3c2938191a66e955e2f6bfd62defbff8ed10bb0730a3fddcb7095a9a276619a3

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 03:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3276da0ea6835297548823678da8cf35_JaffaCakes118.html
Size

48KB
MD5

3276da0ea6835297548823678da8cf35
SHA1

e411e2a12ebd33b2b833627b5c5f3f9d73098255
SHA256

3c2938191a66e955e2f6bfd62defbff8ed10bb0730a3fddcb7095a9a276619a3
SHA512

86bb28608605ba5260c81c9545eeb7bfec7b69873396dc24f712209583cad1a6ddc640ae003c57bca46f6e3b08cab667a5539e6c10efdbc23b7334f41484deca
SSDEEP

1536:q9xoSMjIzrMRAva5Ggov0LjFuCsIQDUU8/WrFQzDkW3KTNG1084U3W7A+0u3L7:qUSMOrMRaa5Gv3tmsTNG1084U3W7A+0W

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4544	msedge.exe
4544	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 916	4104	msedge.exe	84
PID 4104 wrote to memory of 916	4104	msedge.exe	84
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 3260	4104	msedge.exe	85
PID 4104 wrote to memory of 4544	4104	msedge.exe	86
PID 4104 wrote to memory of 4544	4104	msedge.exe	86
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87
PID 4104 wrote to memory of 2804	4104	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3276da0ea6835297548823678da8cf35_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff46be46f8,0x7fff46be4708,0x7fff46be4718
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18418165203260218564,17128407629568710152,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
8202327a81bc89879181ef714fec37a5

SHA1
c3503fdaf8de7ae7e4a884b47aae1a85f90131b7

SHA256
2775a255ff1075be1503fcbddc6b97279bb633b5507d22ac099a9f4e378561b3

SHA512
c8e77681ad4167f0dfce62a05f89cf60096e71bf7f004ff215982ba16ec17c1deea3c40b795de5e01f8ad61d15aec3cc859df5531b97bbff7cf6a477f41ca32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b10e87e2c36e82e531ac97810bcee308

SHA1
fa9e8e8245e8fed52d42fc8cc1f1ab5c937cf914

SHA256
e30139aa430f976d43dfce57e09d7d72f5db29dad24bf54f6f58403aca95b0fa

SHA512
522c205c0f299563928fafd0ce0816154b35acc31e8e58698891869ede0800580a345926c60ba73f1715a60d52dc765a51d8f874b86d1fc33bf61631c35293f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e48ab496713e35ff7726712bd806abc

SHA1
10f51d96599b8387f49b4c263b863f3f16529ee5

SHA256
46534b09d7862808997933ca8dcd85a0aad30cd43a2f8f416f81508c144c9bbe

SHA512
cd4436fa187314ba578f764c7bc391ddb07a8c09c73fff921381268204f7f0d4bc3eb054c525bd97f80bf3449c7ba949e1894d14894dc89c97633da724d7dba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75c8a49fd22c116105c8d67a514086d3

SHA1
04c4838c11f60615acbe1b8de595c3908a5ef2cd

SHA256
5287b8e979458bad2b7a597b5015b801995494022d465ac9bec272e9e9e91179

SHA512
49e4fd2afa4ca4133e5cd0ebe233e174bcc00d5cd6720e6c1786919c369ca5b0540b554c6f76571c45f5433af77f285d308c1a5b5d1fb3e671147788335354d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
467afbd07c989806eeac126efdf30278

SHA1
a89307ed800660debc4d051db593116e05c1dd3d

SHA256
d44b63b46d96a9cf47a83af17446d62177386f30981d22fdad7e6ee35bc3c20c

SHA512
57a304c5776b15d50b95211c4c2210bac028014327980fd1350b98198400a0d520f8d5c5040215369841e593c7861dd8d5af17f105eeea059ba9a029b6d97d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9a1d932e973cab8efa8aa900d581276

SHA1
2199aef9cfd37a421ef6e3d981475a6194e999ea

SHA256
beec20b1696136d0bf32cea1243192e5a8b017f734a4c0e6cf7578d87599fca3

SHA512
77bd2270aa8d3ea346f1aaa524d51d41402d099ab83f4a48e2a6f6b4bba0224edadc6ba097a44cc727c38567213bfd9704dafafdd0c93f3a908f5dca2aa65cd5

Download Submit