263118e6bc75b723797704d6b9bab3d69b72658f425efc4ea6d3180e7c35d1fd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83c79aec232499295886a61ccd99ae1c_JaffaCakes118.html
Size

94KB
MD5

83c79aec232499295886a61ccd99ae1c
SHA1

359573cdb573a383cddfffbe8c1430e3eb89c826
SHA256

263118e6bc75b723797704d6b9bab3d69b72658f425efc4ea6d3180e7c35d1fd
SHA512

6734bef727963882fce03bae424d025a717a99c23a27ca3e52ba70696334d2cee0b281ead5e83537246ab54507a3cf44e42bbc67430ea9070fe0bb503d4ae9d6
SSDEEP

1536:blTurnRMokzW7WNSab1n8mzTUjATQuQ+UT7MF0H+Dxhjem687CoKwpQ:bcRMokzLTUjATQuQ+UT7MF0H+DxhvCoC

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	sites.google.com
28	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
4396	msedge.exe
4396	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4744	4396	msedge.exe	83
PID 4396 wrote to memory of 4744	4396	msedge.exe	83
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 4112	4396	msedge.exe	84
PID 4396 wrote to memory of 924	4396	msedge.exe	85
PID 4396 wrote to memory of 924	4396	msedge.exe	85
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86
PID 4396 wrote to memory of 4296	4396	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\83c79aec232499295886a61ccd99ae1c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9428a46f8,0x7ff9428a4708,0x7ff9428a4718
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9204447185789807887,10778600912514576253,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\19ed7360-686c-4f2b-b71c-d53c35f998d3.tmp

Filesize
5KB

MD5
5c5219f47add5ed992f7987326716d0b

SHA1
d7d7682c5476154e06333882c738638c8d2b4f4e

SHA256
cc2acd1ea942a2d8b822e8187d9a911d67ef5045b8a04563005ce2df1fd27da5

SHA512
6a3ed044f907383611c84f189cd2fb5881b89e79abd526924f712d344417b06c31a0d6227a66972c12f1b9278df5dfa1a473a31a4b08ed25bcf24a012e06aa8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e72a5e277b197f74ee3ead81ae768b4c

SHA1
e15573dbd56fbe195258a162cdb60700af66c6cf

SHA256
24f8bffcb88d3030f1f756141550b2a89f29c80043f62d54674f2af1ed99b4cf

SHA512
c708647524298b870adec61ebe9e2b12024b1146c159f0ad919c362e2a51fa9a45c4d14d71e95908370965cb2c5b02964f28e695177f002a0eaa7898b6c00966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a84677ace39d688a12c6acbf3b125435

SHA1
06d7fab639db5a9829119622062d4d77acef92a8

SHA256
a90133f5b83cf7a0e5d09eca2a97185c8b9f3cd12366161bf4b575fd95abf712

SHA512
d6065e6466ce67c9278e0071ed9bed5075c8b104ec55ce3e7b9cb8158cd1365a14af25db66ee88cbdcc967544cd436269d7087007eb6a18fd0a7197b691756f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
972d264769d6e3691bd682b3bcd4e4ef

SHA1
7aee2d9834cdafcd80ba2711a8cff935026961c3

SHA256
c4687eb4a5ead882cdb27f68bf20f27c6335eb56bab2bb208145d06777df10e0

SHA512
4e3c7075119715cc8e4f03d824e8900d0999ddb2719cab2859727cd3c860913cd8a243d489f85c675dfcb4ca7dc1eb66e6c7a51a3d9221c5fa0800d23d5eccf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8af5c18c024a0d6b9f929d441c7df2a2

SHA1
55f02b99d879f990899e801f1be2b62cc13d0944

SHA256
a2c9d292f90eaa5c2841e9d06be61f5cf753ac51c5610d1620f919d2ecad5a3b

SHA512
be58dec60622245a38a90dcd8ac6176d977867feb2c5ad451c0e913c5b690b68343522804a41bacc84b0a58d989325d2775f1b625efb4190a5b31ac41f84be2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6bfa0bd0cbfc25821b563f5e8320af7

SHA1
d0a70a0e57d8e8a7039e923df8b7d1a55673a4ff

SHA256
19142de0c8f79d5e1691f334c7bb831e96c188318cc1a0c3566b518e9924d0b8

SHA512
08d45ff467cdfd0cb36dfe49be4c4ad25e2824bfa1939f336b275f40c08abae9f2c6f5909339a4b95a903e53d4e4ffea773603b87253f4d87fb326219f67c9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a383ff2cc44304b7930cbbb36e24469

SHA1
20e10a17d14cb03f2fe8dace56675290e48095fe

SHA256
24b5875e4600c3de697b450f94d124a45a8dc699b5cf0facf832565e9d59b438

SHA512
04aebc807622068275d2bdd35f9beb942ccfefce019b0a8615925d31ae65be81918278c64fe01c2e6378e1fc4ed8f74164178c2ffa493cd8e5ac4ebe8663f0ce

Download Submit