eee40c16b8a56c60b265325029ebade750fea307cf77eea7789f104db9b60019

Analysis

max time kernel
148s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e18645185ce062571e771d6dfc6bd43d_JaffaCakes118.html
Size

48KB
MD5

e18645185ce062571e771d6dfc6bd43d
SHA1

c36df2ee9b72a0e1fd3491d3c9fbf2a511695a41
SHA256

eee40c16b8a56c60b265325029ebade750fea307cf77eea7789f104db9b60019
SHA512

67f1b4fdfb3d04fc860af6abcf8f7b99ad1de59ad33311b6c13ce9562db9822bbc0d7e28b9e5b56867470c2cd85c44ccf8453d1bb191e84b71e404eda42bc2fb
SSDEEP

1536:q6763IwoH/AHs9fF5A1nDgzNjEEt4S/rlMw96em:L763IwofAHs99ywTlmem

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4032	msedge.exe
4032	msedge.exe
3400	identity_helper.exe
3400	identity_helper.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 1836	4032	msedge.exe	83
PID 4032 wrote to memory of 1836	4032	msedge.exe	83
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 3940	4032	msedge.exe	84
PID 4032 wrote to memory of 4396	4032	msedge.exe	85
PID 4032 wrote to memory of 4396	4032	msedge.exe	85
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86
PID 4032 wrote to memory of 4856	4032	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e18645185ce062571e771d6dfc6bd43d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf4718
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12188459590739179634,8254906681481805298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
50e6f61278fe3a8e502b31dae5a78221

SHA1
da6cfd6c5d7ad21f3a453740b9b8d63b8833e183

SHA256
ec2613fe7c1343a4d472382ff8e113c6de7949c3b8559da79a8e815db822cd40

SHA512
dda000ae0f23a4a66044dd2c298728a394ef8f3bdf9f042d1c1f05559a313aca2b22356b7dde353d4d18aaa38635a9f8a54f8e050fed09e4ae1bd2b7799d60cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
f5a366d4d74be9ff995ebb88688459d8

SHA1
db4ca1af145eb6fcc6e3299b2c41fc03bfd7e27c

SHA256
0087695eb9d4d43bc99acfc4ef90757986ecae774413823ea0330975e3940c9b

SHA512
916eb6ab5820edc92d8b4dae8c1652d91a0f55057caf0925a9739a08b6e8947a200591021d22e5315c9e983f00092102fd02fe43342a23ad25808bb0e3d04c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a1860c2dc723493b139fbcddff353823

SHA1
25df5011691565067f1d4b9c063abe1b57361a1b

SHA256
32b52359ed5d46a2fc4bf8bd91268da4bb8d623885b6102ea845360b7a046f2c

SHA512
58b4bb607d36c488e3f14bb02c12c1c26582767ff9f02c0fc569ee79301abea3adf4d8ba1af526cbf7de292e678bc629c7b5d5e1c6feb18ddc577e3ae7214500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
23175cde497ffd2fa41f34a736b37e33

SHA1
3933098f6ef67582b46b8033714934967946a2f5

SHA256
d632d04abf702f5a3dcd4e5fd108d957cb784987fe123b92f8d9cdcd8112d206

SHA512
cd98483c539a47cc5f4697720afe66f46137e7e3c3e43d6f1dad97a4db0730b707e79a1d28f4968211450d07080351838dda59a1072b89ab97fcce20de6b1b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
beaf1522a3ad11051dcfbece84fc21c6

SHA1
57221f33b867687c5673de9d8401c9da5fd7fa95

SHA256
f9450af2052734a13f7182118e637331fa0beaf19ad3115dbaab773c42433ded

SHA512
99d6c38a48f8a3eb2e2a9887c184af78c4f365b7c0387de1d6469a458e0b3a0b1429eb03c492e86e7ec783141e749e3a50660718717c39357a13278b91ad58d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a825e62d4be37186d56a5f55b07c74e

SHA1
26f277d753a70758070591d15d7721a69b21aed5

SHA256
18dd31422c66fd799ecb904ea5c92d03f36c2515eb10aeef15e57fc06ad88a10

SHA512
a67baaf47884fd2fe509daa36b2df0892f707ff5996fbc9dc75a86aa042b0c57e4dae4c996e9204cb7c82efc08ef36cf36c23c46bda6749bad5fd4300d1909b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7484c4f60b87655e83599192a50508db

SHA1
e60c3fe2e603721392f79db6166176c3e43cdad5

SHA256
2135edf122841d83ac8c81ea42bda52bd3283e7a0f4b296173dd95ce733ef6af

SHA512
47b4448bc10fe3200b874ede452cfb482b150d78ed69cb905efb061ca94a34ded47fb83cac558280f78003bef0217ad852894dd7e4f6c40631f8e18decd405f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
929adfb3e3b35dade04caff32e1120b5

SHA1
e877245dae133d6ccd71d01196db49d84e65d489

SHA256
c311c1cee518910417baa3296f68f32f1901c451ffc6d40a9d17d2bce729704a

SHA512
247055d5edbba28fdae15c27018d19b5e391bee2f54dbf8c990fb59984bc35a8eedf81793a7db781acf8517bbb45e38314396fa695527b88e4f45851ea3e34fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8501bcc8fbb903eb91631c96e5f02d5b

SHA1
1b37fb568b32a3ea05b27cb3529e479d0de68999

SHA256
a819ba056d10155a8055253d1cb99e51ab5179a4a947c48be586871ce2ae4997

SHA512
b045d96f3925e57b19be1725793525e860a31522a6cc070034d27ef233549e667202f8659f1fe2178f98558726e822d62ab59318f4b4a7964c4e8b781d0bc828

Download Submit