5709e42e272042ddc083ae1d9948bc37ec8441a2824423aa947ac8058fca5f2b

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9f171156a459b67bd7894127eb4cbf8_JaffaCakes118.html
Size

69KB
MD5

f9f171156a459b67bd7894127eb4cbf8
SHA1

108a0b8386c2de08e5de5338274231cbce6c2886
SHA256

5709e42e272042ddc083ae1d9948bc37ec8441a2824423aa947ac8058fca5f2b
SHA512

aeabb735e17492994d087713b160aa638623f91d1c2ebce658876fda54b350c01294ce7a7aae2ca24b8895044770cdd46bef9b38672c04f475c8429093482ab6
SSDEEP

1536:SM1gDUjmED4sPvsSdGPAcd9t9c4D+IFp6F/UXLXna:SM1gDUjmED4sPvsSdyAcs41wUXLXna

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2652	msedge.exe
2652	msedge.exe
1960	identity_helper.exe
1960	identity_helper.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 756	2652	msedge.exe	84
PID 2652 wrote to memory of 756	2652	msedge.exe	84
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 4156	2652	msedge.exe	85
PID 2652 wrote to memory of 2932	2652	msedge.exe	86
PID 2652 wrote to memory of 2932	2652	msedge.exe	86
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87
PID 2652 wrote to memory of 4556	2652	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9f171156a459b67bd7894127eb4cbf8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad63c46f8,0x7ffad63c4708,0x7ffad63c4718
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17140573777935361848,18279116169134891200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
a2e78f87f1db2bf10dd92b702e7efa4b

SHA1
9a94c02a55c4958b1b83d406ee75ccd8d684a08a

SHA256
144ca76c94551f668a5706f6a95fa744b3af1ec4b8058f2ba56b6c06664fe052

SHA512
05a6a00bd899a44e7b26abbd2d6cca78954cb757d3a61ccaee84f59fdad0f47b84db7e7a28c29c52849eb282ade4ed1c4ce06c75512d9e8ccf2ff730542b97fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e07455655c10ba19e247fd15923079a9

SHA1
6a585474e4253caccdc0f070bd06b45450c1e996

SHA256
c9e8de4f1d26b584180fb3a5ea1c454e47d16d674db93ef0fa6b65e3d9b0cccc

SHA512
54ba5f5608cd9508970d9bf8294e9b61fa95cf694a023475257a9284568a738e08ff19ac5fae2adf931638bd6a3f0b44eeaa2c7dc908bb7a9d0d9526b1abdb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a1c89a471b757f58281a3ba3008b9fc

SHA1
d27df08c7225cf3431ba3bdfcdfcfe7c8c0549fc

SHA256
7b422af4a2275ab82f788841fd16c09c2ee70276b55e593230e253b506375577

SHA512
fba76234fe6db5a6efd9142f76be8ff93ee9c64c3b3a6a6929141bb1e7a1a7ab01b663b13ef0ac8551a3dd57bf4c8517ecf82113ae2f76b3604063a89627130f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7537c36a5d25a927d4a620cff695f230

SHA1
d46e1f7ced50b91dfeadab0f9be2252f0e116104

SHA256
dbadcfcaae0ead795cd277491029dec9559236b4f52a3d6363444bd69f0f961f

SHA512
2cd5cca217546815d6f9524e74dda062935d44ded3d7566120abd00ec4f19b9d344353860f38cc29e16e4827ddc2fb8edca64e7bdd4a562b28271da503d76e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
1cc1f99c8e95447a816f734ce71e32ad

SHA1
cc4a682ca7c1abcf3391dc61869eb52281702891

SHA256
30b63941c44c6ba5b22916be0193532162d53342fdd95761b5e6c11b5d3c238c

SHA512
8bea8def705f01463a12e05790ef8ffd146374f51f6e4542e24e12f09d4f485b214512f1ca92e5e2a48911c9e93bdce949ee5c1532f4b56498eab4df450856fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
05b59eb773880cf395c29e70ebfa7409

SHA1
888103508459b0e2655d0831eee4a6207d3306ee

SHA256
318d99981ee7d1f0f5a3f343a082bb09da6e7bc05c51de44bd502443226c7064

SHA512
5b1560e80a85b0847101bd8c1e65cdcef6684669686f5b98dafe861f995e421e768a5fb16740a290a50646b49c6157d2dd3576091e739cef23fd77bf4f5f5bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581393.TMP

Filesize
203B

MD5
69439fbcfa206af0c2d219282bb96956

SHA1
4e11b437a7959e687436e292117b53cedb7f4e88

SHA256
19a4d7acea1f3357d88ad43e68d410a69f0fc653ee6d5b1f9b89146fcc378f43

SHA512
0914830170a7698d9b4f07ba79b339b43eb82b50084044e672255b8acbf4a458bf835fbc72f81cb11419955579df9bbbcb604669898fdefb77392bdc3aec97b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bd4923ad-4f80-40aa-8f8f-017148f3d260.tmp

Filesize
6KB

MD5
b84d07e6794042443964aa5f01984e45

SHA1
e815928614aa1b48c4fc1147704b752bb4324874

SHA256
f147b1248302c1c1dd9b7484f4dd95eb1e27bf74010c95efbe54b134c490a676

SHA512
0ccbdacb709766a85efd0cde3a5dea34ae2aea274c3f20db61b10536076ff00fd1f56adddf0184696d3e86bf875690315c3a40808b6c4e33a439a12d7c30a034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6ce867eb6e6fa29d42a43a78d33950f9

SHA1
e1b950e20eb360a31ea04ac38b2d33c1b676e225

SHA256
3c3857ab7017593e8103cce084543331588433a391c875378edfa1fe61da3655

SHA512
d177ea856d79bb621483a04f432831a5a862184612f7080c53565c8e593a430ca1de0172d1c131e45c245bbb812664726edeff6ace0a9ffc35025c11af740342

Download Submit