d4a31683fd642e92cc5598d66245000b6c722ed8d2159415c17d77f5a153a8b8

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 02:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dbb11dcf2e1df53984fa7bf191320e1a_JaffaCakes118.html
Size

175KB
MD5

dbb11dcf2e1df53984fa7bf191320e1a
SHA1

e62ed3919e3e5073cacff3d75ed807d1916b2158
SHA256

d4a31683fd642e92cc5598d66245000b6c722ed8d2159415c17d77f5a153a8b8
SHA512

5c98c69ad50fcf21100f78014d0c303bc936bcf689082d3bde8bde8906d60d9e0226fbfce125c74edf3495afbf0ad0a10cdd2910393d34fe7ef83700965ba699
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3SGNkFKYfBCJisk+aeTH+WK/Lf1/hmnVSV:SOoT3S/FLBCJium

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4956	msedge.exe
4956	msedge.exe
1984	identity_helper.exe
1984	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 3656	4956	msedge.exe	83
PID 4956 wrote to memory of 3656	4956	msedge.exe	83
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 3424	4956	msedge.exe	84
PID 4956 wrote to memory of 4796	4956	msedge.exe	85
PID 4956 wrote to memory of 4796	4956	msedge.exe	85
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86
PID 4956 wrote to memory of 4544	4956	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dbb11dcf2e1df53984fa7bf191320e1a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb026546f8,0x7ffb02654708,0x7ffb02654718
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1408,15808581783554903701,11523522737496228251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
15fe76c831cb7557916c3103d6b54735

SHA1
c9f604bcc9b714b785a50b61721eb0d5c4d0f0cf

SHA256
3f10046cd37ece31dc1ef3e39cbe04fca62eeb37e197f0c56dbe943895e3c829

SHA512
a7e19947a27130925757ade402d1b61d14c9276a9705e12a2280fdf62b60b958fc375a1fb5c81cd0d4bcfc837e189dad42c6cafd65752f5c1811a9167125f4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da575bfca199525a038657f2c9394763

SHA1
e06e34dc7119e17de924d5d56b2a6ccddf933f8b

SHA256
cd2e34f63adc8bbc55ecbd67d5d2c07456642fd9002c945ad1470bb07d5e9ded

SHA512
fe7c8d889c02204c83770ab9b060f4fad42e40c8fba47c528f95634457069a10f6cb53ed122a40de876b8c6131f767fda33061729d656edea27b6bfe26eb10a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5a5b4a0971110b752151df0835de5a27

SHA1
d51244e1eee148936256a3fe961722193a8278c7

SHA256
79c38d1d5094719746a0ba0f9eb011b47ebd3934ff8c27736ed09bd646f2b03e

SHA512
a90993ba55c3bb56a7798709ae984c0f49b43dfb4d1bb2dbb9ad902f5940a9d6097ac287f31d23f4d746754df5e6929dd74b34e88a2cb6f5e678ff30b9e30b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2fb1a180e5687edc8869f7b59aa5910

SHA1
6d65db8d12829c9d3d9b4160bee5aca06ef49a0d

SHA256
97b218146963deff0864fb7bc169eb9983367349819ccdeda71c9625e21fabb9

SHA512
c4fe4f50690d94c8b3f34de5360ce091f488ecc521eece626fe3411dbebf47d8f70f4c7191669783d7261d337815bf0f879a77b4095dedd0c9cced53271968a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
69e77b22e2d203fea8bbb2edae9338a2

SHA1
40edbde857035476914fb9a2fde6aa697d3df3cd

SHA256
2f38a955b5c740bcb411456444e877c08c5c6816ce7b0116f244d9d11c3ea4b9

SHA512
45b98726d781b9b06c5aeea553603836fdeabadb72ca6f9d01983aeab6baa51d6cdbd17f50932b9d1d2de1ca894334811cbe3b51b0b5824919156cbdf782fae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f58f59cc9b5eb3cf2e74579b8ff2a04f

SHA1
a1dd22a2f5c61cc2bedf21170f4c802d4e7e1ad1

SHA256
e4bbe0b118bf5859b1f3c8f86642e0db0fec73b20b843277a4f5573a425f936b

SHA512
d1f7ccc44e278d7fe435caa1527096db5e64d66bdc6ddeafe1fe9943ccc0870d040523df0ee76d72b28f9445795ff6ff929ec579c1f4f97548eaaa0ac3105ab0

Download Submit