b09db0693efd88a4b4845941ca20836ab91c523d79ac339be1fe917c54492531

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c8b304cadd2c2771bc51acfc093a43_JaffaCakes118.html
Size

49KB
MD5

81c8b304cadd2c2771bc51acfc093a43
SHA1

2cffb437a1286faa8d1f61b4f1e2fbe44000b337
SHA256

b09db0693efd88a4b4845941ca20836ab91c523d79ac339be1fe917c54492531
SHA512

7cf0c6c0e81fcae88b595eb57a0e9cdb9ed325f2aff82f25a5d659e8f8deb0f180ffc82046f0a19e2d0adfffc6018d4828b0a17ecf44df7be7b952b78fbdf38e
SSDEEP

768:ARMigOriWNcaSoagGXVPfXLYv1KTkYIYIQDLDw3jJmHaK2Sf/:ARMt/BVPfpshjJmHaA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
3692	msedge.exe
3692	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 4864	3692	msedge.exe	83
PID 3692 wrote to memory of 4864	3692	msedge.exe	83
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 3380	3692	msedge.exe	85
PID 3692 wrote to memory of 2400	3692	msedge.exe	86
PID 3692 wrote to memory of 2400	3692	msedge.exe	86
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87
PID 3692 wrote to memory of 3088	3692	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c8b304cadd2c2771bc51acfc093a43_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff974ce46f8,0x7ff974ce4708,0x7ff974ce4718
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8766621856390144153,13876212992576481848,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8edf5aee848362b3fa4c7102382947c3

SHA1
0ca71672592fef3c37dbf92a155d747c927b433f

SHA256
16594552785f10884854bf38d179c9c3d26d023a089180bfe5a3ceb03c395e6d

SHA512
a8863cfcea01c05938edd34690db467f0d429f0598528f23392ca7e7233a9b2fe2eaf7b886ac965e22e8c63ee79af84654e5b2f7e94033e5f54622f7b9584893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78d53c4ecb4f237a195804abc28ebb1e

SHA1
5b036abe11431d0c164cc5427aa7eaaa2d8d1580

SHA256
b1ead24150c5c17d1e8cdfaa64b4395cb1b0872c6f4bb25eb8e024ba0e39c847

SHA512
90c1e12b736dc1a644262a44141f4bd7eb5fe935249978d1ff083e39017652ab847107add5b5fbeec6318db181cd22a728938fba7c384c8023ed8e3c03e61496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
274eb9d911f07c8f6a85b6e85f695456

SHA1
ea087d75cd9466f57f5f0dccd70ff6b475824ace

SHA256
4909f892ea1076792c467bfb8aa5de99b6160c43f7e6d6948167fa129f85bbf1

SHA512
951285c40effd7fea7cf6493d4435bfdcfbb1f32667dd45988c294b34a5a339874284350beb4619edf886b0195152af3452a012c43cecfec3325c8bc4cd80654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
929B

MD5
97b974b1084a364aecd2a39d8a5f2e95

SHA1
c6cb64f847ce892773509f4930473ce7345767a2

SHA256
bc3f9580499c04917883a12f8f5f0cc54a5d4cc482202fc81c7e2db6367c7b80

SHA512
fcaea81bc9c3193fa8f750553a14d52520a6694a83c6294a79bdcb2cb78423c9524aded26b4e2df7136bce3da675e2c8f32928270508e2d6f198eb72c21ac788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
929B

MD5
5c108b219d8c9aa1e0cf2f4c7b67987a

SHA1
4e09fc5e0e1eaa13658f405268b2f633c7c89f92

SHA256
657d167482f975e67fd453ebc663afaee4ec277bde0eb1ca5b95ab8437fdd169

SHA512
5509cb53a439acf9d9c66239c8a61f088653b565b61cdf0c68e6dbb6e7cf0658eec00f1934723f48ad615b1362daa44a1db89ee7ed5556a71e83a9e3a3539832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0432686ec805fe582194ef50955c7287

SHA1
b86656e9c7a90a80af80292f3bc490a0a9c12db0

SHA256
d600ea878f5a869a4a130a0d3236136bbae259310243627c39710a348961a99c

SHA512
8e346da6f8297d9f953796ed988e41cb5b09e268f84e79e6e951609f9ca2d1ed2ad7a56f1922ade48bcd469953e5f38bef1dd0b97fd2e730c716ee7942723ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0f2fe347cc7dec15b825c17cdac9846

SHA1
e083698b218412b9a379c0d7769f7a0326893690

SHA256
06cf9fc1202b165298177a4fc9570b8155a27b2df46eb0f64b9cb106ebf4541d

SHA512
6556b8aa7b6da95196d4b2c6b5a129d230680d51f154c5b29c6b425e46d4f0f8a329f83a838b0bff455154493db3e758f385b36d22cc8d7aa65bd22e17da137d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
072fa4370ee0ec0104c4ccf57b2ae131

SHA1
3e36c9d32abe3fee4f558067a92a18d295f982d5

SHA256
2f3e8a9c57c82db35b01eacbb6d913103c54efe4951d2d8387d9e9eb86ad1166

SHA512
1d608dfe1a8a4054214327b21c4b1918a7b42bf24d2f9b7770a0ae94ec421b9e711d83cdcd909a2d40da2145dc191c48d04ced1e8eb9527c9a763b2056f7a4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b80993435c4f372ba5e8904ec832dd4a

SHA1
84ab5fe6280e46a03f404a44dbcb700f8b62a256

SHA256
0853a77eb19807b6f716e429b3f09612f0ef5951524c076883058e96f9ab1605

SHA512
45e572a51654ec7ec44f099e0ebf8f321e37ec196155715f48f8da8c4b802f1f7f89ab3eef0892dab51bb46f5e469ee89cbdb59f2f583a1a8acc178a75e0e62d

Download Submit