aaf0aaf4b9b26599c9e7e6a87f18a0f9d38cc5aebdc8501084831f20f8391918

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f041b294b1f077b8d4e6d369b48a5f42_JaffaCakes118.html
Size

47KB
MD5

f041b294b1f077b8d4e6d369b48a5f42
SHA1

0450df6061d4afd52ac01d8646e0a4ae38756aea
SHA256

aaf0aaf4b9b26599c9e7e6a87f18a0f9d38cc5aebdc8501084831f20f8391918
SHA512

1da80e2d9e4976608f1a678060c5307393c2c7a9fef5a8f4eef579328716060d1883b45afb6f6ad3b528b912ef34fe3fa0e2b77b58972bd63f04104c799193b6
SSDEEP

768:cd52pAcpJKS7SVOf7ETx0zJst/vHyzVqEk1FuOGg/1:652pAcLKS7SVOsx0A/vHyzAEk1FuOGgd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
1296	msedge.exe
1296	msedge.exe
4444	identity_helper.exe
4444	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 3708	1296	msedge.exe	81
PID 1296 wrote to memory of 3708	1296	msedge.exe	81
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 4404	1296	msedge.exe	82
PID 1296 wrote to memory of 3104	1296	msedge.exe	83
PID 1296 wrote to memory of 3104	1296	msedge.exe	83
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84
PID 1296 wrote to memory of 1552	1296	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f041b294b1f077b8d4e6d369b48a5f42_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9115346f8,0x7ff911534708,0x7ff911534718
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13045689956523191045,6496953856310308723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bcdcc6c83868b502bd38837d783a3725

SHA1
99102492347d623e733f4b08418dfce24d9da0fb

SHA256
55e86a5199b4eec59d25405891e9ba341622d19f7e8fc2ba1a741430419c6c3e

SHA512
5f93bb7cd9ceaf8f7822d2cef0fca36216d532442948b568590a7de5ff171f55597b6ca78509b21c84eccae4f2e9230a348344dd90b13614ed6a05f09441b898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
be702e3055085c8ac7832056b38637a3

SHA1
4eab708bdd5aba17f1637531dcdc37be668efeb7

SHA256
50ab10e91fb5c951d3e905f06e5806db438dab23b90fbb0e971f839401232adb

SHA512
6328c010905eb3386ebfecd487e494095e7931a64cfd236b60143cbf9b04b13bf8b8678b3df40d510baba6e53146a23eeb1aeb5aa47d338d79e5342addcd6097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4064225d360e7e507b9fbaf0ccad4247

SHA1
e1bdbd6084660ef067814dbfd14b24e2487cd1e7

SHA256
3799826410d2c54e653e994af3f17591e6bcd46247c7a3dd8f382a9acead6185

SHA512
7b25e70bc3f899f03d86b1384364decffc5f10964101a89683353ff218e4f548cb51dba72429791d63aa36c4e6cbc0ffbae19b6b6670b8269d765836f082f45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a85a6468e5c667a13fd17eb11b296c59

SHA1
31ca86bb3b7cc42ddb242431245984993dc32008

SHA256
27fb19bea39215d345bc7c985a90e03dba0e12940b3c521a507ecc1779a0423f

SHA512
540e36829ee8b5100b92a30f0a5eaa1f906d26c5643a4dc76c58f2ba07ea70d1aad79a076da11512f5dbd91c1e1a0797ff196e6bdcd9d52b88be9c39c12b1274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4caef8eb63f356a1869fcea2f658f955

SHA1
99474fe783bf8389b3d449b12f86b2aea76e34d1

SHA256
68278ebfc8c8293dae5b632e2ff4d865d38f77db2b780fdb9de2bb6488c3de03

SHA512
6ffa0f90cd048e12fc264389e2fab5143660e0ef1b5f234ff5d36bda991d46c92b8c11f21f04eae79a92621697b5d88607c04c1d47a20e4ff525df82e0e25ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
34b043c8638397792e033caf5126fad4

SHA1
bf1e1dce2bd8ac77c89d5854af8a625ec9fc18e4

SHA256
d950b4cb5dc95a08953a6fd085e84b95da6dbb63c84abf1238d91d2afbb89f2e

SHA512
210dec2c233476b9c662d35c774356f6250a622371e4006579f18f8f9a944677222c7a50fc1f7d40002821fea0ae79f2d638dcb2e8a83f93da59a2646cdbe919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
53becb30386af1bf9e9004b0b75cb678

SHA1
641d1f9c9efb2be81cad01fd5e741e8b2ceb0448

SHA256
b8a4ad7860bb77d9108cf8c70b8232e45fad95c5860f68bb1f1b66215cf7a8c0

SHA512
e4ff271cefdbd05bdfe1afc6602761dc80f402e8754aa654c8da8bde98fd88a7ea1e0d82c465b07174bcc5bf0e63f5bfb5b802df41ceca621230f02f6eefa0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b273.TMP

Filesize
706B

MD5
0e7d921a717db47a7c5f3d428d7937eb

SHA1
c92995f5bfb7f4e366b7d91270b4b676bc5ac413

SHA256
d71672d1df5b625de5723b265f5ce052b89d453a834fb693e5a5bfed090a1b70

SHA512
2dd88f263cb6807d36de0fcdfaf45911494a872ccfb95e095be4a1cf087fce70e4f39b6a9df01fd0fb84d60dc0f418ac31107b785ed2b44556501b3827fe5fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b30c810c27c987a31e5ffb72cb841ee

SHA1
5bb094fd0942ae211f9349414acf43801052e05f

SHA256
27f0c9cb1a09cde4dfb5e4d5ba10628112c23d7e8750011db2bb500d60d57d55

SHA512
bca8c397396be064df99d29339494a8f3571449fd6304dc291f1a407a14563daece448e61b8c78bba13b5a75a43b1cb175c0b62dfeb6996cb105ce8fb1659e69

Download Submit