b09c20bb07750ebac85fd3e36c5e5f175cb9aec67b7a2c943d781c80c9fe3d1c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9fce7bb9b570a072471914e482290f0_JaffaCakes118.html
Size

69KB
MD5

d9fce7bb9b570a072471914e482290f0
SHA1

a66f5efa3ecf39082efa3e3dc8150fc80b257bb6
SHA256

b09c20bb07750ebac85fd3e36c5e5f175cb9aec67b7a2c943d781c80c9fe3d1c
SHA512

72117b01d43b9438c3c39685dc5503343fadccde9e7297a02e058deafc422f6520305046a6e23d46a1e7ad13ba90c3fc2042eeab68ea80ec1a6cb638853cac70
SSDEEP

1536:SJ1gDUjmED4sPvsSdGPAcd9t9cJMDIOrFuAnXnV:SJ1gDUjmED4sPvsSdyAcsJgnXnV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
3500	msedge.exe
3500	msedge.exe
2992	identity_helper.exe
2992	identity_helper.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1928	3500	msedge.exe	83
PID 3500 wrote to memory of 1928	3500	msedge.exe	83
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4548	3500	msedge.exe	84
PID 3500 wrote to memory of 4248	3500	msedge.exe	85
PID 3500 wrote to memory of 4248	3500	msedge.exe	85
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d9fce7bb9b570a072471914e482290f0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1089949750231646293,10734434714757080201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
a2e78f87f1db2bf10dd92b702e7efa4b

SHA1
9a94c02a55c4958b1b83d406ee75ccd8d684a08a

SHA256
144ca76c94551f668a5706f6a95fa744b3af1ec4b8058f2ba56b6c06664fe052

SHA512
05a6a00bd899a44e7b26abbd2d6cca78954cb757d3a61ccaee84f59fdad0f47b84db7e7a28c29c52849eb282ade4ed1c4ce06c75512d9e8ccf2ff730542b97fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bdc041e0fb4730c209b6c2091a62c18

SHA1
25e7f44239e13a6edd10c1b36ff9a8c7daea37c2

SHA256
c3cc64951172536506432f2dd957d37c2b20926caf92a1422a85e05fa984270e

SHA512
2f31da901872edf9f3ada282feccb142e861b344bcf54a42d2f6eb987d8be11a7e89c28bbf4edeac449fae6802caec41270177fe7678e70317123991ba660567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fac3f45d0328beb2013b3c53cf92542

SHA1
48b45eb0fe3f5925265c9eccccd18c47ce43d115

SHA256
9d07ba8b26cc90027f1301e3f1b1e5a2ee4aa7c5841bfbd31d692c81c71ab674

SHA512
e986af22b552fdd24671596ac7d33a0a384c6f97ac39a7b434bb58cab661750ba5fda91e6ae3e17ae36490a33b210ee62a4200925c0055ac272f80b05dabbf05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfa6503754672a3fddaf8169e9684008

SHA1
8958db1c3f6f5a2134684c34294c549aa8431eb8

SHA256
54121d1a68cbd83f508c44f8ca8656481b4866c26028b1f6c30bcf4025723db3

SHA512
5fe612d51832c57c7893f75a781b509c7d033f861b9ed0dc7dc942a78aae87ddead2002bc635c0cbb040614d5d1c30f25975421aac137652b819ff44deecc8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ff7d5e2cdd8e3082ee25f4b733af1a8

SHA1
503bbaa7b0d0e4367e77d907f379e2271e5948b5

SHA256
77260bcd04b997cb0a3ef0ec43761abed2f1ad6317f5ebb7fc0cba56e9cbcefe

SHA512
415961d7f2eeb4a2e7f6e62163d84f10a0d974d95ef8520e84c844caf9a9781c8a88f86656cf8647c23cb443a5c8dc926c9a7cefd36a959d9a96c0e886cd06dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c62f4a02188113343146bc69a797153a

SHA1
567e5c76c3b95eb59ffedaaa3ac14b3628afb6f1

SHA256
779cc23d2a7e9878d2ca54ae031ff0195b92cb126c30cc9d2af9034b7ee5b341

SHA512
e25ea66d8cd5a39f397eda34a4d5418f809c2715fc0b85a7f941c6865df295e2ad1dd902f6216cdecc2f3590b0e4268199b55c73a00d522b70d3d96143e55bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3d43c4d3d254516cf77adef2c540aa1b

SHA1
17e8e22bff120504e68cc25bb10b266a2ec7a654

SHA256
27c57a682390c5b0b23b916b5907d5ea9f4243e56714c634e48d559b4dd6ea44

SHA512
2eb6d66e6e75003a2688d14b18e53cf991c52be0c42e88d39b7a0407f530b9f44b1dc996a62b6adcd52573a31569e40077d2c2138bfa6ba9efaf15dc46441a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb48.TMP

Filesize
203B

MD5
8d54c480d44f5da16d0a4cda672c6660

SHA1
4c9377d9f446cf6078606837fa80edd9c56e060e

SHA256
560b7957097177886fa7cdee265f9bfc284d50cd779be8f01617b46b7fd47055

SHA512
beb90ffac62441e8d9a61ef325af2c6b36958e4e0be02d72bcd8e251fe6f8c00898c239986c85ed2c24271b0bd08e073134c05cde133268f6c1681b19f18d89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
637ad4750d51824b1a65d5f8ca6d8112

SHA1
e2e655bff8d2c486ba211f00021680d0e0af196c

SHA256
fc0c3d1be160ef03261aff138c8ef5b9ecf8acbbc3a47c54616169c65a4f9a3d

SHA512
b80ce25990accebfaa57f6a68eb3f65053a188f7b2897f23d8fb96574d0f61d9130f1c4156ddb1f562313788bcedbad3a85f732e5a8800f74c54475bf33c176c

Download Submit