d3dc9085fcfe6995569ee2e108ce1b0c5a61e9c2b46ef18f24179e19fc89b28d

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dda8b847ab0f73172ca8913bae41beed_JaffaCakes118.html
Size

63KB
MD5

dda8b847ab0f73172ca8913bae41beed
SHA1

20e88d9bbfbdd593e908fd73cddd3d4df16dd306
SHA256

d3dc9085fcfe6995569ee2e108ce1b0c5a61e9c2b46ef18f24179e19fc89b28d
SHA512

ba65e5e2edaa7664712dd3d8f5776b65478999a0d44e91e99c41a7fd3873768e85ecb726c2f500efdad6095541293424019e3c2947ba242bc93a37272d8e5d0f
SSDEEP

1536:+VHXHEHT17To0FUqrtHBMhZ+IyhrRQ8A7hCuhfgkWDeMt:+VHXHqbUqr93h7A7hjhfgkWDeMt

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3620	msedge.exe
3620	msedge.exe
1388	identity_helper.exe
1388	identity_helper.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 5052	3620	msedge.exe	83
PID 3620 wrote to memory of 5052	3620	msedge.exe	83
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 1052	3620	msedge.exe	85
PID 3620 wrote to memory of 3124	3620	msedge.exe	86
PID 3620 wrote to memory of 3124	3620	msedge.exe	86
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87
PID 3620 wrote to memory of 3056	3620	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dda8b847ab0f73172ca8913bae41beed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd8f546f8,0x7ffdd8f54708,0x7ffdd8f54718
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7697059775565470323,14249652750300848724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
efae4c1e09d5b55fa9c29ddccb5de714

SHA1
3a9a4e2df5a9b18b49ec68deaa13b06a37adb2c0

SHA256
4620bdcc1e65bb0a2569d539252563700d5b23e4a480a1c231856d19022dc349

SHA512
1df20a233317e956e08da012f7ffe0ad6b6f773cc1e890a98dab69e8dd4d79e6916c1b00f059b0f16df8aa55caaef582eb84943f1bf88e50a212ac7c72767cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
309e6bac968ee950fb2a475e3d0b2bea

SHA1
62e7cfb00eeabf2bd824821d0d091da6f4f8a5d1

SHA256
558d0531bab3f858c1f99b7522a9ba9cceec531dbbf3c13e86e29ba3956841c8

SHA512
e4aef15393c4a9af70ce92760a867a965b13c551cbf20083ce58359717f1c6bd9d79f585c1b2b626390839f242a8af339fe00b789370fbafc9465bc8e9c86578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
181493762d8cce0f39b56658564d2d3d

SHA1
dec1148b4defb47bcef99089c623576b4615aa8b

SHA256
a7e87ef977afeaea8c54231e592dab2558f2a82053c05fed0f1ec79d0dced13f

SHA512
2b1d9082536479be81d0b26f699fcdd4d4dee23dffedf41d44e66eda603776b9b3077f56f6abfecc67c055d7d35350284b412f5642e7b391b4df4a6248639b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a0053695ca514b0d216afb3a0506a9f4

SHA1
080d6b41b89dd02257258b4019246efb3cbfea4e

SHA256
1037b839119c82535bb13929495afdaebc34af047332880b0cee22d34dc530da

SHA512
1c43d4f0d077a75cd7cfb560d8ba1b591c9b8c3563c64dc72829160bb013634dfd0fabeacd7b7bc783cf208170e471be2f01c9996e7271e3ed8e7e5aa706bc04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6cd4e7834f6f23cde34d43adeb977962

SHA1
969491882868e7b92a6f2a73a735ba28f8e3062d

SHA256
c7ca78e72f6a05bef1238f2d940f021780f8440fdbe2ab1099311fa5b78d4c3c

SHA512
d29df437d92ad5edc12316a15ad35bca04afaa18da6522639b5e1a934a5c96dab8d417c1ae152dcec21b19b0fbcb91aadb3c3d579d37a551ea9aa98167e96589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f130bfa7efd2e9391227fe91e77c184b

SHA1
f66696ea03f3e7f4b151faa8e7c486afc751f5de

SHA256
149b943fa2762bcf97017efd59713dfc28a9502e5c75f273cee57c5643641341

SHA512
92c2ca72d65edfbcc1be634d0516ffbb0565a2e9bb84869d2b2a948e756de4402bd46490e2bf58a145b44d3dc9b1075840139ffc366a68b22d466652d4ab5062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01a62dc19c64c32acfe55044e786c69c

SHA1
d5e7b79bb2c075da9bea86a3d06ca42f2c076070

SHA256
45a383b52320baecf67b35fd1c9aa9ed314c40d9a70d657b5733b161b1e37f1f

SHA512
0dc3697d04d80e5b5a494e3382203af54414e80544f26a6ef5f21c85cd29490131eeafea6f8a5f2b31c9296dc82451bc20a4c1a5b66797b59aa24330a9ff6d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bad5f1bb62d264e9ef5e5b397154b7b4

SHA1
5c2d1e6da282d1ed0746cb29cea934328e8d01ae

SHA256
35ef533cd94a19b22321be101b5953c989dbfcca9c0b8a9bbb614a918e1c6284

SHA512
41b6cb3e70132da71648dcf32d55a31f3a62dd707120d308d8c3aec556509c9ea76ee8086e630502b5a6b6421d8bbd6f83e8bf737e2db5792db0c5f963babb64

Download Submit