df4aeb3002bc14a65e0a29501c4d2080af8047126c87aea85d920f4f2f89a824

Analysis

max time kernel
139s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 19:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e9dfaec13cd4ab690eb324646bcbb23e_JaffaCakes118.html
Size

183KB
MD5

e9dfaec13cd4ab690eb324646bcbb23e
SHA1

8804bf6053cf99d1bd95b38bffc63e5e3786d4b4
SHA256

df4aeb3002bc14a65e0a29501c4d2080af8047126c87aea85d920f4f2f89a824
SHA512

1c6e8049fdb1b6e15702388bf71e89e29c4dae3ee0397b12a80d7027f0bc635520710a5689a435aaaa7eef5122327ec21a53e1add9abd7f77857c04f592dc90f
SSDEEP

3072:WFFNE4GeH/ToeqbIrqbI5XU13G4k5QhLpOatVl0VZwie6uCzik2Q5MIsuQyf5bT7:iFNEoHcIIIs3G4k5QhL8atV56uCziVQz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
4336	msedge.exe
4336	msedge.exe
3208	identity_helper.exe
3208	identity_helper.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 3568	4336	msedge.exe	82
PID 4336 wrote to memory of 3568	4336	msedge.exe	82
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 2988	4336	msedge.exe	83
PID 4336 wrote to memory of 1588	4336	msedge.exe	84
PID 4336 wrote to memory of 1588	4336	msedge.exe	84
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85
PID 4336 wrote to memory of 4696	4336	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e9dfaec13cd4ab690eb324646bcbb23e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb757a46f8,0x7ffb757a4708,0x7ffb757a4718
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12597198423229231307,4183410989718300859,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ec09877805e3120cc0091bd5978fadb7

SHA1
824e5793c88a7ccd9a5b84182894b67cb3f91f75

SHA256
d6cf479f49dcd135f4f221807bab6691a9d0ffbdf6aeb7a7e8b10d75e9ed8e8a

SHA512
f5a0e641fce427d109d5db5d10003eab7508964a1590a2247a7e4f59117b039b527d130006007704a65d42e76e1a61a5507e71c3287de8fcaf48d13d82a4dbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
be0b0d0ba5dc982fef13de3313bab84c

SHA1
12961a29b5a02782cc6b0ddaa95a3139516d16b9

SHA256
e7ffbc2305ce16d57e02b4aa3c9a2d3a497f134fc48a891ebd264ccbd332c3a2

SHA512
79a384175c9c613288745d55c51217b48c306617fc30cbbf43e939e75a4fca50ff7cd80e22cb2d2d9165fc081d1cbfcaa746ec3dacb2f59b8477bf8c9cd4e087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
21b8724fda0f02b241f293ebeddfa0a5

SHA1
dfecd67d9d33a700bc1656b25800994b4e1b344b

SHA256
2d5ecb3ea142dcddd022bb20c72dabf15f9bb5a4a3cd5f8fcc49522db0ed9aba

SHA512
78af692d5f01f2c981bdc75be9947501b22cc4186fbce8f31bc4fec2284a11a151da9a677422883dc4d8fdefcf1d12cd5e97d543c074963a368b15332f969659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4eba39c09652fe5a25c729b7e993b6c9

SHA1
8ea3514d8963a5d4bcdef5451f96d674acf3337d

SHA256
b724f351edf0dc51b9ffddbfb83b9b685a966fbc29408c5bed13099af10573e0

SHA512
28289ebfd634f5e136e0606fafb65bd61a4ff89c70074e81f8b31b52035451a25e39eae6b93aae3229d1e2f58468a24d203c783becae893096a4c6f3754590b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a2ab3725e667ce454297447da9968ba

SHA1
205517cbb38b0da03385a31a94f50e9d2c1a0bcc

SHA256
581934e48f5d64706e0fa1305269d29373eddebd2e3993911a2bfeed01d3afb1

SHA512
1220fa088e3809635d3141d1ddcf9ebdc2786edb89b5b48404d3d66e3723362215c2dd11246b1e893feee3f7503c6de125fb3562ec74044f64b94135fc219b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c97c0ecb19f986eb1e792b55b7be310a

SHA1
c7744a72b0778bc010986494b8f69b47a9f1aca0

SHA256
218fea0309203dfcf360dc7bf5abae30afbd59b92417a36306a922a692a784dd

SHA512
ddf86e854581680d478d770bc61808b9914192ca07560a3923aa65f3ad959ea60381994ea5ba71ba09d269bfc503c8242757cd4bbf93551c72d0697badcef0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4ae46555f99dcd57bc691e33245a2b64

SHA1
babddcdbf51c3509347b737acf0df154d1a55f83

SHA256
ae18ffbabbce110551604925228a8555ec5e18efea66070889a81aee521759f0

SHA512
2eb8fd185782f91a4f393b33f9b872f0102a78e7b27a5dc68cb37af075bf17d4eeedc2b461a95bc382825c4a6fd61c438f3bc02e15aaef362c5d39c46ea9b0a0

Download Submit