07e92693b07560d092fb5b3fc62650fce3a0c5d5a1b2046461b95ff7f3830e3b

Analysis

max time kernel
148s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d40d905c0756cbf6ef1f9d83f4a390ba_JaffaCakes118.html
Size

175KB
MD5

d40d905c0756cbf6ef1f9d83f4a390ba
SHA1

45a5180a61f56cfbf877cf4c9f733916c921c9e5
SHA256

07e92693b07560d092fb5b3fc62650fce3a0c5d5a1b2046461b95ff7f3830e3b
SHA512

8c28cb7939416234157c465bf7a11833966a205802dd701158ef7bf9417d5f34fc42b33104da739b894df313879ceb510c3a4d7cb9b277dbed9b6b7b7fecaaf7
SSDEEP

1536:SqtK8hd8Wu8pI8Cd8hd8dQg0H//3oS3tGNkF4YfBCJisc+aeTH+WK/Lf1/hmnVSV:SpoT3t/FdBCJi+m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2548	msedge.exe
2548	msedge.exe
2804	identity_helper.exe
2804	identity_helper.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 1556	2548	msedge.exe	83
PID 2548 wrote to memory of 1556	2548	msedge.exe	83
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2704	2548	msedge.exe	84
PID 2548 wrote to memory of 2268	2548	msedge.exe	85
PID 2548 wrote to memory of 2268	2548	msedge.exe	85
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d40d905c0756cbf6ef1f9d83f4a390ba_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff85f5346f8,0x7ff85f534708,0x7ff85f534718
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5562035264297965552,5858094985581756272,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
904b78ee77b4ed6367780a9e799424d1

SHA1
215ba01725486f943414a9a8b00a96fec10327fc

SHA256
d1223185d9718e0449243b14c000f6cc030ccb5318150306cd94ca91b3aa7f24

SHA512
df08e4d2b97f382b7b2643be2a10a36b3666ecf0b85578fbacc1e280e45e2e4f9a054fb6f3aa447bfd6f2bb3ce3a04a7cf206053b06433797a91ae9c99121997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b1686abe90ae74b66c0c18c913983cf6

SHA1
0b64c99087257a03039a0505ed0c007262d00b54

SHA256
27c3acadb0ab1a96a751d0f956499b7a35e71749bfac77e1eb64ed91ee7a76b8

SHA512
ef5b37e0ee96142b4b7b43fe6269a46e4ae88f3c7ccdcaf6d561ec3013b58bcea06ecd6ff224d5b1930894702a9e1464ac916e6b3b66b1fa22b88fb36a2a4b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
33b79e438b78c3de28f57763a8cd7a2c

SHA1
ca18fa1afceb2c8ab68da1b18a210c964c1cea22

SHA256
83af0affb5c7f5c521c5e12898036d7cd40bcc928a29b1ff988b31ddf377635f

SHA512
911656f6c159153877faae5a6643bb566a356da3d1a34f7177b65e1ca053c7bcfdc86edb329e58c33e209a92536cbb15f87d636e825cda7a3f4846d6c58c3b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ba975948bd44db72e5595d140dac17b

SHA1
f11b1124b549e045c443a474e0874ac1250306b4

SHA256
54d93a1a4a8f3e29b828feec74f35d943390c798582d8990e3634265c38978cc

SHA512
e5ce19433051498d89f777ac62819476691bb1d2dffbb9b4f8eb8a62fa973371592bd78fc771ee228c1c249ff6b4622f80fa0e53ff70cfff85d565c3eb748a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d333b78bd26ffe766c3df1c4091cbdcc

SHA1
3f83699ff7213b969d892a89f637c2f9eb06b50e

SHA256
0958a3391736fbcee8e0f97093ea65ed0c6b74ec278fb0d85634183e9ca9a933

SHA512
b12907405c22c1c8089a70af481130252bfabdd90048befed989042ae7c4f190804aef644b62e9b8838c2c586978899884592f072a925cd7b7be8a9ce65f4744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6e2d9f5f9a623b370b2e46f8b57e6d5

SHA1
22647fb12d8b14349f44e25588446acba83e2761

SHA256
fe75e957b43c5cc3b61fd5a3ccda75b2cc2f342f34d3d2c35b08006034d01e6e

SHA512
00b8dbf114cc3709a0ce043d95ae627023745ac0c80770bce42ab3e2e6634cb97ecc805f20b42b336fb7cb7aabb97ec7d5f56963245ee44557e7049deacd365f

Download Submit