d9b76867a9d99d9c15d55e040002cbffe8e987b52f40e654c9b4807896598109

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 07:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dfb9d3cf7deada395b1a530fca8550d6_JaffaCakes118.html
Size

44KB
MD5

dfb9d3cf7deada395b1a530fca8550d6
SHA1

006a21105427d5ff030ea154fc718eb1bbbb8c99
SHA256

d9b76867a9d99d9c15d55e040002cbffe8e987b52f40e654c9b4807896598109
SHA512

8cc16a3732930628a2b05bae8448a33ad8b300f8e22407e3924601a3824d694e0c8e97f73a5dbca74f9661a2cc92438a554c33b61e432a8fd1f55dc8f7aca676
SSDEEP

768:oF5bV1bHAVb2vboR0pC/b9byFK1yO1oGeC01Jo4JvYAX2VkrxP:oF5jzAVSUR0pChWFK1yO1uYyZGulP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
3864	msedge.exe
3864	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 1132	3864	msedge.exe	85
PID 3864 wrote to memory of 1132	3864	msedge.exe	85
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 1620	3864	msedge.exe	86
PID 3864 wrote to memory of 2376	3864	msedge.exe	87
PID 3864 wrote to memory of 2376	3864	msedge.exe	87
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88
PID 3864 wrote to memory of 220	3864	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dfb9d3cf7deada395b1a530fca8550d6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc84f46f8,0x7fffc84f4708,0x7fffc84f4718
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1504,2749294591116039803,4089513338994295478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cfee2b8bfe98f69f09f30dec0b91ffe5

SHA1
4568cc3a77f53faf7e3fb1682c1526d7ab51a582

SHA256
0ed864e9714926689d525bf444f27cd5c3b6719945c115d1ea10cb1f76ae59d5

SHA512
15b1d5e29af82f0332372bb7c97753e5abbcc856810f9fc3f0770a3e6ad78fff0efd6915251471d02699c144770399f95e18195727eba8eb569041a884fa8cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0a4557b695c76966ac97da52147887ef

SHA1
788cc9a5ab7b665255950b405efc3b3a2c41670b

SHA256
013da5d1a0df924e8aaeb18d002fc8030651af937e560ead2ca165a9b0adf4ba

SHA512
a6041aba27c3bf69bfee3b2507101d2f61123f4ca9fc48c395bdbd74474dedf41bdb3607e49e64ac83f5e0b4b66fc15a7a4170e19d84a6529749cefcccf1413d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
987B

MD5
f8f5e1ff048d25eed9abd58caa194465

SHA1
50be325e9ab85c035f8da7f7a0c6cbbd920087ff

SHA256
7ca77960754ecaf0c98168e7e3f9bbdf5a022c2819fa7e6c10d7abdbd4e1c374

SHA512
db6a6618eaa63c1a12ec3361100f5dbc18ca29245838e27303b3cde87af3123734f0b2a18c8721edc2fa51028f4b8e9c4cc9501a918045807986e64a198394ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
135d5dd9fe8f242f236b525c54e7235d

SHA1
6c26ea6720d512538fd7deeb70fc0deedfd1f689

SHA256
770b37542961b6b8ab2fd2773097562aa00325fa942f81a027453c7a1cea36b0

SHA512
847a1e423df0492c925c72d95e999d926abecb04b9bcd7ead2661a61da56b32f0813c1c1e882ddd9f14672f0446f36483b4de2618decbb095762f0f5a9fbe653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c9939d9f0b35e043671b8581065297d

SHA1
30360b605b01748373674d5bed9c3c0a3d980970

SHA256
2c3722265fb93b1d42da297c00cb11e64d13c6192b7687bc548c4d595c1c52ab

SHA512
2901ee11004f15f21a3e70413ec6a4aa2f7edad2b48c21ee625baa65a6274d22e421ad6ffdd19954e5f53e4f2da0dca16c6513bf45fca23cb82692a9801119d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f22dc520-f9de-43ed-9c1d-9ba5b4d9b0af.tmp

Filesize
6KB

MD5
d9b71b4fe7bcb65a6754b8c16e88abd4

SHA1
ace2289599682fb1020f6c294b196ed070c03daf

SHA256
e41ef32c8c144fd137f4ccc6fa143effcf77834493bcfc357df6d0c4e63a02f3

SHA512
a082c6f9159e60b9cc526886a0d2042b20d373f6203dfc3e853c4f8330eb5a8e069e7bd268e0c5ed090b14823a1897d8908f2d88c62ad1388617625d4cc00bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa52fd23a881646f574ec10a4100fae9

SHA1
849c3800aa21a028e66ca2735d56effaf74f7fb9

SHA256
bef36beab77ccd966fbe708357610078bfcebad701cdb47d985396e4c34e20b2

SHA512
5202aea3a2a4553b0615f99422accbdd3dc659316cc6e76f8a742d4a5d61f8c6d31263524b2befc03724365c860c3e7a868c6a9720da99137982131a7d9a7805

Download Submit