562013c7830ca2f35b76d69c95da2781a5ce194043af862dda822da5ab1f644d

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d0a7af6c1949c36adea88ed36c5265d_JaffaCakes118.html
Size

18KB
MD5

3d0a7af6c1949c36adea88ed36c5265d
SHA1

12a7afa52dcf2c4ac7ddbe9ddf99eaf05a0720d4
SHA256

562013c7830ca2f35b76d69c95da2781a5ce194043af862dda822da5ab1f644d
SHA512

0eb5e75d9a2b9ecc93d59801cfa22c2a0922fa34d398e12fd3d5bf4f9cb21b757aa37cebe0ab0c723c347aa8ff8cb971235f7cfd60ddf001a89b00936cc3af6c
SSDEEP

384:rLeCKiLoGTChNexWlGct2H8W2xO1c/+TcnDo7Qx0MBxdf5:2eMGTChNwKQ80c/2cn8OBxdx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
2692	msedge.exe
2692	msedge.exe
2196	identity_helper.exe
2196	identity_helper.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3716	2692	msedge.exe	82
PID 2692 wrote to memory of 3716	2692	msedge.exe	82
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 5028	2692	msedge.exe	83
PID 2692 wrote to memory of 2620	2692	msedge.exe	84
PID 2692 wrote to memory of 2620	2692	msedge.exe	84
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85
PID 2692 wrote to memory of 3832	2692	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3d0a7af6c1949c36adea88ed36c5265d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff201c46f8,0x7fff201c4708,0x7fff201c4718
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12837341255455058654,4890605109778076827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3729d879-d3f7-4345-b6f3-06467df587d6.tmp

Filesize
2KB

MD5
1b388562a2980572867270fb5f069d37

SHA1
25197986094246a2ce026d8d3bc920bfaa2c667c

SHA256
049769c8b4958d55aabeeab217da3b14732f9c143dbbedbb35d770d4765ca65f

SHA512
84f9531b1da31573e4b2a4d332511e1ecfacea51dcce6fe09aeb83f7f415db6a04c4c67d5371991633f609732fe02cc2ab47376937417e5bfb56263998fb998e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
32KB

MD5
21fa9f94e6db3dc9d82763e327051778

SHA1
474d7a655ce663bf5fb8c38bcd2e1858a02716da

SHA256
b2af0c5afbb5e3506142f095fcffa34cbdb966531c3ba26c90e6967768f15223

SHA512
f96574ec8edb333b194b3cfdbbc6c07f10202da9c8b5d1de928ee894b24f2bc33d3edce14b1e21e9e9cdce3b684e0dcd675e4bb2cbed9b0d5d2d25bc6b253ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e4c149efc57a3484337505fe2c6a1fc6

SHA1
9ffd94ec9418ec0e2e83fa0ed6363f707cc7f3e3

SHA256
37ceb7bda2877fed044404aca5a7144400924f53215850a8b506816d64c71ee2

SHA512
41c8f4a8bfa8e48ccfa502e7adfffeba1f8301624780e7dc85e4d70334fde945856de582c019eebb63c31da4ac9e51516eba091f2254c3ad4c06890d1a4b7436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e6ba66dd1fa6ff1274a328807ae0c3c9

SHA1
0c9f353b830f308fd961b9090bae3862a252193f

SHA256
1f92c1d96b3ca504365fbbdc9b95d584ba5ed3d74866105c5ad9d4ab96561dd0

SHA512
5818a75262b6d1018acd623fb75af1a65d5d4ebb70ac9ccb980414f1acf1b9faeb1f828ab5bcf482a187178d89e00dc11246360c9efa3aa166f605d4b6c09dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dead21796a1cd085095642dd4cd75ef3

SHA1
2385ea39546dc19a20cc6b244f47d9f481026542

SHA256
b0a669a4c4ec9731ab421a6ba416b73716fbfe8530ab90df6ca0e5e70e8d481d

SHA512
651be000a3a9f949a7cf2aedd5b88d2c0378b6e31463587de18ccda79fd70085842bf6dfe95bdb642f8e99c14c8dc48b01e7a33cff1e4b1e20c45dde2ee7892c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ba21bdef20d376f26c765b47641c819

SHA1
fc0da94b7af92eb41b66a64d7ce324832d11d70e

SHA256
cc3955702e7cca5bbdc0f45d01623a7a3ccaf82fcd8853df6bede9d473b99735

SHA512
9ee9e458f170f79df2cedc66143a9911bd136f677b2be1a0ad1aa950a5e479ec2c3cb69ffa5334fb681e1c8e02ade8b115ee490a07d110acb7a556a629ad90fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ed334795f4491280c4926d35335d84d

SHA1
361f6da0a0d4840341deb86ff829fcfb65e21207

SHA256
2337cb57f51e4841bf6809f2bd418d196981cfb9927d6453dc1b3252bbc08829

SHA512
6a851cbc2f4324fcf43d3cfe518456acf0a920e5127e71a643f85241928536194747a4ab897f8a6db55ad0d56133660dd6155b3ec6be82510134792ac7a52904

Download Submit