2e2baa0c34935983ebf9dd36183dda0cb6f42bc4ec0f59d4431186e84f9f3948

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2025 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0e66d265d9e9e14817779ec02a777154.html
Size

66KB
MD5

0e66d265d9e9e14817779ec02a777154
SHA1

d4b7ff08cb9ff797f64a875ec325e0c87d77de80
SHA256

2e2baa0c34935983ebf9dd36183dda0cb6f42bc4ec0f59d4431186e84f9f3948
SHA512

34e023d1f00c22edfa497d6576f41e7e34b5ece2542d21c25778b28ec64ba474e6113d3aefe42523c2d2fc16c04c0555426bd8e9c0b7273b8957c105e19652c1
SSDEEP

1536:nyzkAGiRvjoadNEIdUY1C/RbCiKx+4P4/+/x0ihtYa:neVoaDX1QRJKxam0ktYa

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
4520	msedge.exe
4520	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
1764	identity_helper.exe
1764	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 884	4520	msedge.exe	85
PID 4520 wrote to memory of 884	4520	msedge.exe	85
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 4632	4520	msedge.exe	86
PID 4520 wrote to memory of 3360	4520	msedge.exe	87
PID 4520 wrote to memory of 3360	4520	msedge.exe	87
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88
PID 4520 wrote to memory of 4808	4520	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e66d265d9e9e14817779ec02a777154.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa431b46f8,0x7ffa431b4708,0x7ffa431b4718
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4512439822921197885,7005185768828816077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab283f88362e9716dd5c324319272528

SHA1
84cebc7951a84d497b2c1017095c2c572e3648c4

SHA256
61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

SHA512
66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fffde59525dd5af902ac449748484b15

SHA1
243968c68b819f03d15b48fc92029bf11e21bedc

SHA256
26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

SHA512
f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7dd0715541cc47ee7386fa26b18d83a2

SHA1
cb15101ef761a603c2064cb13963951c30f89620

SHA256
aa8564d43d2bd1a80336927fc3d94a053f450f2089cd50538e86ca771fef81e3

SHA512
ef88cd2836f707431f0aab95cecb8465ba277337c5c9cdd01e49957a7927d4ffa39fb1c89fb0c73ba9edb6f00c8c4c623326160f29814770a2a91b09684c7576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
34a90febf24de655a122f5100ab3a5a0

SHA1
ce293fc6fb9c326a22bb526b79c08b0ce21e448b

SHA256
e4b595d7e25d27004e05202b0dc3b831bb3c810f7d7174f3eaaccd578a198d18

SHA512
c124c6745b2b7d4f654e7ebde110f26cb94f58660157b4a72fa1cdcc81cd082b5445bea857510fd1d5aa24a6871fc2943b2c84f4e7ce75ab2ff39e2249ea264d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4567255eb99162e0fe7935bf5644105

SHA1
2043f62862b693a032f7368758ac6ce9a45112b7

SHA256
c2cedbadef8611ab0a65f4bc820c57f8ad58532885dc41b2d17cd1cd2f8dd6d5

SHA512
01c1588878a2cfc4e05caf3610b2b686e4f32c1a0ac638749bf5283a0ffb5607dd9899af85ce66740cd6308299d2b354425703ef340edc7eb2b9127cc710dfc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1eccd0039e650768f6df5a9397638334

SHA1
698dee22b96c15e16c0a629b6b14bd3fb7eaf476

SHA256
39a4a0dffb244e683d79bf45522ec0622e58e95010dde9e3cc819d0a0b201a8e

SHA512
55117cbd0e33fd583202e21ba323f0b7d27b7fb0b0c6809e9315541d52842e992320bf811a7c7f793a1f0a45e31edb530cab1e4a4fb839950a20759267f86ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa920a0b9fc950cbf6bdc03abba7db5b

SHA1
ab6da1dbd9bba00ff0e0b17c93a3b5fcdf1032a2

SHA256
caeef4eb091c271f44df13a86e3ef7109efbfbab042116e0e19d45efdb5d3cb4

SHA512
0bd5fcfbfc414281b72c2cab0c681a3d644d7c07a3ae7406674da1b1b81441f571895467951923865b8837a1be34b68c1bf219554632f59d5bd40b9b16d3d81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
977f3ad1e9bd2015c04baeb2cd447b48

SHA1
661c5ca38bab14a6c6ee7949f67ba131dcf0d75b

SHA256
2dbf376c97b7126b06c9f25b5227b9d87962e5fecbe0ea39eadfe80f657adfa7

SHA512
a2e24491be5ed6afad455cd820e3055aed709bd700384582a4be51a7f925c489dcc79e0187c8f9e14cbad5215ef7c0c81e570f221ec12738bb5c889963f0ea32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7ac215e536e08a5dba495eb557b1e9a7

SHA1
5ec35e365e46b70c3aeca65785d9a4cddf278364

SHA256
61c8ea02db7053d26aba066056b444ac148868091f71c22b7124a8e7391db37e

SHA512
969c77893a8232f61f3fb95dfcc5d2e479879c988096be62b2c9933f82a870fdcba45d9ac9eddb304d203564e94429ea20d108d2ee9a420a088bcac4b96d60b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
babe899099f98b410316f66055a80ae8

SHA1
d7c04b0123a2d90e858845512c304290f316a774

SHA256
78e8214df4bae89a27b3b05438f33e15329284b7c0e1202893f38b522aa26157

SHA512
fad826b6cde3ea779b83e81406e96bcf48466e11cd6e71c55eb57e317a8ae7f5fd0c74fed84abe9c563a1ccaa3752749675ad11d6df70c0a731cc45a6b4c7cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801b1.TMP

Filesize
203B

MD5
aeb9ff8935794b36a622e2d88c60d1d2

SHA1
c9aaab8c6e9bf20b2c6e1a905f980d3995eae892

SHA256
26731f9a5f15198a4538ef0271e3b4470a4a7634946e3e89175da61b28db4417

SHA512
5cfb516a959e8bcd7ebd135a78381504ef52942574629172cc3461955c2abeef62eb90256459391a65185c64f90f5b241698db278fe762ad205132ea7bbc03fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d0fb964bb7ed94f3a1645a4b2dd2836

SHA1
94860a288acbb58ce32c005338dcbcd1f93e7099

SHA256
e4efdc2c2e20803aa2ab2f18b8af5a31528a03e3f33894805644c3d3457154fe

SHA512
ef7e67004f29596c9092b7fd452625470ac985a7460f8740c63aee403bf489dd2c03014d335321eb2e058fed011cffcf3089ed54d8253c4a97e59bdfcdd37d50

Download Submit