acc29d8f56902e5bcb70559a8fc846ccd2b5b68ded14ce29314be0974c79ef52

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8283e5c4540a36a7c96eff06101b21af_JaffaCakes118.html
Size

5KB
MD5

8283e5c4540a36a7c96eff06101b21af
SHA1

038eb312beec6fc11048046c70f11dad0c4e42b8
SHA256

acc29d8f56902e5bcb70559a8fc846ccd2b5b68ded14ce29314be0974c79ef52
SHA512

48e7a6c61d32c255166b98a567cfb3816af366fc1668a7c5c8679a5571971b6b7da4e653b5d382b3d0e6980c9ca19bb5b32f3dc3ffc918ee429e341477690e11
SSDEEP

96:x3DZaQehqQHHytP/xF3ivPwBCWf1TqLhW6e31aKs+4SnLl7M64pr3R7aAZ47f2:XaQwqgSB/xFqoq9eFgACvoT2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1824	msedge.exe
1824	msedge.exe
5104	msedge.exe
5104	msedge.exe
2948	identity_helper.exe
2948	identity_helper.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 1280	5104	msedge.exe	82
PID 5104 wrote to memory of 1280	5104	msedge.exe	82
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 2936	5104	msedge.exe	83
PID 5104 wrote to memory of 1824	5104	msedge.exe	84
PID 5104 wrote to memory of 1824	5104	msedge.exe	84
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85
PID 5104 wrote to memory of 1568	5104	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8283e5c4540a36a7c96eff06101b21af_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3d2646f8,0x7ffb3d264708,0x7ffb3d264718
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16630863366326249647,9001606223254794653,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16d2cc2d8a8347e405d36323b4e6ea99

SHA1
ea695aa245d20b1e1141f4c18ee5e56f810614b4

SHA256
5455c3741232efafea8e3b155a0fecb660800e2e0f19cd2d720281f7cdcbbc23

SHA512
85d9d1319d4b4f8442e2fbd22951d7a2836f6456f18062508a5d22031d829a23a1a4453283f2194312ec444eef57fe09ca393c5c1536efabb7495fd301433343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ee3b30a1359db628dcaf6b053a049740

SHA1
35bb7a4d99bce5d4ff9e080b6078dd8d9ca9cb1d

SHA256
3d145dcba409bab26909c6090fe80bb55a0c030d226f26bb4e04b1bd495f5212

SHA512
6825eef8c8fc940d1e21c31e8643f969386fc5c5f467b6ae4a6709dd09f35632bfa2b87f3bc828a8dc6d70533dc7fbfcef6772e2b73586286680f4b567d92c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d4e6606f4c038b299de381734197ea47

SHA1
78fa3a3289eba003219f49be31c9911e7c164770

SHA256
5f42fa9ad9f5758ec92d43eb0c523c94df5a8123691070375cbbcdabc37b61d5

SHA512
2c6dee37facbdafc01bb95b20b69a66a288995ca6da3a618027dd7cb2cf658265d111bc694c4281a4028083ada50f84c42d6970c66b7095ea4e32d3a88e28b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
4da6a7aa3477233f6c418a8992e6ac59

SHA1
66851c30fe4d81dc60ec72b6ac569a2e4aeeb438

SHA256
5a3f6409282414e7c7f22785eafe0c2c9f82d0b60f3a111cb72aed14ae2343e3

SHA512
fbefbd3dad4b7d2f93580b36340b245497f58aeb5aa5aa7bd122034c8d1de68de198f6aab378f2d262e1cd81658a72c14dca0f091afa57fa500d792c212f6d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e38a4cc80d82b3a699e572bf8f443d6c

SHA1
78df704557a18030bde72b74d7f21aa9000411df

SHA256
f5605820735df93dd9e55eaf58181bed80c4b38131a3a3a5d6ff9dd69367c9dd

SHA512
fd3ef2ef7d24450d40aea1fe0623501dfa359559fd414d85955c3d956bd773ce72112e8d9e9d97ca23b35b0e87ae661573b80a4af4bd216ace53a10eaf647128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a22f17a3f6d36014669f6ad72e9c7288

SHA1
990f773f243307eb7e923cf42f802e6aae9477a1

SHA256
b98338ff951276dfe2132c3d37f9c7b3da5de98bea87aabf0e0f180c2a415c59

SHA512
58f2f1842b56587d1827936d86a2d516e7507ad641ad9eae7a0dacdd9506fb88a03e52c9ee8826b1af0b36a52850cc6c35f2bcf70a5f56c5d5eba91e8e258f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
166faa5484184b2fd26603f572d655ad

SHA1
6be97ec391eec151d31f64e50870b241b10888e8

SHA256
ec488607936831a67b7b902b725f7432adfaf0d688bc5648d9015e06931006c8

SHA512
e2f9c6b65bd0945fd3768db0c825ec28fc1e67ddb967675bcc066453ba5be893bda7dd440d2a888c1bb33f6d5515888378263b25fdccbbea7493cc9b22ef8aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
925af6bd07cc0d92e3b5976133b0a686

SHA1
b485c8acdade1486e3f1699690d080bf16c78c07

SHA256
e74872c39000c7e98d0ecdcebcc692b048b714f404e4127363ad3c01ef376e2c

SHA512
ee1ad2f4895515c98897cd4fe4488bf8a0a4cbea2ef7e8a5e34c2f330f14ef565c306b96a67ac2ca3696480387e4e37117d6a62a22349622a1b5e334e24c6a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f057d8066a61fccfadac0212f11ed005

SHA1
a83d1e572ebdb9ea724cff9d6810cf9ed9f63a23

SHA256
e5f56e5f99ac158bd0a8104199a310e8dc5d078c3e10c84fc3740168a47037d7

SHA512
7607e61c4b8e8f2ff04749593f446cfb1219ac3cee4fa9588a999db61370292697fa3739f58aa550ec7aaba32edec8c5f2a2fca4aa1f45f7fcbed37ddd081749

Download Submit