c436e0fa1db0e71ee3f78f5d1cc18ac2b2d479c3b11beec07ebca10bd015e6f8

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d4ce2f11a5324504cff0b3f8f3b0311_JaffaCakes118.html
Size

43KB
MD5

9d4ce2f11a5324504cff0b3f8f3b0311
SHA1

cb134776ade921102bba7e2ea35bf8f2efd90fc4
SHA256

c436e0fa1db0e71ee3f78f5d1cc18ac2b2d479c3b11beec07ebca10bd015e6f8
SHA512

f7c730075aef24fa4f7c2680989205c6c4f97f31710f6c42aaecdee0403fd21ccb3248ecc0c41f8b71b1acbdb63766f61e4e4a91bb2bd0b5ea161fbfc39e735d
SSDEEP

768:qvf2qyTJnc27Xlo+G/+LoOqOigOCPtAyoa2j+yb6IhwTD+NwI:qvfaTDlNG/+kOLOCPuZ+yb6IhwtI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
912	msedge.exe
912	msedge.exe
5012	identity_helper.exe
5012	identity_helper.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 2248	912	msedge.exe	81
PID 912 wrote to memory of 2248	912	msedge.exe	81
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 2320	912	msedge.exe	82
PID 912 wrote to memory of 3060	912	msedge.exe	83
PID 912 wrote to memory of 3060	912	msedge.exe	83
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84
PID 912 wrote to memory of 2892	912	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9d4ce2f11a5324504cff0b3f8f3b0311_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd077646f8,0x7ffd07764708,0x7ffd07764718
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3288560498047370223,9266713623656342800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4fbe5fe1bbca52c62ea75b977a59bd4a

SHA1
fd0b4cdf836349d92e09a4ee96024c330f0af9e4

SHA256
59b7c909ac59a8e9b8d4f9514f79cf23cd8073772b85baea4b29b201c165870a

SHA512
0c052645fb25ab8fd2fc806f5be9cb29692b08a368829c2ee5e62d248c8f6c71b256c042b368be529f375969e4c70b24982f8f9b66f73aef8f30d2551e819275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f3a96766805aa04ad6c6b92fba3cab0f

SHA1
f928ff56b4af46a7028b116d9e4139d367c8ca9f

SHA256
f137d6380a3a0fa32a343fb4ba5b041bb5c55572f27b9af95a41fda7841d6844

SHA512
adb08a304ea6b6a5aeb3d907ecd59e6570db79d2039e3d9338629bbbcd812b342ed5a3631362ca2dae499a4cc36c49f57e1bd7480e484212dd5b7b42ce8eb3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e7bf93f76d2f0f8c18c80a55901fe5d0

SHA1
04f79ee2bfebc7a829b7c19dc8f79d1365f6a667

SHA256
1304ba9448ae83f7dd0b6b7dea7016b63ed838697c23598a3bbcc2641706121e

SHA512
e0a106ad9724c02d13ad45042e2446a388ea44615468a490a8906549050678b15c2151dbe783e5a128788f591c8b8ab5a3a08777561f505643ce84863cfd154d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6d52e8a28589a07dea14e5713a757db

SHA1
617a1387369efe9a6ae544630547e13cec2fad9b

SHA256
689c6732d6c487c594905cb00159d05e66e92730b066abf87e44ed7e480b6fef

SHA512
8e3257b16b4f450a763229feae492b317f44097755a46c30b6845360df78a4912aaa7b6c965844c780a3bfc2068a912d78a482e5d76977f09f0faa324333d630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1c07aa92c951ae25c02f766577f8167

SHA1
35bee5e02d8ef398d8bdf95feb2c5ad58f908004

SHA256
c1429ca79714ad82c3ad6b432091dc79c200ab6a14578df0f0e4d2c42ef92819

SHA512
b9e82a354f625309560adf4be8b891ede45ec7468e7c36908e9d24b0034a90c3a883a21605675c14436a9e74d587772c27417c5177fd234b1aab9acd83e75b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
91ef67914f164db0632d96422173e170

SHA1
8992dfcc5ecfdffd6618a1ef29ecf41cecb96a07

SHA256
b3decad36a08d776ed31f9833657b2cb0cb280fa16886897a8a5b074a75d850c

SHA512
7a5410ba7a452369ee3bb300a71b2345b8a1847a8aad49e1e092e807a0ff0821494e2c8862eb8fef172e8d5ce556ad24075db606ce527019babf2f6da5ba024b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7f3cec707723ba379a2a9568e4b45c6

SHA1
40bc9f288742b0c059329087b2eb13191481732d

SHA256
1b0c05f4031142867a881164fd4542d2c1d96326affc7ca8d747b39839e657a1

SHA512
adc8dddbc0edd8f1945c0206651d8409b4857595fe3248ac27c71c46a559f6d79670fac8dce7b9126d46266cae05fb31993d01f60ec1d9a2e0e752391993ee5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d925ebc24be73f6affe0708fbd1a083

SHA1
ba87a668723772adcdb8efb8eb43ed8cb613d118

SHA256
4f99b532c81edbe5ee790089e969dadebd9d7a5a4a28e67b5ffd7caf5d674fd3

SHA512
7be236470838c9adb4bdbef9d38d402e9a5109a804a13fb19b826075dc4df837e5c463b6578aee48b149d79b76df0163db0081228a85387e1706b6183407a2bd

Download Submit