af50c2e37ea663cff0aebc89c379f37bb866ae6e689b1f4a88ec7a451cada531

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf7cd59c400510f4b7ae34c41a7aada1_JaffaCakes118.html
Size

340KB
MD5

bf7cd59c400510f4b7ae34c41a7aada1
SHA1

1a95e1c890af859c532189e1dc932bf8da14147b
SHA256

af50c2e37ea663cff0aebc89c379f37bb866ae6e689b1f4a88ec7a451cada531
SHA512

e8ff3ea48ce8e5498c880d976cbf9e1326c23326e75266737a4dcc2d1b6f09edb58cfc59c9c5495ab861433183f12d4399e8bc4a1f681a251aa678f70b3ddd1d
SSDEEP

3072:a68H4L248qRyLBdc/RBQ8Jca25EzXQgoJsaJsqgN31F4ysv6r+l/laLsVlT61IaL:E8Jca25ErQnJslqgx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2652	msedge.exe
2652	msedge.exe
4576	identity_helper.exe
4576	identity_helper.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2568	2652	msedge.exe	84
PID 2652 wrote to memory of 2568	2652	msedge.exe	84
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 640	2652	msedge.exe	85
PID 2652 wrote to memory of 2912	2652	msedge.exe	86
PID 2652 wrote to memory of 2912	2652	msedge.exe	86
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87
PID 2652 wrote to memory of 3376	2652	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf7cd59c400510f4b7ae34c41a7aada1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe661546f8,0x7ffe66154708,0x7ffe66154718
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10972035656048525807,11874997442750077559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b442205d2c96e2b502f04d0cbf7ac64a

SHA1
a908b18ed353d30f73ae74b7b440af464054f4b2

SHA256
b2d86e73727fac3367d5fb7e0f99f9175f6a353ac76605df52fd7802fa43d837

SHA512
8aae8f9efe418a906ab0d823515d1a61dbb1e8afa99a7e0677450e4123103aea8b7f534b6ae81e37af90ba8460d61f93d6885bfd9a768901c5499fd2ca290989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
470633592f45b589d3f4b4a9336b39a4

SHA1
96d17bcb92e86061b66ec2f316e6c6321a30604b

SHA256
996932cbacfee06528d0b9004eaebd0a7a4b849c18f0c603494bccc2791757aa

SHA512
cb3a37f97d6ddbef3d52ee13099c46d1483eb437de9d0d6d27ac1de7bce78ae84960a7b4711bef8e79166c15eea68f6e7d8c76149fd33ce7e71f26a3a0499fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1725f1114101e0dc6ef655c425acade1

SHA1
3eb76b0bfbaea69887aa366dfda0002b9b3f2f5a

SHA256
1f5acddb08eb8a99945d7d42a91c7cdd356dbdeb2588f70f353cd0d58667abf8

SHA512
85221526e5217b120a949bf177729140bcb5139a924bf1f5d4a5c4f4cba5e028f0be5fc374c5df18f927569ed6131b201d35ea73aa6e335c84ce728fb4b0831f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7e84870a029adfde7fe65ef1572a3eba

SHA1
b085e779929f51975b520462b5da254bfb871870

SHA256
ffb7577b296572f4883cceb2a5f995aefcdf96eac536fcdbfd585ca0e81baddd

SHA512
0b2f32b2d95ad4c414c05a35188a8ce70322c4220847d4f3c6dd826454e8241439ff00841edac0e900e45008e7c0fc236cbad9015d76b3a712bef1eb79323c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eba4461af6d01b2f520ca5ebb3193667

SHA1
b115b266793fc088326ac48e236ccbcf23beb652

SHA256
7a631327b5694b279f6eef5d314b24e81fabfe8ec959fea2bf8d184158135a2c

SHA512
860a2904ed6db4306318e1eb1668abcc0546f871bfa4bfe02321629b2d2acee4f3263a0aabd811cfeee5f1d98ccd42f7eba8296cfc7f01a0d857936d0e4792e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67bd743799ff25334e25351a450f56f8

SHA1
524fbfba6ca807ec7c5ef8057ea038b68f641146

SHA256
c19d975f07ff90734996f567c1f1a2132832df6697891f3965a8cf5777445194

SHA512
c4e7e7e67462f6529fb32758a6b4ccb08d091f51267cd4ef9935c7a1a3344420f072ae08c3399afb7b0da1270d074b359a83a0e7a3b7e8894202e629a2a624e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
527ca5cd207e56587bb8ee35cd5f53ed

SHA1
cba5bc511eb9b9943fb775818b4ae7cba9b2caf9

SHA256
e2e8f43a017a1bd3007e5089772da89837a6aa04baac522c641464d643b4e723

SHA512
d491af6f5a4f752ff39d1464594bb82c2605638706e499b0e6d52fa601b1cf38b4bca98e69b2eb8966a69bf4834982de7739be0cc59fa679bc4a5ca588b9aedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5838ed.TMP

Filesize
367B

MD5
671c0cd9616e53e7dad2243a274f6ac2

SHA1
828dc55b7255bd8ffbe8f00d41de6a114ac9151e

SHA256
7d639853c436c06a66094f9f3d2c1ef639f33fbfc05a3394218a5d96ed38856b

SHA512
746747ccf57c83ba64724efdfc01dc9e177e23247cd541f2b481807a246e7033510d11b6b3f09683fa1b738b49a7067542e0b9bc9e7fb020bff433c9e1708258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f7e6692437b95f9a33ab78f0dc80eec

SHA1
c0224950ca8ff7a55864a36087bd1c9e47ddac5d

SHA256
365c2f26e8ae9e5800247641b88c034d60c3b11f3bb4d09344177480743f64a4

SHA512
b750ee29a761538947461dcdab1e9b5ee2e578ea7f14ebbda5291615bf02d423429091bfb40077409b77e41014329fa2b1e777ef22053b7f6c39a8a70fec6d8a

Download Submit