2971386ff74abe2bf2693b9fe3e8b16eb3f0b43359284df778e95efeaffbe393

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72538450866b57444207c465e0c4ae99_JaffaCakes118.html
Size

84KB
MD5

72538450866b57444207c465e0c4ae99
SHA1

9555c152cc1a28e9bce9b3c30ce4718045321fd1
SHA256

2971386ff74abe2bf2693b9fe3e8b16eb3f0b43359284df778e95efeaffbe393
SHA512

2d06d8fffbf5c897f982a6df703038d6ecd7843b8d0f18ab50b1fa44e6adeb623a183de078a01dcb82c196c27eb3d5ee6d6bfc8d3b05aac7de7fad9b54b85c92
SSDEEP

1536:itBHv7ynv+jr4o16H/m4upnJa05fafzrs:6BHTG+jso1f4ubawafzrs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1648	msedge.exe
1648	msedge.exe
4696	msedge.exe
4696	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4456	4696	msedge.exe	86
PID 4696 wrote to memory of 4456	4696	msedge.exe	86
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 3960	4696	msedge.exe	87
PID 4696 wrote to memory of 1648	4696	msedge.exe	88
PID 4696 wrote to memory of 1648	4696	msedge.exe	88
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89
PID 4696 wrote to memory of 3872	4696	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\72538450866b57444207c465e0c4ae99_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcbe46f8,0x7ff8bcbe4708,0x7ff8bcbe4718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6454451210658195741,8734646146609730304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
839021477beb87c769c8235e4b6e54a7

SHA1
b90b3d0620d05675899a12b8b535759c4db303ca

SHA256
d78cf03041e8c50bfa54cf6ec626175d3d56493a16e84be2b159eec3a0597c1c

SHA512
4add2efcca97c38c0d64543f1c79da0f9c7c8ee90879465f265e6edb0d9ab7b7845cd9ab9fba10700f3509cd4fbaa65b4413e1aefdf0108d51fc6b2f021b3ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5e42d20224443c6c67b84f1bc9f574c8

SHA1
b258f9479c8ff30b3a95158e21b75d5782953f95

SHA256
f69d5460eb61a6cfe1abed9482c31da9d9ca84b0d52dd985ee2aaf81e62e7cd6

SHA512
7db23f1b67ddcae019ca04157bb7d245e6752f7872a3b1e1cf3286c8fa54eb2700c0a9f2ba5ad096e88ef9a31ab2da6e69290c6bc5662ddd8ab00118ad876558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c7d54f72b72353b81aaded3450246fff

SHA1
b84df2b830c395754b4731f8d3660c9e7100e687

SHA256
2d423a89e7987d37260c2a4180de17c9d04fc4049a7a1b6762201cd38df80dec

SHA512
acedbd06cf27222080288b3d007d6c268d566fb77c96a4846bc3b998c46562818b08756950ad164064f6d1d8cc2528ef32c4e3fb7cfb8d5c64395d6db87780d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6987e84fbdd600fab2344d3a42f0ce0

SHA1
164a1a080827c6492f556e215f9fce5b5f4048f9

SHA256
222abb1e67b3b971f1b26da79857d24f28eb5951da95c11771f6dbff4e3b097d

SHA512
ce6a35fad94737421650202e777e75f29fab54ceda16102c269e5b716f3d81b467cf250a45466229c9fc6ebbdd1487cd9523aaf11689acfff9a2dc554ad24fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5c37be475bd8c86d7a415aae3edb396

SHA1
6991a9b0a5510dff5f92241b99f51789c3c7091b

SHA256
66eea819e80f2a04c716001aac3ba3be69735577f684774fcf7d55101fe8cbaa

SHA512
5d7000d5c1c2e65e8cf6867a33f6e4296a6e54a1729aeee8152287b9e5579141cc6db9bc086aa9560df481e43a701c66fb6d5e0cade12feb65da9bbbc5b1b282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
452455716b80ef3ffd6ee64a359704f9

SHA1
89b379045e36c4cf5582100c60e0bf485d11bfe7

SHA256
4661e5ecd068959292f3d98f934e900471e5df31940b9a60b6198f8b54d0be66

SHA512
2204043ddb9235c43774574f4d72aeb799cfc39f21b9ba78299762f8d3d57cf781117812ec20a703cb16afc8d875176ff061f54711d90cf2edb63a3bdb98d8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
355713f4736cb06debce82c7292540f1

SHA1
ab2d53a8d04fcdb1112c20af8a80a0f21cb80ad4

SHA256
a6f01b4478b1589dafa6856b16f7cad964231ece85960ab3e7f2bf44f02c576c

SHA512
7b493da5e2431ad451effff7d4a44cc064702c3fd4f8fbfec6d6df413583b5752c23a5414121350a9e7964b72bbd7d79c4c1b775ec9f74d889970db41b311ecd

Download Submit