c9889c3c9c0cae5037c8ca7d467d8a711befe488bbd2d2410aa90296efc08577

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 07:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

953c4cb83c20bb0dc0e61bdca010ec09_JaffaCakes118.html
Size

44KB
MD5

953c4cb83c20bb0dc0e61bdca010ec09
SHA1

17b6a8e349414ee7405edaf428c090151e78aa54
SHA256

c9889c3c9c0cae5037c8ca7d467d8a711befe488bbd2d2410aa90296efc08577
SHA512

42d36049a5a9acf6c18c5f5bfe71ec93662ed147b9054c5c2b1fa7eca9ecde0f8b5f24f233f083d9d331689616ea8c86687f2890642a9cf915f21e1ba0d31531
SSDEEP

768:Zcd9QZBC7mOdMQFpC5I9nC4/QfSjZ6QPd:gQZBCCOdh0IxCmQfNQPd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
1220	msedge.exe
1220	msedge.exe
2488	identity_helper.exe
2488	identity_helper.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 792	1220	msedge.exe	84
PID 1220 wrote to memory of 792	1220	msedge.exe	84
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3512	1220	msedge.exe	85
PID 1220 wrote to memory of 3056	1220	msedge.exe	86
PID 1220 wrote to memory of 3056	1220	msedge.exe	86
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87
PID 1220 wrote to memory of 4652	1220	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\953c4cb83c20bb0dc0e61bdca010ec09_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd8f546f8,0x7ffdd8f54708,0x7ffdd8f54718
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2314658893551853598,14276734619397901867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
9c64b98c8f3c8b9155a3b0b8e50f58ff

SHA1
ece186b3f831ce96002aa98dbbbeb71264ae3521

SHA256
c338286983c3b2067cdfaa15ac151ceffd675a3490c6ac258fd868677870c601

SHA512
06f6fbecfe8f8af118f5b385e03daf2dca83433ba37ed2979b964de9f5be211f0ade203f8f7ead41a822adc7bb4f14c077ecceec72ec72ec8a5f44e0bffc2a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cb9681788998d22a7d655f93b724c015

SHA1
db6ccd3790545d17a61cbc8c8eab8ebccf8367bd

SHA256
e1e6c939afe54595af7ae3954e5ff5d733464a715d7afcd40de4d428250f75c3

SHA512
7d8ca7b199ec8b2e8c94cc1aac39bc0948bdd62c722df710348ddf5bed5355ef166c8a82bd85253acd33a5d1bbbee6ddf38d2fdd318dcb89ceeeef1da81f558c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cba0cfb6524c5b9a59ab406b841a548

SHA1
bcf6cce6bf905d3bb5912e17f9a0d5cca2d342f0

SHA256
3507e459d9558712743071f0837b06d45cc6b8877877e37d52816a6e1b993125

SHA512
68eb6e3da521dd693306754a8dcc4370cdd2fdece73ad678f48c45f062cde82310d87ecfcd6e158e5e0801ce0937b8d5f9c1857d4314950405993ff4b4fbae20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c118576f5badf672d8fda6a6c3f9ec2e

SHA1
9367057889d7c9a580686e4eccfc25bbb787843c

SHA256
8eea7adc9ef8f3db23fbd64ab851dbc3cefef69642712839db32f501169c6c4f

SHA512
ab4faa2d504d62e34c333cf5891be3698317723ea259ffcc039d232ba9eb5cff3fdae2622d258c92c363abe83694b43b7f96aea7d9ef6a04a7c534706224677d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
502c518b5218dc382d3c05998d3ce59c

SHA1
3a14f49e13b711eee3a3cd667ccc5ba3370cbfb6

SHA256
19aa4736b6d43a8296a43a36c12177789507195936e989a1169c7fb3605bc820

SHA512
bb90c3305dd3ce725583de8bf6bf3606b367933c93c53be3a6141df0a95167888635d8dbc9930dbd99abeb6848498a39aad58fa0d81b7b79c8b4eeb6f9560a40

Download Submit