acd42dd1419665b6c740ae0027fe48ef16cebc8fc47c7043b30bac1685c5f6e8

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
09-02-2025 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d29e4fbddc81430b493b963aea897c8a.html
Size

129KB
MD5

d29e4fbddc81430b493b963aea897c8a
SHA1

223c8d5c099b5f1ffc9dd3f94a553303f042eece
SHA256

acd42dd1419665b6c740ae0027fe48ef16cebc8fc47c7043b30bac1685c5f6e8
SHA512

6a39296797d56f7f08d5f0cbd338699aea17eebde38d5d33c5ea3ad4a024a87032c72f98905b2ec232a22364240fafe9c35c7939d4911c7be07d91547c0f18ab
SSDEEP

768:2Bk1ATx+Bw24Tp7VYiX2idNCiZW0HI8JjoE5Jcsm09XWhCFAfDv1p4ODMtFA6cVP:2PHYiXGiZdIXE5F4ZDMtFbcDOataTg

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
87	344	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5104	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
2988	msedge.exe
2988	msedge.exe
4708	identity_helper.exe
4708	identity_helper.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2616	2988	msedge.exe	86
PID 2988 wrote to memory of 2616	2988	msedge.exe	86
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1664	2988	msedge.exe	87
PID 2988 wrote to memory of 1032	2988	msedge.exe	88
PID 2988 wrote to memory of 1032	2988	msedge.exe	88
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89
PID 2988 wrote to memory of 2808	2988	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d29e4fbddc81430b493b963aea897c8a.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fbc046f8,0x7ff9fbc04708,0x7ff9fbc04718
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17353341536280974973,10009186608273607939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkZGOEQwQTctOTE2OC00NjU2LUFCRTQtQ0EwQTVGODJCRUFDfSIgdXNlcmlkPSJ7MTE0N0IzNDQtRjJBQi00MDk5LUJCOTgtNzQ1OEJDQzA4NTVCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7N0NBNDc5QTEtMUY5Mi00MDFBLUI5RTAtMkNBM0RBNzkyMUJDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU4NjAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODIxNjMwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjE5MjY2NzUzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f27aebac6cf2154266da570473c0bab7

SHA1
088feed439d7d1bf0962a0d7973a00808632d9b1

SHA256
d11ca93fd8845403bb3deeb8333637cde2f52ca868dc78d3e36a3bcd10ae6e40

SHA512
e56f8e3aefbaab4e792cd989f28b9e5ba069c432a98ab039829a278cd930dd550ee2f1e9d3f45307eeb67a56eb7858d1281afdafebcaf6833ba8bf1b3d6b0753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff4d54b3aadb5200432594708f095e82

SHA1
c30bc1677a50697ada032b1be526b0df6952daf1

SHA256
f63398b148e870edbfe75f8a7d717a64c87b8a05f35ae577d39d157744bfc78f

SHA512
bcb34a847f9b1c2c4347008a8208def98a07bf55d6c11cf6e0b237df1e5f7f5f3a7a58c3b7d0efb1c99ca8f2fc41c6fe776a8fe205840f9f212bfcde67e3f8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\713feb6a-70d4-474e-b984-36c20a2b5073.tmp

Filesize
395B

MD5
9ba5e54aa3119eeca173eeecab24d305

SHA1
dba2300b02e85354ac00406da11b0ab82ca90626

SHA256
d68b64c89107574b64a4207f678ab132ad5881eeab9406c6f5993b775b58ad5f

SHA512
cd10ec00866d340320f22c361482ad03db2aa2016d900ae66fa5146561b365aa0a78b24fda646990fd36aa31b44d2fc05854d0ed37d43ee6853791bfe3015995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a2d7d188d358ff111793f3c859db572

SHA1
534ed9147ae18af787478ab51f9d307ed9a945f4

SHA256
804d7a8450948fcbb05518ad27a8174add7de66dbe74844bef281d3835194e4e

SHA512
cb5691cd25c07b73481e67a8632e0f64a6f7a0dab560677880ddd27e3a44c3f96fa4de7a0cb0cff10c0fa7a06eb962a578850ab189eb1f31166b44af5b774942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cd8b3954eadc3f64967df6d8772720f

SHA1
5441b41410109f122d97520abb7a2b4b78daf493

SHA256
8aa782ee55cbd4297647a18040ced1eddeade26b3e57d7c5e28c01329fc86731

SHA512
5b56632c18e391bb07474325cf202c78fbb09a88ad9a5d1cf33c0ecf854b2cc1d578499daab617de6fd8d421b78ce83fce2f92bc00084835e452434dd8d6f7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eb093654-64e9-4378-ad80-fadc9e0c7d54.tmp

Filesize
6KB

MD5
43799b0046edf796de9f8b49fffd6452

SHA1
4aa86f60a2b468266d22ff8aca721649387d69a6

SHA256
39f1b7df6ffc78067747e0945e054fc5ff315bbb230d3c7a60ceee93562c848f

SHA512
52d1507181bd7c05bd7920ace440941e8f9ade2140650694e15becf123842e5e323a8dd90ffe02caba76c68dde4db0511848bad6410fbc8f7efc38fa922d8f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4b174f22ecdce837dd7f27565988a3e8

SHA1
a608773c2801e795e1a394e8a40184d1f37e9a93

SHA256
617696ac96a3c75bbe063325de661a7bdc5e8943b087a1b48cba5cf41087ceef

SHA512
11818ad3d0427c00d2d4224e3865947e719ef6b11506afc7a1088c691fa9f0fdea9bc8008194f62211844d6e60a280bc7790ce8cc92716fa8e5eae6ec57f2e8f

Download Submit