41a9432634de9883355bdf65d1df7b4345e900ccd1c6cea54716c5a8507c15112b08196f9c17fcf2585bf73188f97704720b154684e25490025202740694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
9e40f431fac75da85d5058cf79c4ee61

SHA1
ddce732d95b42228960a34fa380b5ae2c7e23fc2

SHA256
8e43f3213a4d0f1fd81010f8f3a248ac774e5759cd78c405075ba62a5db534a0

SHA512
f8284bd911c002cee416a09896b8201ccf692c836b4991d8f133b068818165008fe93694b844a905cb0ce36edf487121824f84576195a8b8d7b04a01b24fc2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5875a8.TMP

Filesize
537B

MD5
c2c76e968f245b0930e643435db1291b

SHA1
10720a0d1d13ffa7b5c9fea9e27e67ecc122ea62

SHA256
24a1188dfdfcb91e5ff373e1cb1d796cfd0fbbbca57744f9ad288e104a1cea42

SHA512
32723d602f4ebb380b0f75a65a765fce21e84fe7f1b0eea12300b2bda04c7593a01504977c8b43f4ce2cd238477a4087c33fce4cec37c03e4bd53705625112f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f059ad51-16a9-4805-bfed-8ac577b4afd4.tmp

Filesize
7KB

MD5
6573ba27681fb64ba0f29e7e6bd04fd9

SHA1
283de846f01f4895ae45bd1569c8f29a29b8df98

SHA256
f339818c9f963cc4051cb6c992c788b62ea7713c9d74bc353bf0844cc272490d

SHA512
3344f414f253c5852df284b62e97f8d7ca31249b394c0a87f7a7c061a35c1b51be15d84a4b46d06623bb4ac3cd3bad63c7878936bdebdd79c30bdda46b6cf03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39ea8b1dc4b5f272f40070c08651f169

SHA1
545775da8e6c8a531e29f512b1378c05edcf7be3

SHA256
3b2da36b54906d3e1139edf5fd804bfd12c0ce73d106727697b602964f766350

SHA512
6f103818a5f43e89d2289aab72c8dd47c9b7edb90b072b2b4d1aaf9b0d16004e82586bc00703979a80ba344d58849f9f1834b84a449e40cb3692e4cbae7e4661

Download Submit