eb46a81975cd9cbdcd702f41005d787a33b545c2dd8165b5ab39d8963062391e

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeb73b25347bb9de469616b0288dff0c_JaffaCakes118.html
Size

103KB
MD5

eeb73b25347bb9de469616b0288dff0c
SHA1

99a690d334e8c99905c1f94ff2d90db5e31d35bd
SHA256

eb46a81975cd9cbdcd702f41005d787a33b545c2dd8165b5ab39d8963062391e
SHA512

27a848fbf99c83ba37973955e97c9133411da886e3aefaeb0c56fdf93dd585d1e5b60c7c92bd4dafccbaadba1f65043baa7b559e940ed1945c449442a4c040a8
SSDEEP

1536:svAHNi7pmA39xBHWVI3vEkrYuPg2RyCL21RDR2xwIZ4+4ZMb50ghNxgefN3MU39p:cFU+4ZMbigeefR9Dt+J0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
1220	msedge.exe
1220	msedge.exe
456	identity_helper.exe
456	identity_helper.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 4604	1220	msedge.exe	82
PID 1220 wrote to memory of 4604	1220	msedge.exe	82
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2120	1220	msedge.exe	83
PID 1220 wrote to memory of 2100	1220	msedge.exe	84
PID 1220 wrote to memory of 2100	1220	msedge.exe	84
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85
PID 1220 wrote to memory of 2468	1220	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eeb73b25347bb9de469616b0288dff0c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a90f46f8,0x7ff9a90f4708,0x7ff9a90f4718
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3174162388698275987,7352775147662951956,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b072c9f3dc1197bb88ce9f39fdb932b4

SHA1
ad88fff0d1d440128d7d464cf027d3886c0bfa3d

SHA256
db1569b5710a99e069ef530f44dac518c64f2c7cd85e6f194913ed4bbba5201c

SHA512
6e5e6cdcd87db3bf5f0af4b3ad9ffc370955ab964c520e0bea1363448e9499c6b692ac7603130731e493a9b01985b284f2838eed11096a378d4f07bf28268955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
881ca8836195291fcacd27d1e3b14991

SHA1
8e199c15580b3dc77523b296d19f503aa46c416c

SHA256
526d9f68d17b980f29f7e36f00038ddad6e7ffe9e0ca5b42d422191c2c50ae99

SHA512
9f40541b15e35e9bbbe3b820a9f9d68a512857b5d72eaad960154ca46c6fe09c2565a8037e55d5ff6c2bd88c462583d1dd8b4ee0acdc0571c382fdfb3933cf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afe64364dc6a20961a6b88b7c94476a4

SHA1
9a7ed4f4916ccf4915af27e532ca9327145e00ab

SHA256
a5e0782a6d3cdafc84e88ac127c683efad19cc0f62aab13c69a477ff8b68254b

SHA512
bca33d8d957d5b36d1c9ba048740ae75ee65a2e24f7feb34d1aa463ba9e063e62ba9836a1bc4e7271fa764b662e2b61aa2a22b55fee5e8c70848ea805b47f1dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
761e54012e745be69ffd4fe39c87416f

SHA1
42837e05e13e9a080dcfe40f4421e1b1db2c594a

SHA256
f8289b1a3175dd256be13e81b3d388d154343d955cb49b303ad94dbf7b10c22f

SHA512
9d99823624a830307f5610ff2fdf0fbc0dc38354f00231621d82c82e06568d0ca84c961ab7c80be3af17ced490b6a5847a746ede125839eeec514471673de02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46fe42314253decddf74bafd183db7e3

SHA1
532e1816031c7f8bb351213edd5a1f69c5ed62eb

SHA256
b4089d8d64e62c83be354423f97dc46b4ee660030c193829e6431b47ea7d51b2

SHA512
432b8764e807927367191dcf60a3db98d0705b913b255e9db3b0cf58c9341318e8eaffb5cf793ee7764a4063babd1785dad34f298ee33b2ae4e37ab9f33cc132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
758a5ef7ceffd64ea0b4cbfc8965bb9b

SHA1
3f694092679a42374926493eb85f5576a53724fd

SHA256
9226cc0706335717aa48b952a3fd7fcd8160d442f1bb84340901d391577fbf46

SHA512
834c4981ca16da8fa5e3eca0eff57e4b0799eeb0cae4dba0ada013a6d49cca095d0dcfc88eb4df90c4646804289851cebe6f023b5bdd4b4f863a9bf76a933fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a1b.TMP

Filesize
204B

MD5
b96acd9e3427fc2eac0bdd9ba52637af

SHA1
0ca69efcc7831be922c8ec097b700adbca4792b1

SHA256
a554d70cc2d81bc3a1b13c7401bc3c245c1771bf1174c39b160562fa2170ebb4

SHA512
57e2e89b76b035133851050d73cc66986e561c638fbcafe1dcfb9c58233ad9f4f3c15c48501c2ee001de0f8892d9eda0bdc60632918c677961eb3e1aead8baf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6ceb43977fb77e270d5f1326d2ebed7

SHA1
38e027ee4b1efd9e732e4a0217958397e276bcd6

SHA256
48877ba30f421c37129839f4e9b68d7fe843284ce818f1de65b3110060ed4909

SHA512
a429a1b2b4cce80b3b73f3b7ba03fef3b1dbcf71353c317db56089e5f88495c58e69892d3eeb01cc70738f8cc3787fa1b1ef277fc5358d40bbdf9db16cbf52eb

Download Submit