be407cc6bf6f31c5b9a5f44525ddb0910c33708bf9a9142e622bcc2cbdf9f0d5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2025 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a2bdac5d14ab0b51de0d6541aa5c859c.html
Size

74KB
MD5

a2bdac5d14ab0b51de0d6541aa5c859c
SHA1

f93b99f233c5ced60185c1e356f7d8af16c9629f
SHA256

be407cc6bf6f31c5b9a5f44525ddb0910c33708bf9a9142e622bcc2cbdf9f0d5
SHA512

7007d61529203acecab7d7d82c11533434e1a7a4c42084aa54cffd71cfeddef2aa3a061f9c10265fa9f7743f581941918e084ff3b191920ecf7f1306406f6d20
SSDEEP

1536:Tv8JlMLpodFhTUodFhvAaUaCAYXULIKrZSyQky5jOx7tjL:c8podFhTUodFhekpFFx8yx7tjL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
3852	msedge.exe
3852	msedge.exe
3276	identity_helper.exe
3276	identity_helper.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 2448	3852	msedge.exe	82
PID 3852 wrote to memory of 2448	3852	msedge.exe	82
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4248	3852	msedge.exe	83
PID 3852 wrote to memory of 4028	3852	msedge.exe	84
PID 3852 wrote to memory of 4028	3852	msedge.exe	84
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85
PID 3852 wrote to memory of 208	3852	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a2bdac5d14ab0b51de0d6541aa5c859c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff80bd346f8,0x7ff80bd34708,0x7ff80bd34718
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,11587932053550571907,10774245828963331699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8513648f-c48a-4b68-9786-1353bf4b636d.tmp

Filesize
6KB

MD5
364ec8d8b75324287c200cf5eb1bda42

SHA1
bcb13628751a78be744d77593b47f89dcdee86ba

SHA256
0d89a8a1fba8a05ec8f722bf3471955bda81b72b4f278a56e7f11308f94eed5a

SHA512
3a5237736f4c1b7c57a6ef46d869d87b423bea56ea1f488c56969cf615b9c6a7c5a639da9cd93f4035fe6f51372f09d81996282f8635bd29fcb4e69502a0595f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
92a4580c9bca0572497062449d506a6a

SHA1
7b0368fb66090e133d89c98fc72fbbcdf43653ed

SHA256
ab1b3ee1c2cad9cecd6e696e3f8e51b24c71d556ddf65e3272c24cf588979d4a

SHA512
9c22cca5af2f9ee3374e14ce220b76f8ea4f84e3bf8257db2bc3504bfc9fcecc5667505d6f53b864aef29e8d246a320f9a015f2df7aa1235f36cfb7f55a98f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
44977d64bbea2840e6a8c426e139aacb

SHA1
bdf8464e6177e7e8fe83c67f0178d6ad6f805e84

SHA256
7ede5d36163d3c2d5b2f9c8f3e8f7e638563848a78f598b1b847d19596a19b98

SHA512
674ce929f255937baa1c99bcfde3814961067b67cf9ee52d7292dc509fa100cc4ece3a4b1344b4091ae92c3ff3eba629a538c5fa7fafcfd156ea150e4af321c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7edffaeab8f6917a9d66c59b0749016

SHA1
47ede98449f09ac4000acb1ffd55b3d7fbf66781

SHA256
78231a92156837115cfbb7babe57ac5d4a1c646e384addfa2140214da4025e10

SHA512
effaf5ff3fe2a8f87bdf4f514f0426ae18d24d699f9350e420f16c8155735e7d2a7f6577d9145b29d2066d9855efbdc38ea3c31c32ea57ace6881fc16385b35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f440cf8a8881ccea9f94a3ba999ecdc1

SHA1
05891a1b0810f2febf34b69d414cb1e47e18c209

SHA256
bb3637cd1172b7412e82f3e9869b769840860a219f7062e1462ad5730222b9d4

SHA512
2c87788976228ba3a5a3bae49b6d96e9458bd05e59537f64f8721be4f856729b1143e4436d1eb1c5105c94d669b7eccb76e0ec82424f6a01637f169bae1760ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3758e7ebe766ae073fcbb03aa4862e6b

SHA1
4a74e8e7880f2aa4bd31098dc6643d1076952eeb

SHA256
5cb998318958f385e740491624eecd26f0fe3843a57b61322e78dc68e69eca3b

SHA512
f066668043e3b295f3ce3706ea8e64ea239c5b6273e461023f9d8aca682a5d9f43279c0cbbef94cea5651fd52197c8c12520c19eeb3015c4c03b307d17fedbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4a79528-499c-49c9-8cc3-4039a06ecac0.tmp

Filesize
7KB

MD5
3a65a7c94633f1771b070af5ad26c559

SHA1
1b66cc700fe379e3d1b56e1df5f2a8e1997c0c8d

SHA256
cc51245ce751f8f652ceef7a9b5ced9fff4d3c279fddd5fdd85cfaa46cc721ff

SHA512
7015ea12ff0411bc633c6d176f42d9e25a00db5723d99943b3a0d7c29ed81463f9e6cb9b4deee006b8bba0115667aaf33beb773dd46ac130526f95fde2e7b517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8f189ad617f1e90bf1cad6fcc0014f9f

SHA1
b6f5b3448edcb800a68c049bc980a3e667246ed7

SHA256
79cd26264f8e079d87fa24eb16a9fffd5edc8144494b836b513a5ad10aa193b5

SHA512
9ea7e7cacb4139187ed0da1150190ee058184766cf4edb5262b3fcf1a4658ae6b13c5c8c4982b2dbf8e026d936eb365e5f489e22e7d2f241b49da9418764bd71

Download Submit