ca3c67cbbc79f3a70df0dfb724061b89cb833e2cb73821e522f312ae2cc1212f

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c9599cb675430e93040c641ec71e0b_JaffaCakes118.html
Size

74KB
MD5

81c9599cb675430e93040c641ec71e0b
SHA1

9f6684b8982d67b16687aba6aecab519a1294cbb
SHA256

ca3c67cbbc79f3a70df0dfb724061b89cb833e2cb73821e522f312ae2cc1212f
SHA512

4518dbc680e9af30330f021928277076d26fc9bded98f75956d9e5a182c41d9fc201cd2d791f13965f73b2016b2d12bddaf18d9c7da424917bd79d0f40fc3bd7
SSDEEP

768:/maTlGh/gqbtQIge2r11PzZ3XJP+SoTg/iieev17RYbnQso:eaTAh/gqbtQId2ZRzZHJPJqinv1tYbnY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
3208	msedge.exe
3208	msedge.exe
784	identity_helper.exe
784	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4352	3208	msedge.exe	83
PID 3208 wrote to memory of 4352	3208	msedge.exe	83
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 1876	3208	msedge.exe	84
PID 3208 wrote to memory of 2280	3208	msedge.exe	85
PID 3208 wrote to memory of 2280	3208	msedge.exe	85
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86
PID 3208 wrote to memory of 1308	3208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c9599cb675430e93040c641ec71e0b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb38fd46f8,0x7ffb38fd4708,0x7ffb38fd4718
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11630638607054528274,11483450153913653529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5216 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16d2cc2d8a8347e405d36323b4e6ea99

SHA1
ea695aa245d20b1e1141f4c18ee5e56f810614b4

SHA256
5455c3741232efafea8e3b155a0fecb660800e2e0f19cd2d720281f7cdcbbc23

SHA512
85d9d1319d4b4f8442e2fbd22951d7a2836f6456f18062508a5d22031d829a23a1a4453283f2194312ec444eef57fe09ca393c5c1536efabb7495fd301433343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ee3b30a1359db628dcaf6b053a049740

SHA1
35bb7a4d99bce5d4ff9e080b6078dd8d9ca9cb1d

SHA256
3d145dcba409bab26909c6090fe80bb55a0c030d226f26bb4e04b1bd495f5212

SHA512
6825eef8c8fc940d1e21c31e8643f969386fc5c5f467b6ae4a6709dd09f35632bfa2b87f3bc828a8dc6d70533dc7fbfcef6772e2b73586286680f4b567d92c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
84dd3be4a73502381c929cafccc5370a

SHA1
2235804e3d892f077f525c25e1772af8c9fc851f

SHA256
c4700c07d12c7c52cc121f4ed8e6c88880bdaffd313fac755dd5213586741cd0

SHA512
1b4befc3a0228c8ac649046aa24e5c0a579b7569b02468c24123810a3e10f2b62d02dc286a6dba470f3038dc2a1ae999b91adf7098f5a54a9dc1c727b68f7d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c41f778eeb9806716eaa72ba5a102d1e

SHA1
802da1f22056505f5b281f6fc24f2586ab6864f4

SHA256
7b15dea2c413051eecdd02e2a32d63fe6f5973f7c8f7d3307e8949042c668700

SHA512
682bd22efa7bc0ffce46e124e7ff238244ae00fe5cdc5bf47ef26340b65378187ed973f3bfa11743db5d8caebf95bdad904f64ecb411cec35a49d4176628a0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f773444b4b708d6464a023adbd6038e8

SHA1
8995398d9712d37c13917eba8056eebac255f259

SHA256
8a72f9f42caa2c1c0bf59638fb55f6b6bba90f36394f13240737c3a7ed8e52a4

SHA512
cd446e3d66278b42c6f5a33b8ffc8a5f5b04e96f9e4fb0927f9b3532ae567dd8f9bf9ffd040592a825e264ddb29486645c61ad487e7df485dcaed157fa96cc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b055b56de2fdf20ddd8411354e6bced6

SHA1
26627937a3ad240c6783b4f360b4f2daa2adb160

SHA256
ecfbde224e21b76192dfd8bfba1704e6f86f3da3c50163b6d8a2fb0e770666ee

SHA512
93961772d9fe0aa112be7df66d462bae1d1dc59e86f75f5e891f0dce990442c179310986d673e0ea8fa3b67469b6cd0ca5bd5f0dbfb8529dd68deed3d6144603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c7eec864193b68e99da06d584f7daed

SHA1
17f4c600d0e9b94f1097479823fee6b5551570ab

SHA256
23bdd4634b9d1b1adac600f044f43806cb56a004965e86ff6b9a766facc27180

SHA512
b96bf69aff4210a870fdd0900a0a8d55815f1c79dce5e16fab76aaa38bf0defeec16d66edb4b15290c80df8ce6e5ca7942e4ddfc9ac8e307dc98f6068e492c9d

Download Submit