6dce106bf30fe397d23643ea19d9a1c67251d0607e41c868d2884afd2df266dc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_2495bc546b1f0d90902e4baed5470d67.html
Size

226KB
MD5

2495bc546b1f0d90902e4baed5470d67
SHA1

d5ee4a4f2f4703cd295a751ed5f094870da6fe30
SHA256

6dce106bf30fe397d23643ea19d9a1c67251d0607e41c868d2884afd2df266dc
SHA512

d19b2c5414641cbbfce4d2321035b542f05c6dfae8fdf32722a4a5711555aa6580608e4def8ef684737609f787cd5be97e356485d89ddae0fa7255385107acfc
SSDEEP

3072:AKXjUNNHOkCWya2on57D0Ozo1BKb7bPQxVQgbon4/fTLjodshAvXOncMtSF4X:AKXje99i

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
3124	msedge.exe
3124	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 3336	3124	msedge.exe	82
PID 3124 wrote to memory of 3336	3124	msedge.exe	82
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 2136	3124	msedge.exe	83
PID 3124 wrote to memory of 1940	3124	msedge.exe	84
PID 3124 wrote to memory of 1940	3124	msedge.exe	84
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85
PID 3124 wrote to memory of 1944	3124	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2495bc546b1f0d90902e4baed5470d67.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff829c546f8,0x7ff829c54708,0x7ff829c54718
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18039026324814070692,11646084089451541914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4612 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b4f193d745c255bc4addcaac43ab4218

SHA1
f144527054cd5b6c12a32831156ee0a4c70e3e1f

SHA256
ef483d402f0eba2cbc4eaa11e8d823d795332e578662dc4d89fbf5d45dca12d9

SHA512
2591ce34b43237ac242d0db8ba3ad68903e35cf4cf5d5f2964b23a826df559455c1c69508ec5ad5a941c15cd7253dded6b2c0e94261019461a1cbd2017d88ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b9a322fc12790ad8d0fc452647ff6eaa

SHA1
06664b437c11cf8e96ec657c117b393d0b8b2979

SHA256
b309d9e08df7b9aca5d8ee6c65a5eda57756e0244d90da329649dc39e837ebea

SHA512
180e923fc2106e2027bfef3e8554899a701599e1a53ec0a8790964a5f5e175279a6384efb287af6ec4e603d0e6d8d3f82b8650d97423ad63f4ce16f623870148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
361d78f4d8cb7d8f642251179116a71a

SHA1
dbfb5be8bdb495d5d83717875ce104bae444b249

SHA256
3e1d030ba3b9964eaf7a00b3b5e00976f1073aa8dc4dec526249e320fb2e4c78

SHA512
7d95f87d8f523e694c00b5c9098e82f82d63c9153a05f8c946012705d2c22e8154d7ab9e0d291fe7494ec607fae8765f643c9b47c7abd4aad6d6255d033be900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
91803d144e16a997f5cab166adb96e95

SHA1
22276ecc2b567130f53503035cacb6e0e0c4eb13

SHA256
df5f6c8f33fede3638b3ced70cdaad4c967d0e31841ac62e7a7c3c9fec06c47c

SHA512
a4eb839e843e0365b62c42aa6623209ec6b6f76a3c1c45e393d0e95e0f1cc1f1d660752de7032367eb594ef541725c434c1f09e4dc828a7bd0b94aa53d96646a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8fb290f9bebfeed68fc5623d1d9a2ac7

SHA1
aee2f46b2769f4135a2936a118ce39c650d12430

SHA256
28dfa9ef73c88c077e64ab22a9e0b0866bc404677ae8613794a8237882c98d0f

SHA512
79224a9f64a021ee28997b7cabcba8c4b7d0e976cd0952de16e3b52d8abf862874d5c4e25d0f0aff88b6db013ad81e87d032fc9d1f212b3441eb1081d6aa8fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2065e13b2f85b385fce1e684d03a33d8

SHA1
9e79155688a1c40ed8b7d4738972217d3f1dcbbc

SHA256
91f1849d8b513f76be41bebc0447c0e95f04bda09f88f1da69005ef6e139fda0

SHA512
44536c9713ce65c9d8d0afdc6abb210bcb5b1c88803eb0d51b690913134b11a9941587632b2e7f59d0d97c1440c8e65bea669edfe86744ebfe1a0bfdc9656fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
91bea4493528d138a391273a136a57aa

SHA1
ff69eef7f5d340a3d39c9e50c5429616557138f4

SHA256
dafc5a98c8a08768c398bcacdfb5ae20d5f4ead8091fedb94fdf47f984e46d76

SHA512
e848707060eebe39dd26f3d5eea287e476e0924ff84dd85c73dfc2a7760531ffb7716cad28430e55e56b78a2498679f99d53795c3502d46a76ce2bfe0e2a5b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43bfd638cf4a8a1e14d44c60fd7e4b8c

SHA1
bf9a04e86c7789e0bc136d9bff34ebdfcaf5526d

SHA256
4a48dbee880b28b499a69677603a7cf3889239f9c5e2092307e66c91be2504fd

SHA512
88be123885017f01ac803afe98f4fd1f9dcc66ec76687fa18179331223ba92aebf6a4963d48865ca3700210ce1e87d635077fabc8ba2dd847fa24f7313a68f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6722849da8d7469c3b70f9e861f9f84

SHA1
9209441cfd167bd238ffccbb2048981bf513f44f

SHA256
2532defe53fc7ca61038b35cb50584ac04d471dec4ca853985022fc02db29d5b

SHA512
6a7884754d2d466e97005f1663cb7f70ec25daeb858b861736d6a768e2d10cf6b3a508fe8e84a60961599daea65bb4eb3a2288ac37887d1625c0085eed0ebecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
2cc13abee01be787a485917545edec36

SHA1
3b8840b055e21af3c5d30a1f6374cc4c35920814

SHA256
68c2bca5fc1a88547c548b98eae09ca6d5f5da07beb0bdfc609a179f6ed8dd1d

SHA512
12ea821171f2ae0d37108f537c42ddab8db9e0551ab85c102b4d7b0bb6c955e30a896f1cc83fed3b22f4a2781746b328515443759f23e4eb297e1e4bd4b0605d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
62156cd4951ca106bc6ebb4e2b8ea282

SHA1
cbd1274c657540dd10f516b985822104ae65f968

SHA256
d616f3d6265cb0de886356030602d4d0f27975a51bc415e2dacb6d05123a5916

SHA512
568f7ff664f1b4cd1abab00b81dd3ca57b10abdcb95f2884f12933b05395c7c0392314c82c1065fe1abe6f1e98192754bb7e75972e79fd36fa6b80f7f154e43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58915e.TMP

Filesize
203B

MD5
692b8a4f1a998ee734def641b9a65540

SHA1
4c81dceae2fed42d3d08b55d774fa71e74ae815d

SHA256
660061ab00acf40492d9df753fcd7a5203cf6c6d403f7acccde2fc21a633ebb2

SHA512
2bf51e3ff6191a58e9d54c0096c8b8f2e5512836bbbb98ad16266ae9b08d96657d36cd6e06e247cb0d3a072d24d47a29e14d771358cc5b359d9b504fea34b9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
146544ba0dfad34e2e78e65e5ed27971

SHA1
74e294ffbf884bce440b5eab78d3ab8a3ede0365

SHA256
0a67f13593ae14c6e42b50661479f2cd38937a5b0dbba845d4409ca6fb6a9fb6

SHA512
34d40b67651a0f4abe14bd29925e40cd208e2ddf5cc124adc5b132300e33937f1e55caae797fbe7c70e4e1d602f7e63f74a33ed1dbfa461c10668746f00b2ace

Download Submit