cd5841ef2b4f2c2d039fe42b5bcf75f7515f52f0c73f658681806e39353239ba

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78dce2a16a828db53a711a5bf5c098dc_JaffaCakes118.html
Size

175KB
MD5

78dce2a16a828db53a711a5bf5c098dc
SHA1

8dba169108e7c9c442c5ccd6005a6183d84cf4fe
SHA256

cd5841ef2b4f2c2d039fe42b5bcf75f7515f52f0c73f658681806e39353239ba
SHA512

da9cab2be7eda9573b6df216effb81488344d8460d56c05579b286ca2a390d9bd07ae537e159cfaf68d5ad2aef8febedfa114c9ad872ef508cf52f2099641b59
SSDEEP

1536:Sqtd8hd8Wu8pI8Cd8hd8dQg0H//3oS3rGNkFmYfBCJisX+aeTH+WK/Lf1/hmnVSV:S4oT3r/FvBCJirm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
924	msedge.exe
924	msedge.exe
3456	identity_helper.exe
3456	identity_helper.exe
5360	msedge.exe
5360	msedge.exe
5360	msedge.exe
5360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 3448	924	msedge.exe	82
PID 924 wrote to memory of 3448	924	msedge.exe	82
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 2344	924	msedge.exe	83
PID 924 wrote to memory of 4900	924	msedge.exe	84
PID 924 wrote to memory of 4900	924	msedge.exe	84
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85
PID 924 wrote to memory of 64	924	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\78dce2a16a828db53a711a5bf5c098dc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe86fc46f8,0x7ffe86fc4708,0x7ffe86fc4718
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15828845219474027976,8388973724105666124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
7f0b61ce0c3e9586dcd1bf5bd28fa421

SHA1
a0f04ddde11990cc97098dcc96760b68caecd260

SHA256
c818921894d4cc49637d79f8379274240bd9eb6ca644f1e9049288f41e5133ff

SHA512
eaa24ee95f4aa6b07bf0787e0655db41650a8ed39411d4cd0bd1ebc9a192091bf169da4d7f39d8090d97ea2942a41543dbdf5cb20d2af35dd9d018a78211d540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
8a729deea57df9d8b0e7a3de28ca0e2f

SHA1
8d6213f2e5d4c294e29e2a87136190219ee01340

SHA256
d1da86a94e0092847cc15d6c8e410812221bc9ed00723dd3e79333bdb1fbf83c

SHA512
c57d593ac0165d7864306d593d3b22b8db073e6c03e1838468bad0a900e65202987e60573a2304c43a2ee26a864e58be53829b710c4d73f2b60fdf9dc8baa0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5b559289d8b7f24786dc8c013b29a95d

SHA1
f0e48ace49539d0b8eed99412864e9d5d56e22d6

SHA256
55a5eefa0ffef21402dca2d6f9553a985d117b1b59348f108035871b4d7bb3a8

SHA512
cd316af93e3bc50794eb226eca98e367305a37e741d4b3c1c61d64ee2b8c70dbce8508333d700c68473f3b49c64d138b29a3a3d101add7e060e12c537d714329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ea0415af4a3cdc32d3744e74e54e6d68

SHA1
da0b06cb1b78d8d1ae9b8dacf44b45c2abfa6cf4

SHA256
93613295326ffca85a30987052fbefcc62f23b70cfbb298649f82e0d4b6f42d3

SHA512
f692925583ec2bafd8c5fcecc167e61616edbbe6cf7a346d112bba6354195e941933bc22c358e71f90fdb511a927413b07dea86ae8ba169a8de5674fb4addf7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
791cc788b3a018c3a1c2544324dd8e80

SHA1
9b1b03d3fedca186dffbc0a0102d03da57a65164

SHA256
3472dd2d5389b522c4353c2320f43b28bea9b6068f92c4628e9d3d4768e7a116

SHA512
a708f57de071b218661eb84f98c10095869c9971601bed8c60fc65f91af40c3e6dc3df22b8172cb9df6f03e6f173476e1d12f77f314e5c7278e46fab487a8145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d4fd3589de0ba228f4cbdf52756da19

SHA1
3f6cc9dec5884b9c9b9beda90dbb0fe406ed137c

SHA256
d54d90570283bc0c7045f2d422900c7acbe4a7476ecb5cdcf3d52fa436be06e2

SHA512
07a61664f7b4e5ab70881e941b5196ec7a73ee293e406e3dccc1c5874b184fa4eb1f6cabd200ed18f57a4f416d3471d7618528bdfc5ef278e255ef7d7942caf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b41cdfc40f590b589b5864547e3f902f

SHA1
b8f8691bbbb0dc2f3a6166e03d49039b3cd7e824

SHA256
7a069af652367719724104b0299a7134d262517e7adc53fa9ff888ae8e98ce09

SHA512
9db3bd6b89e935bf8b721d7f973c4404118a92d7c3c9c0bf631ce6a178967589de2d669099b2a2a87cf50947813570a50e54434eddbd04a577cac35c053a75af

Download Submit