14a47c99a4fa6bbb013e8202de20a4279395347d399e7c75e34ae0bc6ac2f922

Analysis

max time kernel
146s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

837e9eef3e918383a6c44db01450c9f6_JaffaCakes118.html
Size

340KB
MD5

837e9eef3e918383a6c44db01450c9f6
SHA1

b38fbf906f51bb0fc7666ad115edb4c15c9f9da1
SHA256

14a47c99a4fa6bbb013e8202de20a4279395347d399e7c75e34ae0bc6ac2f922
SHA512

d8a02cdbd1df2de708067cfedc918e5b61d22c133b7117cbe1b9a7d33d8a7d0baf491b54448122df37c4e2d40df4cfa87a4c398a5f6162f339bc291938eb359a
SSDEEP

3072:Q2+VLC6qq6pqPE6jc8cUxV0HIQqiHkueFMg:Coq6KbT0HIQqGk7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
940	msedge.exe
940	msedge.exe
2720	identity_helper.exe
2720	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 3488	940	msedge.exe	84
PID 940 wrote to memory of 3488	940	msedge.exe	84
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2680	940	msedge.exe	85
PID 940 wrote to memory of 2708	940	msedge.exe	86
PID 940 wrote to memory of 2708	940	msedge.exe	86
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87
PID 940 wrote to memory of 1756	940	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\837e9eef3e918383a6c44db01450c9f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82e9a46f8,0x7ff82e9a4708,0x7ff82e9a4718
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3113133580112583832,417057428096502474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bba9ee8a8b6d4c7dac2fa1ec2da4cd41

SHA1
16ab1c915835fbd942717a23a45eef0473137300

SHA256
60f2af4522c9d63263f1dbdca082c7236c77150ad692abdda9f6a399e17c7855

SHA512
a0d51fe2d7ae966e4928bfe3733d292045a959955dba9a799d8545a0d92deff216902cb2bc704fb2a43372489a15b316eb5646691068f86d233d546826cfb980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d21d3e14921b2cf0049edc6993c3a9ca

SHA1
1302f5062321d4b6593463011bb95992e2ae4be6

SHA256
59db0268a7968ac161eb5d3996a9e871a6ca45af41e14cb6f52a27381a029001

SHA512
93381d7352cd66d85754b2d96ef0b6c64dbe160b03ce3b46cb2372e798b1778481d54aa85a1d06967f18b430c61424aeed5c70df88ab4926709e6d1a3f7ac353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c99365b4d1d5a89fd6bf4286d9f4cf5

SHA1
2f2300bdda7242ebfe5cba6914ee52936cd2923a

SHA256
d60529f0076f43de7fcb7e1fd7207ddbae534aab4afc7a481738bb5de7b4b848

SHA512
2486527f2a5eb3c2d91bd95801cd9889831c696038254e1be2c24f3f4365a02f131e98ae3774578a73fdf9079b31e4ac83fd3bff988071fbad79a439f8e5b1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7db4535889b3e714b76276a79c6d85d7

SHA1
ae1bfdb262b193e55914a6ad84bf2d0c6f043c5a

SHA256
fac49f700105452b1f18f856c4c83828c05036c2bf55fb359396ae7937faf7e1

SHA512
e5cadb179e891d1a5cca65d9ec4e2debf24f131bf6c94e7d2a1b8089c204624bc98d7beae80833ff12d8b1ac786984d4946d4e52e21b146276a09c2da18bae91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e41686a9aceac2de855e8151ed49bf2

SHA1
46466f6bf6eae5e41f25a5e60e6807199b0d3e3b

SHA256
b27371d5199297c408f89d9750fdf3578601ead73a5432cd07820b00bedb65fb

SHA512
b415c2e43af27f6ae235b6c85a6f33e8b9d2db9aa94e9b1e4791bf78d363f1eb9f9263b0c186ac0a5dbfabcdc941b69d0dcbfaefaa9ac074cdc80e7a736e1855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5d0fed7b6742390bfa2e4bf529658f87

SHA1
33d6d081050393de31daac738c07f6e55e69facb

SHA256
dbe5e13d4844c23d48a5adce76f65d37b489e4b05ae5d7d53b1a52c9d9b97532

SHA512
12535b04f4749156169e63b8f2caea76b8ef053917793abe9d208f17f07309b1f98c87ff07971f52daa7cf125ed7efa4c5449f3509bcc1ed0e84ade174c5fbc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a337de238b20ae801bc747e2806fef95

SHA1
e9dfdca0dc051d7e88da03629a04d0d075da8978

SHA256
576b6542b0d5782f81d5aa37193075c9eda652b848aa6944f14147f8493ca012

SHA512
ac5e30c0b1b37737447aaa0be1d2d7086d9e7e6406ec60db0868d42b11abaa89c7b1d2f4a67f638d6e7214cf8482c98670e8f202a09968834d9c823f4608df7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
30ab80af5974b0ffffca33cd6985075a

SHA1
6cb5b8b2f83e16006c8f8b0909a694a5aaa6d424

SHA256
982b04e02eee48a835cc5cf0a26057013476f3615c9fe26f3bda2e3825478824

SHA512
534713f1d6fb0b9c8a33e0981ce30cdadc2738b024601d115db21eacdf99760bbbf46c8ee9e36bf4dcbdd0fc6995d8a1818875a8f7182dbf7089502179f77012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57facb.TMP

Filesize
372B

MD5
78918feaadb05e03f212e3f48afeedbb

SHA1
220fc0f7354f6e78f52219069d69e9726333a655

SHA256
593a435dece6292be4920a63756ae29e7401f677a51ae6f51186f097dcf13c0e

SHA512
50bbb2298cd9ffb924742c795a3b72dcfe0a1483422e400501739bf0bfba1fe58fef8da2f0354bc0b686c4209dad1182ce2832e79a8f0b6ef762f9aca22bb84b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e637c09dcdb58a8b9b5483912c30d8c

SHA1
f46ef5b378dac2d6d0800a7a1f0caa2db12ec2cf

SHA256
9fb7be270fe7bb815971b23025b85bf24eac806a326039f529972489e53e221e

SHA512
937c29a7d9eedefce3a8098094ba3221b5a15c7b913f8e3b5ac6e93700948e6a0315fa4c7002ef28667c63532884e77e0f487c69a9dc4acb1b670d8ef6b22b9c

Download Submit