6bebcd3c82e6d6ed04f041bf8956a41d4aa88710c52ff532685efde5ae13001e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4c2075ce884a0580851ea82954a5051_JaffaCakes118.html
Size

159KB
MD5

d4c2075ce884a0580851ea82954a5051
SHA1

0f3073a6365b720f0d26fa6d9694fab81ed81b0b
SHA256

6bebcd3c82e6d6ed04f041bf8956a41d4aa88710c52ff532685efde5ae13001e
SHA512

060fa2f6ef928862863e3e97b6ba02abc90003f0fabdc630036e74d23136d9e981d2c24eda76f7f74ffc6cdb44a024aed615d1c94094ced12ad159d3cd88a815
SSDEEP

3072:2QHPLKCxSk2I522Dp/YKN4FCyxQjnRtVu2MzkgAcxTLRsMye0NrD:BxSk2I522ZRtk2Mzk6sMYV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
528	msedge.exe
528	msedge.exe
3392	identity_helper.exe
3392	identity_helper.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 2924	528	msedge.exe	83
PID 528 wrote to memory of 2924	528	msedge.exe	83
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 4532	528	msedge.exe	84
PID 528 wrote to memory of 2296	528	msedge.exe	85
PID 528 wrote to memory of 2296	528	msedge.exe	85
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86
PID 528 wrote to memory of 1476	528	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4c2075ce884a0580851ea82954a5051_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9df2f46f8,0x7ff9df2f4708,0x7ff9df2f4718
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,13798694517819759080,402246138822449852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4c0
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
60e6bd4a9abd1ee028797346a921b18e

SHA1
5ced1e6c37bb4f472c3b3f59c3374bf2ca82e2cf

SHA256
407e1bd7f42f2f903ec8a6527008d4bfca3a9787f1ddc7caf7c617805de209e3

SHA512
872d55d30ca48a0d01cee0ea48569da6e19bdc90a03fe406e94ea2e774c183f71843a9debd39808627732c5b332bf189c17cf5e8f32a1a65ec405adb5e2d907f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
574B

MD5
7484c94e19cec8e8e201cbe046303b8b

SHA1
25413118757603545a6ddeb6e9cbd1b0850a62d6

SHA256
1345596157f933262c6a03cbfa19c467b61c68418abee96e050f427baeee3dcb

SHA512
a3282f106a36a7769c515d08fe916221a823c504fea13c700de60c901f49b6f7d05d8d372dcc92b712a1136a9be02b6d84c719a4f25cefc0c6a322582f72bfd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
745ab64d9408278a0be4c3c296d762ed

SHA1
8d1347b9c7f0ca5d90e277ff4f8933799b00c823

SHA256
1c39ff22c4df785c3ebdf88a0d0b6333349d094f78d5451c401baf8999418d89

SHA512
146d34d35d27c432fc100c9b5f976d69af43b10a40d230a05f6f6780ee333586037019740d76a19e4757fa50215fd63ca757ade3d83ce5ba3757a3073ea031bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd0e6c2d360447e38d8f45024bb153f1

SHA1
db7bc33f72bed28190afe8b32b96a4663f5307a4

SHA256
01751ff57e2888c68d0b97b7bdb9aa655788c6f0d3f92b0e788560032b5f604b

SHA512
64ac7340dcd72a1a9963e396fd5a50099f3ddc721788417d35202a48bad4ea88e8ce0545633bfdba7bd4c3f276d4b8e3d834d142481a4307c02580a1e096887c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
40a54a047c2f12afdbc10c348f3d98e1

SHA1
09c3da7c8db627336ba9fd3da63d3eddbe1342ce

SHA256
1beba0f491abd8b583534bc1320d95c22127520b60d716afedb9673edc5573c0

SHA512
b2bd42dbf7db7d88e1f257fa0403f34e5eebd77ffab51cfac895773329154f78f563aea78a5253acac93ac0f5bb67cb3048bc09a228b35800028d2e60ea90601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581ad6.TMP

Filesize
874B

MD5
28da839ef0b837b40ffda5638fd92f38

SHA1
a81ceaa20e4b4e70234aee4ab898af12afe5ffac

SHA256
a7a0a59bb371a57face3a6dbc980dd07db7a636ad089076a184190cd2e9ce3e8

SHA512
bccad285a57c6a55922aff127cbd9e3b9fab55d01a0bb2f14b50b3c772c0e744ab0c5980905e7f31a065bb8bfd9e773752c93331a35dcd51d330f177e8b4fff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c8d0ceb72fba9655c7865fffa5a19d2a

SHA1
ab9ab885309de0be762714ebbdbdd9a677dd9477

SHA256
96998fb6c553ccef02957761218f23b0a3e3d6aea987f64de61d8712cfa1e121

SHA512
240c5d565c3b91d9c763b44d27c31df952f704cd4afbc3dda37ae3ae1cb7b70061bda793a1ade6c74f8d89e62f12b8d1142dc6461f7ba5b9eb11bea70fd63e97

Download Submit