6b439b5e0238d16d02fa8dc114e10aafd4c301991d93549e3e9f61d6dbbc6349

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe9caf30d320ab78a25983d40c6458a2_JaffaCakes118.html
Size

53KB
MD5

fe9caf30d320ab78a25983d40c6458a2
SHA1

12240a83cc725810036b3c1702ee175c847ef04c
SHA256

6b439b5e0238d16d02fa8dc114e10aafd4c301991d93549e3e9f61d6dbbc6349
SHA512

5a9a68dc8aa1c88b9939bb34fc2f0b9a437124433dea550311ae546db4341dbbb42a6c4d63cbc821a62eaf1fc5e77ba8abac864f376870b39d9862086805d5aa
SSDEEP

1536:yo+tEl1YkfrYYrrHRahYbKO6YvqPNYdf5rlGSqMWkYyKqNsyvkj7ZOmSM7q42YA/:yo51YkfrYYrrwYbKO6gqlYdf5rlGSqMx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
4856	msedge.exe
4856	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 432	4856	msedge.exe	82
PID 4856 wrote to memory of 432	4856	msedge.exe	82
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 4084	4856	msedge.exe	83
PID 4856 wrote to memory of 1480	4856	msedge.exe	84
PID 4856 wrote to memory of 1480	4856	msedge.exe	84
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85
PID 4856 wrote to memory of 3964	4856	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe9caf30d320ab78a25983d40c6458a2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dba846f8,0x7ff9dba84708,0x7ff9dba84718
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,507212880251929138,17105080795680761163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6a8927a4-bafc-46f4-892e-2f8874da3c3d.tmp

Filesize
10KB

MD5
877abfd4e7e159efbe26b027a6f8b00b

SHA1
7cbeb70be85376362031e6d7d7532e6126cb478c

SHA256
5f93cfa5893b42108a744d3a2ebbb6b1c12554822f570b3ad7345a97bdab70b7

SHA512
7096b388c1cd31882c8762832924b987d09ee1077f4b31822466b8c93f3a10c0455bb913ecd79a0d1e78932e25b3742071de7fbeaa3015960bbf0f294713cd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7a2235ac955790579892aac9ad9b88b1

SHA1
ccef391ccab91132cf2b5e7ba53bca45d1b5b047

SHA256
b002e1977da732041b947b827b0be4818ccccdd8d13c5fc9ee59bb6cd4019051

SHA512
54b329117527e9b3187690f7ae62e6ca6c68ebaef9c3b63cd480ac406f6cee589f7c1a6083180a4aca7e30a534f4443cb1c934f8c308d03ecc852eb3ffa49eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
edeca838ce8f531a8403684663b23fd4

SHA1
44e823c8ce52b17b29cdd33a5bee6b26a8fa1802

SHA256
5dc70117fd92ec4bc3d664a8523d55e16f3f92320bbf9ff222b187d553b8a73f

SHA512
2d5a01714b35d40c69b08265ebdf25087032806ff52c04c09a4848389f15c0cab4864f5683e80c67549b978de9384ef96a7ac00ed4014d66225dc7c1d0f7c254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
845f505cf029d5d5d45dee34f2d695b7

SHA1
e45be911920784e2daa63c51821e6845b25d3dd2

SHA256
cc3aff89b1bc319b1f571a6ee222106e9063d62c5b82388320c449d022fa4d14

SHA512
e0f25afbcd9641cb4e5dab275b94523c67f64d0a5535802dea8b3189ffea9880e83d1b33fd93c9ed5fea8485e24f546174e761375ffb9bec05bb8ad8d81fc45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d5edaf96ec858e6b5cd0b03b35a5fea

SHA1
c971f685e8fa6a00c705ae9bf8257d2630341188

SHA256
c1dfa42d7c5fa6b5e1b8841f7dc6553f638e3e53fa6953aa60946efeb7afbef0

SHA512
4aaa6d02053f4ccb083c6b922544cff48325f501c6b9df2829ff03681307712f7704d7269ac582dd87bfa7352a4736c568ffa4ca729ec55e1e0bd8fdf481cba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3bc7b041207a2335101f6f1da473aad

SHA1
68f6dac1a4648a97f56de37dac2bda636f71e129

SHA256
4e498ba86c47cda826d055d9f231817dd5d28fa5b06f84c928705e66b768a091

SHA512
1085032dbf224b3dcea98cd24115740de51c7dc2bfebf58cfb2ca7da5b7729eeaee3edc2479ec1d35bddccd88856e773bb4a7706786f67b9f0e21d14df1fa9e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit