86880c12ab0b8c839c9dbf6157bbbffc981ec79c68246838f9611d35e314f035

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c234baf393eeaec026dd84d1ed7f278a_JaffaCakes118.html
Size

175KB
MD5

c234baf393eeaec026dd84d1ed7f278a
SHA1

b58b2547081a4f422c90ac7d86ecf6986dcb173c
SHA256

86880c12ab0b8c839c9dbf6157bbbffc981ec79c68246838f9611d35e314f035
SHA512

33dfd794be40a0dd3325c32f21121b5fd3548545f69fac24cfb9680ac086b0361bcd5a8f35b909b9e26c779c906eef8194e4b128239f8bd38a573367f2ac640e
SSDEEP

1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3QGNkF8YfBCJiZQ+aeTH+WK/Lf1/hpnVSV:S9CT3Q/FZBCJi3B

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
2020	identity_helper.exe
2020	identity_helper.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 3972	4512	msedge.exe	84
PID 4512 wrote to memory of 3972	4512	msedge.exe	84
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1820	4512	msedge.exe	85
PID 4512 wrote to memory of 1160	4512	msedge.exe	86
PID 4512 wrote to memory of 1160	4512	msedge.exe	86
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87
PID 4512 wrote to memory of 4856	4512	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c234baf393eeaec026dd84d1ed7f278a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb974046f8,0x7ffb97404708,0x7ffb97404718
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,14502882301156328873,12220402131276931583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bcc0610-031b-4999-9246-7e21c96a60f5.tmp

Filesize
2KB

MD5
19543e2bd8c36d9c3f7325d8cd3eac80

SHA1
69cb2ad435d14e11bde05c4ab61121691256e8f1

SHA256
07ef779a9f340f5c145ae885c210c83d0377597d35ad71b7d69722a0b8ca10ff

SHA512
7b17d1e13bfb9a070235516ed55b1930b61a5e24b91880e7a5e5afb61171337a4b4082e2a08935f9c989630d4079d174e5870fca467551cf80701e1b87cee8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
c62def22d97dcba6a2e790e052284c0a

SHA1
ff408eee2e5140514d602cf77314bffc53bc6a82

SHA256
a1313ecca55d1bc295601d374812d1dc40c742b9eabad777b53384a5a9caba0e

SHA512
79ddc3212218c60d76bc5c26b2663c61cd66d3674d72d746ebda0196c9214f787d9c44b551af7b4051353cf5f8a111f224c6d542254142fdf1e3c91983c44efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b44aed45e7e394c3c3aa5c5c1fe9230b

SHA1
8e3dd175e731bef8159c34351275a076ad693fa1

SHA256
a60ff0fd95bec93b3260b4a747dc10b6800030b7be821bb32f3a174a7672f46a

SHA512
87f9121a57a2027122e3010f4a923510defce7b506d2bcd56a67b184a45875903394644a3a46800503a9643a4e78c5243aa3f17ea66a557a1ee11157af7e0096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64949c8eb983f1334b19b56d6d136d97

SHA1
53cb5cc1dfad79b109df25bed1e7a5db93adf81b

SHA256
1377012091738506472bee86ce4d08de07965a4f11b54159b432f5631098e41e

SHA512
314bf5cfabfa309c8a66c251938e4464494fa7c6067e8cf7b12a433e0f63a475332a8675ecadf4287b24531ec1d1a91d231be24cdea68c4cd812313dd22a7b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53c58d64eb35a5f1d33cf705123d978e

SHA1
4f928d3a740a657cea2458b4f156bbbd6fa42440

SHA256
5c6193ef6f8b15d7ebdcf9da8029700d0602081f8e8bb5f71a8d044047798fef

SHA512
7c9c6656bba55744bf8a868c44bb2cf39b708da476ff33e0f95315dca6e0c2895987ecb77695d5b076f77388a95e28ccb28537765a6ac112b69d50c118ac12f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b83737637bf30d7dbe1badfb2f36d291

SHA1
073d707858f6fbbfb1b5ae6aad2339267a6ef8e9

SHA256
5f97eac82a092010bb89dad4bbd919047cd40167b5120bb5fb5513beaf2d3c47

SHA512
f31527cac3463881fbdf22ff4d6cd9d25648b8daed56e34461a4b0c9625d44bbe42f54c2cf003c9f231c053c02c75a1fe1622e53727ea24bbc3e9c1f38dc6ae8

Download Submit