eb930ca26b147054225beacac6168367ba863e83a5a5814c6cedb8416b988d9b

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf97ff9d0ca5fecb1b8331e703b2566f_JaffaCakes118.html
Size

175KB
MD5

cf97ff9d0ca5fecb1b8331e703b2566f
SHA1

e63ff8f63433dd4394cbfa6ddd66a88114c87517
SHA256

eb930ca26b147054225beacac6168367ba863e83a5a5814c6cedb8416b988d9b
SHA512

b671122ded89d74cf148a7552e095e8912fe73cc106c2518631c03f6f6c3ea7c7f80a58470821fa72102f43c6eea2f3efdc61b92e2e96a8d0c215fbf07f24664
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3KGNkFnYfBCJis1+aeTH+WK/Lf1/hmnVSV:SOoT3K/F2BCJiJm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
3240	msedge.exe
3240	msedge.exe
3600	identity_helper.exe
3600	identity_helper.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 3848	3240	msedge.exe	83
PID 3240 wrote to memory of 3848	3240	msedge.exe	83
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1000	3240	msedge.exe	84
PID 3240 wrote to memory of 1540	3240	msedge.exe	85
PID 3240 wrote to memory of 1540	3240	msedge.exe	85
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86
PID 3240 wrote to memory of 2312	3240	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf97ff9d0ca5fecb1b8331e703b2566f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea18146f8,0x7ffea1814708,0x7ffea1814718
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1312306009744509302,5468756727308689018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
384B

MD5
81c1b6fd5ea23f3ff392afab9b7c96b0

SHA1
1f279ee8ce3b94aba39a6a8df19c1d543efe3278

SHA256
3a46acda4408d7bf11e65c33ed87c662797e04aa0956f582a68f5cabe42fe4a2

SHA512
43c815fd1a06b999f6272b29f4469de8cead5a9d421604e4f4662da733a00bb223e112f2319d0ebbd4f9fc7c05798417a18f25a976b63237bbd652a71231bad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
479f85030df13a1a5e5e72b47ad701e7

SHA1
91660decd18788fcb017e7a77c180ec99926c427

SHA256
de999ab70c397548efa2d55ace524ed83a630943216045169504cc9d19619344

SHA512
583d6a88ec25355f891b67694c42a30b8c9e64cc605028bf0aef6a9a42379a4a11335749aa8b69e3c6574209a1f061539ccc881ea4ae6168a34f9b225241c1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
892af9be4f5ad440c5d4a0760fff27d9

SHA1
b1aa7d227838a6a4eedaece361c4e20b07bd7d68

SHA256
c8fce9257ba69b3116231b5cfdb6d935023a8484a581aca9195bb5ef82133264

SHA512
9b858f5c188ba01e9cee89dd61c53e2541ef2e852a99cad0a945c8ce8769ac75707b42173d0e84c664e1eeb6087609e7c40c5833c308d3dc7077de5043003ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c161ac26a21ae55f3d3c3453dede814

SHA1
8cb617001f1f91298a936273d9b1e4422e857934

SHA256
56a5c9596197bf3f00deb01054a7e30097a10ab87e359b8aa6e890ad51735593

SHA512
d17c2dacff432877058a85fbd5461f10826972629c7f78bf9028fdfc0a5ddd5e144a0b11ec58741700eec14d8c58868070688d39d2016eb59bc6a9e30a34bb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8191702e7f8d699fecd153501107c14a

SHA1
924563230b62779082397545d24327401f73cce9

SHA256
dacf46c2ec2bc2266d69672715d8a398c9d6481c6dbb545f82f943d9dbbad48b

SHA512
59d0d3e1bc116db5fea04eee206588244f3f8519787bc63b2d708a63c29129f9718591d9b6cf75b5269cc3483384273cdc2e82c3be680c3d919b231dbcdf5a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
101380a4ab0817a333afa9b4d1adea10

SHA1
c5d383deee7385d655f9d96afda26c94bfd9800d

SHA256
016141db843a2dc2d37a6faaf3537195d2c6dcf61b64f9a00bed7259d6bd306c

SHA512
5595a9acb6c7964282bdc3b572527ed99d92b8582c0385e4bdcfd62b573948604e146ca051316cd3e46bedb0bf6b596fb9173f8bd153277f6aaeb1d27b0f05b2

Download Submit