66086c410d5482d58baa7d8441546902cd653100cba1d099dd6a180a150bd448

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e4fa43f630a28b35827071802d66ee6_JaffaCakes118.html
Size

40KB
MD5

6e4fa43f630a28b35827071802d66ee6
SHA1

5d2676b0ed6b42cc5259a554ab561acecedfa9da
SHA256

66086c410d5482d58baa7d8441546902cd653100cba1d099dd6a180a150bd448
SHA512

acdf443ce04019e306abfc1e89f32619f17cecbc293ae64cac381bd7c38c3ed3760015edfbfa6443175f387a3b8305d99134d782a4d3dfcf57399fe4665506c2
SSDEEP

768:jX6rYLmnzGX2HnZj8x1bvjArXgjlnE1UCudttwxtGs:jX6riCEIj41XArX8i1UCZxtGs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
2264	msedge.exe
2264	msedge.exe
4172	identity_helper.exe
4172	identity_helper.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 5048	2264	msedge.exe	82
PID 2264 wrote to memory of 5048	2264	msedge.exe	82
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 4928	2264	msedge.exe	83
PID 2264 wrote to memory of 3316	2264	msedge.exe	84
PID 2264 wrote to memory of 3316	2264	msedge.exe	84
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85
PID 2264 wrote to memory of 3204	2264	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e4fa43f630a28b35827071802d66ee6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe542a46f8,0x7ffe542a4708,0x7ffe542a4718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,791278174735966451,3367632228585659597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
80c75c74d37364cf735d105d41de6b78

SHA1
f53703a876bbdcfaaf6c45fe2ceae7dcf31dca22

SHA256
5bae0e55551df6a53ba62e20b89183773bd1bb267e92b48909b984e9fe4c1565

SHA512
21720d98e62d9c312ec1b30dfc7c067250d9e31b384357311615ebe5a67dffae72149a3b27afb5120f77fdc31f963afef7fd8b68f07811683d9ea802a3af2abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2bd300185d1b78548f829ef46156a06a

SHA1
101317488095609def01624895108616b8216996

SHA256
27c5fc03cd519358a9aa6703e3361424460a4250962dfdc92cb2d916859de292

SHA512
82ad723098b5a7db3509cf6697e5240afebbe31c0167342b34b01f5c9c5e3a0399d4e0b0a9b519a8ddb5976082e29c85107b4d14657e7313912b7727c597a2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
008ce7f754b964507336bdd3f5c3ac48

SHA1
3bf8b704775fcd93976348c772f232054dbbbcb4

SHA256
924cebfe78211a049e94546fc16b3840084894b8c6be47f7dd9559d5cc131cef

SHA512
a8338735193dd289d70922fcf9b70ed5555767158ced404111ccc10654b241e72ab884156d4737a704639bc161bd1bbf06d8b18304e144d2502560876a9c1487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
df7a3ddfcbadd00f1220db2e3e4e5f72

SHA1
79aa38e0555acddbb54ed8e3ffba34689b8d8ec8

SHA256
aacc1a452ac075cf04efd6bcdff44c6e6ca2eae20adefcfc8d6e1777022206c0

SHA512
cccf82bcd1cf0a0967bf1cb56aa6fdab55a14b83dbdad33a38beae515e71e813383031e59d46d5697e2f91a0f97b354af332e42b6ac20dac11aa0f03823ed608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04c83e66671f3cb089860426cf505657

SHA1
2e613873616afc6d5beec113df4a0a2e340f600b

SHA256
68d4ee43c6c32848f5562f2acd849848b19b60da45ef5c0015071a295373928e

SHA512
98522f9ce20cdf4bf2ca6604419251b3f5e4309e501795b7a10ef417df512ae4c010ad6e5918b69bfc611c45f88a021e60b0c0e012e661a23a1dfba8c5a112c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc022ba7066d745c56fc53a6e604be3d

SHA1
84f6a9fe6bffef9338c44ab0c55ff05d2ba941cc

SHA256
5ed1c711bff76c22eb2f1053edf284b05e251867cf8ef3521f555016ed3c8143

SHA512
4365bf5c094456666ab1c2c0381c1571fb01b07fe9ec9b3d31d4ef3848a00d1a30c6592b0e7a80edf80516754f0f4da76fb2cd79876e91ead14bebd9e325c7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55b5b7d1c5f4f98f31dd0d6ce12339f9

SHA1
192af58f34addeafcf76aca55799c3f3b4c5e873

SHA256
357301619af6835d6255c372e9a8c4e2f367025dc49905f8b0df716753fdf135

SHA512
777ba682e0ef08683d2af76cd80b278b4b8e961f5372f27019c3484080973bb28dbb56cc4e4c0dc46a589c1d7244a0bbc53422aa69299dab1d36fdda056b9756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
52207a520dec27e584d36eed98152681

SHA1
bef73be06e3bea2ea30a6e469ddf6611c61b80e8

SHA256
d42043637ed27990a62ae4288f63a7de00fcd5c25ad482862850f46544e9f8e8

SHA512
3fa3f97e0eb8bf409da433cd774879d6f60b7fd41dc10951f3cd82f69783cb7e1552128a4f260ca315f97b111eb7c9d50767b55689063a10b8ab35a7530da4b8

Download Submit