8d380300a831e38fed102986c187e53eabbd1632c89e767f441757dbab0acca7

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de97de79698c903ea0cbb469709fc20a_JaffaCakes118.html
Size

85KB
MD5

de97de79698c903ea0cbb469709fc20a
SHA1

363b6d85d71a481005b96663b4847f72543a3450
SHA256

8d380300a831e38fed102986c187e53eabbd1632c89e767f441757dbab0acca7
SHA512

12d73426f7174a30a1eaff313f6059c0539e4c68adef79476455c0fb17051b968e817e39a515b00424dd9a782b9440f0a5f9af1ba32e47927d7a011149fb3368
SSDEEP

1536:dvLrugs/lvgETf2PylwPb2ZQWpNuqtV3sEyZWOQAnu7F1JFi3kjjhEmu9VpRIebD:xugs/l4mf2PylwPb2ZQWpNuq6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
2068	msedge.exe
2068	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 4832	2068	msedge.exe	83
PID 2068 wrote to memory of 4832	2068	msedge.exe	83
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 3472	2068	msedge.exe	84
PID 2068 wrote to memory of 4840	2068	msedge.exe	85
PID 2068 wrote to memory of 4840	2068	msedge.exe	85
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86
PID 2068 wrote to memory of 4576	2068	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de97de79698c903ea0cbb469709fc20a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94f546f8,0x7ffa94f54708,0x7ffa94f54718
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17674548970013430613,10410929050487501206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d30686cf04be99cdfefaaeb7657a6b6c

SHA1
ae87c3149e69dc472383944b8a5ca0581f478195

SHA256
d374d816b888336c42eace1ed7a47331bb43abc60a3fa195aa5817005f586f51

SHA512
1d33876cad0ddc3c01e55331a8bec793c6d153b036e9271fcb77ca128a4989d8744d43b703f067ba809c18b9dcdf90e95517ad0cd36b68e9cd394608dd82a432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
400B

MD5
8d158a048d68778e2f4c8b6d4d5e074f

SHA1
6d14e57ca0ed53f413a4bfc616211df7536f4711

SHA256
22dca805a9cdb18c58360c03a4ef9045b504fd17fc68b768481ca7f3d3c2d686

SHA512
5c38e7b04581435f248a39d0f1693857fc54926f89687f17d9dffc3d2f6a4f5113dfe6c9a8c40ff731f87c01d95c20e53ec0619c24bab115fa19db6c3169d4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdc695e34031047fc06d9770c85c0140

SHA1
9d50327b280e4adf818cf958abc9956a6bce6c52

SHA256
d6dd0ea2e8dc80817dd87a26e25d6dc0748c12cad00b35c1b6075a76e6a87e62

SHA512
066e34912cc76cae2ee4131c9ee0ac289e0bb6f1d6652ccb231a161bcab399dd3c67dc8ef820c0b58310237947b4ba2e2a99bce46dfdf4f66a4a0921247f1625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9a683f179b01014b85780b62891e7d0

SHA1
46c1ac096901363e6ee339ce9cba84bfa1c5b630

SHA256
c1dc9d0bff528efff918b5d48bddaf40a29097d12ed03d042867197bc2121945

SHA512
f9b6aa1fd261882d3a15d21033cffd484261b806f298e44d4e943a84cfac91c623ebc65f10ae95eb7f7ef6c695df9fca78ed1fca2f32bc9ed57a68148ceca000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca10797b5f6c19b06c286782a483f164

SHA1
7bb955a24bb51ddd3fbce71a691cfab08eba70ad

SHA256
af2d92ce268d333c34b2a277bf9a5ac045a29c05e52eefe2c0ca6ccc6d795447

SHA512
b307554dbee5ce28a40c968a573989a87860d63db04471a02688c67d490efd508e1827dbf4b96c8dea3ce4ed98fb034fb82c52d74307df5d550a3468d02a97f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
47dfa01744a131e367ec88db0969f83a

SHA1
7cb4137ebacf76586cfa8400a68cf8e9b5fa3e50

SHA256
2bccb17c106f5fea3e94472ab1ea599e440da44468f5e97b3eba494240b70867

SHA512
53b2a256b911a1dae4d82247983f4de9333dba44e7f0e316fc31b7b3c753ce7733b11cfd0e5d21e817813ba2de317e717758309536677fde62be7a90f54ea5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8cdbd37b5527870dd0bb995c32d33ed

SHA1
d926decb4c249de51f7c4857f0a9baa0f2f74204

SHA256
a0dba359acfa09168d01b918c483b5871b5f8adc2add3f618efc8983ed43de5e

SHA512
4ff44a89e33804479145f36eafb9d3415ee811e667ebc46838f121daea7b3f610d0ccda88941b29115e871039ec067e43cc016754711ddcfc235a8226fb2cdd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ebe6.TMP

Filesize
873B

MD5
bcc9cfc533660f934c4e3ea9ddfd3b41

SHA1
9a120c698ff53397e9a31f9ed404cbccc51cb093

SHA256
cb2b49a6635af07842628b079da02b48aa15e87b2f964c54ec91ad55c2bfad73

SHA512
62fb7f45bfb44c875a62b3844cd8d412017a1c4d9e344193655e96b943d051ad49caf42e74b731887cc9388b06eb416bcfd1ecca11e423c92b7ed14bf84f940f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
848cbcae2fdfae97eb2db59787a32c9c

SHA1
80710758534cfe9e6c9a730da94aa0f13ab5c4ab

SHA256
8845d5ee8c487f048ba37b05c26e693669f05512adf02190c14b0ec38908e7a2

SHA512
b26e09fa4148d6c0f2d733d9625379ce6e326601fe0556d9188ec071a512fab791a8e8c539e6934b7306393f5aa6789031a28c2fd42eb3ff3c5de0925193d015

Download Submit