c87eaf4ca6e21c48ed5f19126f475c9d5004d1db46c340a5cdf363a87aeb8b7e

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be16160ad3f55d11a50444ed4d44558b_JaffaCakes118.html
Size

34KB
MD5

be16160ad3f55d11a50444ed4d44558b
SHA1

e2d3272bf7aed765136278348c9a8e0244e63920
SHA256

c87eaf4ca6e21c48ed5f19126f475c9d5004d1db46c340a5cdf363a87aeb8b7e
SHA512

ce9c384bb935bfa34d87ded97669288e4ed33fb9301cd6223aa3e1de6159bd810782d88519adc1d3474240ebede211a302b79b478d8a1c466f8e3544b068bb71
SSDEEP

768:x3mGf0yL7b/VEXjPWHljWLwPWz3bdRr/FEIngoiTKRrVMnW7N:QGf0yz/VEXjPWHtJPWrhRr/FEITiTKRn

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3520	msedge.exe
3520	msedge.exe
4120	identity_helper.exe
4120	identity_helper.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 4304	3520	msedge.exe	84
PID 3520 wrote to memory of 4304	3520	msedge.exe	84
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 4924	3520	msedge.exe	85
PID 3520 wrote to memory of 3128	3520	msedge.exe	86
PID 3520 wrote to memory of 3128	3520	msedge.exe	86
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87
PID 3520 wrote to memory of 3836	3520	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\be16160ad3f55d11a50444ed4d44558b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff974ed46f8,0x7ff974ed4708,0x7ff974ed4718
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6385306174120734595,3512554536277377093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9e44d1d6-ab60-452b-84c2-cd12df57a5ac.tmp

Filesize
6KB

MD5
2aac4cbf55adac7c0394ae93652971ee

SHA1
a69faf4483d47c5232b8cc1224216506e355e0a5

SHA256
f0301f6e35f5a3b315725379634dbd7147cd37ee8ced3bae6176027d87d0e628

SHA512
bbbb95d413deb673253a21a9b563b611fd9078a027415c8b178121bd98b8af242b0f58fc52d6ff610115532ea565834ddabfb99aac8c7772a826d18a356d1220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
252eb0e7c3e3079d7fc7c5425650f6d0

SHA1
7d31fbc4fc34afc4a14923ba97345b8deb5fe14b

SHA256
1a52034121d72828de3dab5cd008f6c5ffdeb88b2c8be3a066bf7c1cac9a4960

SHA512
1b9fb736941817b83945a48159b2af5e217c3d9d2e0e7c220f3e01f4399a5e73f76a6b547806c131b01720253349d445ca3f39a719cc87e32c9d48d0759a4445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
51f7529e962edd8b55efdc2abae8b40d

SHA1
d6c88616884973f4d9e0c56f278ae3f6d07367ae

SHA256
ea7e8ff4341fbde15f8373bbef306adff3fcff7f41e3ab372fe59596b093ab77

SHA512
de8d735feca466101001937802306998f126665bdf21f148319d10bcbe6448de485c20f3425c0a82979c0b9efb694083e74bcd25b19966cdbf610c69ffce445f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
99135dc5a96cb8945e44742ac4bdf08b

SHA1
93d4e4edb5678c28404df12ae00156999dcd25a3

SHA256
6df4a99d25d3dc064e83d9c8df84abef4e6c6f7fd9d8f3cd89e00224774531fb

SHA512
e7829d81092e04923da7c5a2540ae8e9441d907ce2312d16955b93713bc03829de14924f7d02abb36f59a840ac57dc7b80c8871c5cc1e13500f4a13e9a8d1089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67b26c0fd523883345d5044769638211

SHA1
0e9d33a59aa3ea7d52e1e62d3cde84fec71cf41d

SHA256
c0c4f9cdeb1bce706258d80968fa1e7665013e52ceb0ee49b9fff7dd7f9b9638

SHA512
89cf49510e86c4da5000543484fb4b97382dca8ffce1a0a71efd0fbea53c2d594816c58c0c263651f5b9818e7d6a9dd77cc4760422626cf01e98fe1925a0e448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bed1d72b74c7d076b0a5b5119cc9e7c

SHA1
d219b45040c380ea8801f810da7ab479f5695406

SHA256
0c6b18258303e63f33db400688d4af8c05d3a6c7049e607dc970cf4e212fd4b0

SHA512
4aa9a709beea436c6032e4d8f4f7d99f570c08e06a452589179bb7b4def21c10da58c83b076ae66288f9921d1fc1dd58aae7492646c6c798c3757d7960bbfe2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
43bc82e044a7155c09ec83ff6a96936d

SHA1
96a7b6e3f202de0f8966b0c5f66519d326fe04df

SHA256
887c3617b989e8e77d84a3b9b0906127903d78ce8ab8b64c52632ab43e4d8ff3

SHA512
2a4ce7000eb52371426a7ebed178e4e89aa00806dc7d1cb45ec942411e460af46bf6cafd0dbd368c16d16a42af2d08daa87301d79f219b7f5fe25a4508cbd555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a49.TMP

Filesize
203B

MD5
3e133aec5a34ac1fa0a44e1202843c51

SHA1
021edcb131dc1b176c8e5255c6b66fa4fa6b8a2f

SHA256
fe6f7443b9fa541db50f0fe77855659da7065cd5af32181a6770e0e02aaddb4f

SHA512
04b2643b1572cf36144c5e32d8dd27a77b77007ca2c1d24e6749495ad9e47cf179ef62454414333f973112f44917ed1c4967e3799c7b4adbb02602cc43b3b4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
291eeb43f7091742cca92a3e9297f74b

SHA1
ee1ba4e1486d4f8a4fa9e9a5a67dbdee38030bb0

SHA256
ad0ac5dec5b83c9b2f621d10616585b9b3cdb99219f125b40117f8dda1c33c87

SHA512
15d2858682dd4fa6421e954bfa12b18282d9fe1152ed364349eb1082709faf05f498e93586cb2196af4d55c4bd7d63b986817d24df164a10e59daf357cae3db3

Download Submit