257b92cfe48bedf083bf7fe7731ba8e97532a4e680be9ec01bd45cf5adfd6bc8

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4a0219939dfe9c16694a789ba60108c_JaffaCakes118.html
Size

46KB
MD5

d4a0219939dfe9c16694a789ba60108c
SHA1

43c65be70bbeb2aeb41f022c3ec4d87df0333d95
SHA256

257b92cfe48bedf083bf7fe7731ba8e97532a4e680be9ec01bd45cf5adfd6bc8
SHA512

4f19b74d9ee879385fe79eba75eedc4c86fb0d3d6d4bd6192428fbe6779876ea02a77c402ba4811f04ced8457ba8113f2f7cfdc3f78ef83a278d4f8e13843a67
SSDEEP

768:QVydVpu7J3pjVDpXZWKfkYX/6mAdSzX606EWYoStvgRdpq:Qcdq7J3phDp4KfkYX/6m+SzX6jPRdY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
2852	msedge.exe
2852	msedge.exe
2660	identity_helper.exe
2660	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 4068	2852	msedge.exe	85
PID 2852 wrote to memory of 4068	2852	msedge.exe	85
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 1296	2852	msedge.exe	86
PID 2852 wrote to memory of 4548	2852	msedge.exe	87
PID 2852 wrote to memory of 4548	2852	msedge.exe	87
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88
PID 2852 wrote to memory of 2576	2852	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4a0219939dfe9c16694a789ba60108c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff914d546f8,0x7ff914d54708,0x7ff914d54718
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14491568455466217033,15239832240727742075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:2
  2⤵
  PID:1072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
0c5fc8a8dc60bf2dfea3f9ead7c2f6bf

SHA1
8be01a23ce7b1cea9f1dc9d5631edd1df47e47fe

SHA256
d7d27c3f72e17a8f92da8d105fd1656d408031db09d8d5f6266592ec46982fde

SHA512
fec6d0d08f1ebacdf319ea8a26143933195ff1e5c31376f8764aa9eecea6b8d87dba4cb271534bc3b624c602cb28d5ae870aa9f36f1ba43bc729e8012f7171ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\792384a5-7988-43e1-9e1c-9845787be766.tmp

Filesize
5KB

MD5
45ccddc9271f2bc045f12320b594a91b

SHA1
4d3fa5bcbebb07404f3a11472d9f1ebc2f7d5d54

SHA256
5d628769d60820dd911d106a819c350676f94352bf5ccd002a6db3300bfbfc81

SHA512
f4e4f05936a08293b368ddca5c412f53966a869c88e4bbaad5d7e18696772d3e32671c98c5e5190d2c2d474932f473f523cfd125080ead9b09d4b9cba353d4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7d1979c5905434382076078fdb94490d

SHA1
3ea2a93f23f6a3cbb26ea3995ed8726642c23973

SHA256
a05835a180fbb2217deb1a8349cbdd86fb2298d31da99c2a1827b90a99e7ec11

SHA512
8eda7f2e8229121d62e4cc99f3f3a5c98503da3afa9bd957a92398c73401cd7fd7044b3035e1ebb332e0368dbc46acc6ac2fd761459f93061fa4ead656c3fda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
44c8ea01170a7a153d66a2a15851dd2d

SHA1
00ca8134af36de955e1242aad841791268e3b831

SHA256
03901f434fdac3b5cb512c9b790ad79bf495136a4ba8dc4f43c6f3221abcd246

SHA512
d032f66d306a1d88681443371ef9dbbd6c611a8454d3b80296c36053fa83c4f47b413f793941ba88a7bd4faa6b1340cb8a5ca693c58471df702ed770f952bb55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dc64ab531b0aa9340f3db497d03902c5

SHA1
bb74d25a18afaae32f930c5c85e6d646504b19e3

SHA256
98337f142d4cf79a999cf3142b90642ff2af755f622f90500ffa843c6c4d677c

SHA512
9bf38c1a49e2e7b805e42f13531855b37968c7a5bbb51fd0012fb88c0ba04d8460618c5672e2baa0fd6794edb7c44c578b6e76af61e55d2d1cd566b2bc9ea761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6f6192fc21ee1c412e236c5904ca855

SHA1
9e90625912e0745211e02775b2e27af656b0df73

SHA256
6b9d319694786edb8e82fb5977c6c607b06f9462e00daf7ad4910fbd21513476

SHA512
39d76b8087988be768e40dd67522f8fe47fe54e51ff1adbb0da48313495e9f6fef6868c86ee4450f39019a395002e4530809016da122e5f4c8eee07efb186959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
447d00194f3aee3479cbc982a7ad104d

SHA1
c9a61d7175a292ebfad8623017c255cafa99ea2c

SHA256
72857db381cc1dd721844b55e0530b399a853ae0d4f8c8eb5dbbbd4d2d86b52d

SHA512
9e85b5864160476242c7d974cbd3dba59ce92c46815ad05cd8f513f9cf7fb935267ad50d1117c767a0b82c9891830d276e415ae2aa576999041abb0c0ae27dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49d15fa56e423fe35323fec87b8d039d

SHA1
e700e3463157b8af5e9bc23a4854c6a00c04e5fa

SHA256
af6cfb40fbcca510c5a43f44aac57973226cf1e42f236d6a86d680577ad36645

SHA512
492e0d4fc4e074679bb91bbf92e991b82e40688a3ecf993541c315b46dbda4deacdc37433925599c56a4e0c3146075c3d27f85c5d2a952507473264275de2df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f7808398-726a-476a-8807-526815526eb3.tmp

Filesize
366B

MD5
37ca7079f720b1be002395d56bb15e59

SHA1
9874e51e0da8ba87606a741bcaac3ca93993bdd5

SHA256
15a3ae0c01192774c67727a432c0583698879a74baf1fc986ed1627536214481

SHA512
060d10b3687eeceed5539b38afe7b08474a3a1e838bff9c03a31dfd61c3f330be0716917535dad0c1c54adaa8090c0c96bf68a79c2f8f9baa1382fb83b55fb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba39e8e02ca81de71698a2c19e53cd4c

SHA1
36bbcf1b01aad4733029ac3e09933a4b5fb5facd

SHA256
43e5f8a2496eccfe0e75ec22127a2030e3ced8927caa7952cfb646fb6afad7c8

SHA512
110f021815f0bda7d320b75ecd3e188defbcff56d3b18c71c30552682d4194d9a23b55c0c4feb1cd44b285e9e59e36bb5e676cf0586b0178d16188ef81c49f56

Download Submit