380b87892448fc21a57f5e0c7925bb9a5580eb9e0a2aa20bb8efc08b276a61c1

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 22:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ea1ff88b7df9fcb8395d86b3828c8305_JaffaCakes118.html
Size

89KB
MD5

ea1ff88b7df9fcb8395d86b3828c8305
SHA1

f43ffcc929994e2ef49c29c8ad70684d1d24eef1
SHA256

380b87892448fc21a57f5e0c7925bb9a5580eb9e0a2aa20bb8efc08b276a61c1
SHA512

e203557e936f8a89d5867de7aa745e2d007bf89137fb40b6016a4c5839b765884b7759982b7b1fa1848e70b47dec45c3afb90729ddf60fa755b2ed74d2a0abde
SSDEEP

1536:xUgbdcXmNRSOD7OtVquVp6AJnAr2GzJ57iAPSxjOq9rCX7CesErsYM:xUcdcXmNRSFrquVpj5AHzz7hPSxjN9r7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
2980	msedge.exe
2980	msedge.exe
4740	identity_helper.exe
4740	identity_helper.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1256	2980	msedge.exe	82
PID 2980 wrote to memory of 1256	2980	msedge.exe	82
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 1448	2980	msedge.exe	83
PID 2980 wrote to memory of 3084	2980	msedge.exe	84
PID 2980 wrote to memory of 3084	2980	msedge.exe	84
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85
PID 2980 wrote to memory of 3968	2980	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea1ff88b7df9fcb8395d86b3828c8305_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaba0546f8,0x7ffaba054708,0x7ffaba054718
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9568976103789933497,14976976094908425547,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
343f3c1523c167884e56e7c58d38af8f

SHA1
60cd744ea598b3fb927ef1175dc3e6c00b334912

SHA256
408c68311943dc68813a1c5c1d29adc51b8c03982f18f5fc4db2339469ca642e

SHA512
fa300d921f92d1ad2865d9cb4a1a67bb1334071f73c58548f02bbdbda06122ee3799201bae1f60b9f7d5053781d3b372a2eb82205c747561e19a0bc12e56ab05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c36075ef669cedfacc01f90361a71a20

SHA1
b0410290ac2ded65698aae2d30209bc7c5d60bf8

SHA256
f18030c3758841c8c2e143286a49273be5fc8733c07942b5ab4ff9ecf6194ee1

SHA512
8a4ae90108fb15a9cc1bfcec178cc67f7ff9017629096785e35ca0a94ab5d162b20dc2de37d2d94d7ccc20bf959c72753f56e5510668239858654e1b222a11ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89a0224e5af973f35d50cf15f69fce95

SHA1
2006662cec45e7f2e3ee676c6eff46bfe1ea4bae

SHA256
79c58c6235bac57225747c150684e579b8187ae18e2bf32933e7df1174fbcf5e

SHA512
0c14e8ef9e0408f4128e2cbe2add00d26d3d78a90340ec7fa170e24b29795dffef8542a413bb86f9b8d1a048056ce6834af063e967c9f9264d48a4c8c9ffb132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c6ee4bec0dfc215348d6aefa8897753

SHA1
4be0b082ad6eb7a900b42b2afc4376b44d5fe51d

SHA256
e6810825474688942fc1f70bd26f53f9a94c4a7e7f8f77dcc79459599d7415a4

SHA512
8d32cc826bf86ae66b5af194edc5ed146f92d05e5e38997740ab030c1d6076ef54832e2d2d96a335b4b90f91dd80b99c3237e0654e2d77ad56f4dabd42f935ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1cb7feb159ce99fb82b12ac2a093dfa

SHA1
ea69ab2dd8e194636edcdc8db9530abc35059b19

SHA256
05b50d35ce47aed22fffb23ae43d072c14e4f7aaae49f0c4c43cacabe8c0eae8

SHA512
780e99e63b370514719018d685e157b0da3a7d8a9ee45595f08f0f1f4d151fe5a91ccc49fa7adb54067e659fee855217e7507e29504aee121ef54c5b07c852ed

Download Submit