1a75db88f6d1906919cf40de0f19d661f40f71b08dcd76c0d3388706d10ab84e

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240729-en
resource tags

arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

035f837ac3f822238253ee299a14d178_JaffaCakes118.html
Size

112KB
MD5

035f837ac3f822238253ee299a14d178
SHA1

f6fdbaa6f542129db24947edd6c3b40492afd9ac
SHA256

1a75db88f6d1906919cf40de0f19d661f40f71b08dcd76c0d3388706d10ab84e
SHA512

b038f22b89622c389eb312ff7b25fc4fc407659b06d82a51a0cfe9ef1364074151b7cf76ee0740fb794c6aff32e1114fcf8ccb2d886e392cf0de1317ef906280
SSDEEP

3072:z1a0Sd3AGza5krCO0/V/8rnOL55ShutTEPz35yfp40itLcV22wOoS/0Ib+b+FmKD:4hg5krCO0/V/8rnOL55ShutTL22wOoSh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3188	identity_helper.exe
3188	identity_helper.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 1564	3916	msedge.exe	82
PID 3916 wrote to memory of 1564	3916	msedge.exe	82
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 2368	3916	msedge.exe	86
PID 3916 wrote to memory of 3484	3916	msedge.exe	87
PID 3916 wrote to memory of 3484	3916	msedge.exe	87
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89
PID 3916 wrote to memory of 2348	3916	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\035f837ac3f822238253ee299a14d178_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca8f346f8,0x7ffca8f34708,0x7ffca8f34718
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,5210929451559247487,17941766927676755056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8004d5759305b326cebfa4d67dee5f25

SHA1
36b9a94959977f79dd0a14380ba0516d09f8fcaa

SHA256
21f35e2ac53a817389d7027e99018450993fc66e37f916e454bff9eed95562d7

SHA512
7afba827395c1a5438091bd2762a097f6ea098fcbf3db99f90f9bc442afee7a7841a6e0e83f9cbf017cda0e52d35da93f8efd60cec73638baea5eaf1c85b7089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
368c244e384ff4d49f8c2e7b8bea96d2

SHA1
69ce5a9daeaf1e26bba509f9569dc68b9a455c51

SHA256
6f8cb8fe96a0e80be05e02f0f504e40d20e7f5db23fd0edee0e56bcffa1059a3

SHA512
ac460f1b35bcdefa89104e26379fc5639499607be6559353665a73ee8dd41822699d767532d48cffc67c755b75042294c29e93062d4eab22ca6bcbe054108a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
05da0ba82e7797f5544acefcb87bf1b2

SHA1
42872e7c218983b293da9b8330c621cdbe1a6267

SHA256
12a685f5bde1a018f98b700782377d1640f7a1ce6a7f5da3900911ec382c787d

SHA512
7cb503efc6ce9b3c0aef5a3542c4a95e7d3bc16cdaec394905ebb8c79ca05c4b7317e668201a1db2b7ebee5d79d57ee28c5e1e3159c3b744f3309b19b84b6a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
135KB

MD5
cb98a2420cd89f7b7b25807f75543061

SHA1
b9bc2a7430debbe52bce03aa3c7916bedfd12e44

SHA256
bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

SHA512
49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f15067b74068cf567c95e59856203d60

SHA1
7b950945e3c98557d5ce8bae9a7c04ab12e90d6a

SHA256
fca4ada0697aca11dd5a20dd609449a7cb7dee25a7cb998a76e239de1f9383db

SHA512
037f85a3df68b4bcaf184a2e03982d6fbe3bfd4dca6fb8ac000831c39096a157320a08d7cd71bb84cf5cfdda7b3b0a04fe10ce6c1962812d883d2075d8d628c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
36050e13ef3b5fe441ee0e5570d17d2d

SHA1
0b9b561afeb8363dc221dca6f4cd675f886c5704

SHA256
721792aabb4ef4e12e57167f59436f9aa71f118471c1c7768586ea6cb8851a24

SHA512
762e8612a79adc827bd0709a50535d9ed913ec19e54fa3e966845f5e61083f365b08da3899787cff3eabdc4ba0db644eaa99c22f67982d3fa805113120c1fbc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8d634319b3f0a36552da79df7b0a9bac

SHA1
9831ab57ad17c7404973685c62e5983740e07716

SHA256
a6f1a62008c12d260ccbf1181d13143413c5ea7c1d7678178d9ce34330a34f23

SHA512
ebc67ba4da3f527217d7b7c64588e38868e3c314cf5d66990f5ac96cc845d41fc5b7764b197f1077164f6a5be5469d6a14b5ff562fdd8e93e247c382a6dfec76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46c137637132f925d5a981a31b15a475

SHA1
ff8e0c896cc370f7c1c317dff8b848e14687bbb8

SHA256
17be9b4d6c25ab2486f9bfbc468fa96b41cc67ff45d6cc5b6c74723b88befa87

SHA512
2b0915be9742258f598d0c18506d11d09a1f9cf5a3180d817bd53999cfda62c4e67b7e09d79199b229c59188a713b49f1bf81840a2b35314eab091fb472ea709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c23cf12dd8b3825f64865c14ab48eac

SHA1
e65b79ae2c1fb3b8e9886f1bb2c031d1db45063e

SHA256
ccd516d413eb090eb92fc63ab0e8adba61235f48588feaaea2f6cca31c8529af

SHA512
a01f45f3d07b25eb39f8953f4be29fecb38b030f912100b08bd7d0b23fd84177766be519118dcbfcc8d478a8336cf0266ad90d97a91db63d5d65aa58b518c072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ae3ae1a9a8429af7efceef207b006ef

SHA1
6aa31eac44239dfba849ce6eb1b48a091e0cdc20

SHA256
e845b30e159f8bebe2e6921031212dc38b1b82db497c0fbddec91c6441b2812f

SHA512
95fd06752ca2919fa859ede3d6f3bd9987de7f904c41fc1e04e10501d17607b3d0677791035dc7e0dd5fa10502693f5cfa64ce079211e0a74c118328861af66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0af738562c3197259cc3bc4881584ff8

SHA1
56d8405e279548baf8ab944e43d524fc8222547f

SHA256
d653487dd87ad099cd290a9980ce196950ad3b9c91449d9c1474a19182b3d434

SHA512
ba5b191333957ae42ba75024ee93e9301fcc682fe296e31b105cf6092ce41a5188acde4f5e926c6759a85500c6e1b4592ccf0482b07e0d0af3d08e63125e3fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
c9cd1f95f563547ce93661e707a75c63

SHA1
4f72d1aa2f42d5457159a58daf98aef163758475

SHA256
7691e1346919ca96d2b624c8baf54e00ddf87b9804c06cc1eda6f1debda0d1f7

SHA512
8da8fa69c394c51aeb6ce107bb64f55d6d63d502279d992c9b0c982a4d79626c6df9c72763df0b1e416d8f391c04dd8d9e616df4f472c0a67a8147de86225e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35295d183e87705f48170290b915da50

SHA1
66b9cf4e993edb8ec376d3256cee8205ad3ad64e

SHA256
ba2d4db5a4a13a6bbb8a77859f20f016f1ed8b35511eef69087199d22566dea2

SHA512
62a8c8edea15ddaf8462abc8bf268dfd557fe5a6f44a9e8bff167464a47be0d32781fee1dd1b6bff645ed95cb8f1e6bd4b0beda3b5ba4409a61845908b906760

Download Submit