ff215e961ccff45b764e680738e13b7ea24750dfc4bb908b503fd94ec8c36cb5

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

757cda63605a80fa62347d60b3164b96_JaffaCakes118.html
Size

2KB
MD5

757cda63605a80fa62347d60b3164b96
SHA1

c53f1d376f2021748dec7add546e33d2abaee4df
SHA256

ff215e961ccff45b764e680738e13b7ea24750dfc4bb908b503fd94ec8c36cb5
SHA512

f785ed6b9ad54c1d2caa756243d7f5c31e361717d0f93a6ee6be50deca85759c1f60e5aeed6812cdce3352fac8187ba6d801307a604a40456ec1afe125dde0a9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
4704	msedge.exe
4704	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 2588	4704	msedge.exe	84
PID 4704 wrote to memory of 2588	4704	msedge.exe	84
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 4520	4704	msedge.exe	85
PID 4704 wrote to memory of 3192	4704	msedge.exe	86
PID 4704 wrote to memory of 3192	4704	msedge.exe	86
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87
PID 4704 wrote to memory of 816	4704	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\757cda63605a80fa62347d60b3164b96_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7d0b46f8,0x7ffa7d0b4708,0x7ffa7d0b4718
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6470624664049026402,11821195776696745077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
287c1c47aea2606d2b9f0c3bd4b3a855

SHA1
f0696b949dd50bbe042c87dba3a75e83b1a67b00

SHA256
b5678be051ca93d86a22f83981061bcc83eab796f916a1dc530068686e6d5998

SHA512
d129ed26726835061984950c328ef46deb45a0e9d0f5b8a67c802e80b1a4bf0e72415c47f75dce35d1b3aa6f390115fa1ee2c3054b55a49e07ea449ae3a37532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
819B

MD5
37048176c0fe8d44fc36c2e5f614cb56

SHA1
ecf41316272f8c45dde288704ca484efded7755d

SHA256
f3d18c2036597b1411989e37447a798595452bfabd632615bd52134351a3e190

SHA512
5ea3a3e0a9a811b1a903c95cc00ffb23950bf55d22c3f00e408f42d7c4f9eedc2a187b6668e9d330be7f3701faceafe11fd7c9e160cdf4da6852b8b2910db6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
020a95217fcc14aab2dc713ce63df0e1

SHA1
e5c15958fe10a2cf6f8eae39eefbbb9f7008e0c9

SHA256
a4d9a8b3e3fc1669de22c095cc01fd52afcbc579d46c540f4cd103fe3a2efe84

SHA512
5a19f6a93509c0c434f6f07d79ad14346a4237af7212a87f0ea199d0399c8355bb3476a1cb49ed65f27615f2c462c0ce6903cd28638dd402724b60a704c10bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
459552081fde176dc431ac994c22ecff

SHA1
8ca6f3e9e5fc002c4225c937895b9cc3d61bd855

SHA256
45dfa03ca4cbcb564d0f11d247db76c83d85322901dc475b3d56869c6c9a4c60

SHA512
a6f3d96c525ad12031bed0a80e0310efd83bae76cdf4da29c54c2e5fe21a10e494e7dfa98584317b439696c927983f55fe3ee5380769f37c846d6055c0f104a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e2f69781cb62a3687e17b1bdacf9348

SHA1
0fd319c3496545d9c9877f57628e7eb1df6c39f5

SHA256
8f13732745384ab1e27a111564f3488eae0e8f762fdbe9e6868bdd9a861ef14e

SHA512
cc39cf1aaa3e619c5fc25c5e03d489ddb8d7c7ead746cc5070c0dfdbff9247cd3a427162ae5e6412550564512d56616754f4db39382704cbf9d88f6c333c1aa2

Download Submit