49cce55485aea1ea447a6f1596180100fff87bbda4b7d94ba8a0751ac3efe091

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbf406c8f3c1f599a33b53c3b01e78c4_JaffaCakes118.html
Size

33KB
MD5

fbf406c8f3c1f599a33b53c3b01e78c4
SHA1

bb1146073ac39f514b4c6fdda37bc71dc9b8c9c2
SHA256

49cce55485aea1ea447a6f1596180100fff87bbda4b7d94ba8a0751ac3efe091
SHA512

b60fe62012e048fd6885c862cbf6194ce8ab594bdca70c3835dd4b8e1160b88cd44ca6c67b63306fd6a79e17ae2ba445379c517fdd6ba1b68907a3ac77b3bfa7
SSDEEP

384:SBcV0irovqC5XaqtGwnyObetds0fw4/hkatolfKhxLEyvP4nW5UtMf2hfRekSx:S6VfsvqCFXtfyObeqOtoRyvj5iekSx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
1920	msedge.exe
1920	msedge.exe
1200	identity_helper.exe
1200	identity_helper.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 4888	1920	msedge.exe	82
PID 1920 wrote to memory of 4888	1920	msedge.exe	82
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 388	1920	msedge.exe	83
PID 1920 wrote to memory of 2932	1920	msedge.exe	84
PID 1920 wrote to memory of 2932	1920	msedge.exe	84
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85
PID 1920 wrote to memory of 2212	1920	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fbf406c8f3c1f599a33b53c3b01e78c4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe318f46f8,0x7ffe318f4708,0x7ffe318f4718
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,9510175536815317499,754520755095727414,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\092953a5-ba11-4068-a874-10534e934368.tmp

Filesize
183B

MD5
5c1019a2fbbae64fc4028cb6454df74d

SHA1
d20fe68f9ce22bfa8c0b745a9766ece9609b58ea

SHA256
ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75

SHA512
9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b9a6084c8c7e7e6a56ef7a94ae1a8247

SHA1
40934b324c049f75aa542c36345b893ab3315fa5

SHA256
3d365fe3fed2618aaf5f618eb1867ebb158ed099a58e79f3ab6b8a9150c52902

SHA512
b2628b76aa44f5760a676eaaf5b9bc50396285aa97867593a2f5a28e8c8feecdf70c3c3497ed1374b96b5729b81cd6c8899ba66e3871df696ba81a1a29909706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1255f1f36494244d7ace25f88b69442

SHA1
adfb1f3d5235580cd7ba015879af50b230c771b9

SHA256
16899b30c01e402ff26bbbdf20255a553ca318a1ff6fb5d5cd22601dc87b9171

SHA512
802822de9fca8a39428e1557117f5d1d54e5bf9fb471e0fe08b8cbbca1a3fe9ef53cd26f5cf3b5f18a73bdce23c1884dfcba3318f97d9c80a1b7d97c902d3e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ebc3692fc223811b10d24483a9e0a59

SHA1
f6bb8a8c69ebfbb9d18c2004344982b803e2fb5a

SHA256
2ada104bec96217620b34237e59d3bde4c766ee8fbe89779504e778ef45baae3

SHA512
42f24fd650aac3c9c8d8b515f6d3be6961d2354cc0b51d94bbb05958f3f4ede0e4783a019e9da593d9985a8a00503cfa0bff310edf6907b81413cb19ffc47093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42ad0925e782758c7a03c9dd242c33f6

SHA1
44c6feb77d47a82369f763b7496e86c2d7e2ffd1

SHA256
18a970f30b76a427a0e49a5b961a6111d429fbddbc1111d7fa11cce3ef776d8e

SHA512
247c6171d807058830ecd7281aa3f7c04ae0f84f8844a5de257dc2b7227693c4bf1ef4c9be5ad7307e093fabdcd6950403686b0f3791ab55a5cb2463e5c0582c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
f3d65c9f6ce6617e92d05b1bb94d83b5

SHA1
a5c9848db431e26cc395c852f34358e24316da8f

SHA256
6cf417b7d126dcbb505f95f511516411b7bb20733cb76182a52f257ad01ae300

SHA512
702d44a4392a0830a056ff6b1de425073386519f661af6e0a5b42793a4eef078dab00e1ce6ddc1720d0791625368ee855f50f05c56940bdd53a10247dd7c98f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
dca24a9112cb3323117ee62b5ef155c8

SHA1
cc4232c107f2ab14c714dc8da4f04f6a1f74bb01

SHA256
5646ae25fe9750ff371fe42188eb26769d973f61d1cc8912d3ba47cd4013236f

SHA512
80b4c20a9a60f969bfe4c1bc08dc1b461d512c3f5b43d7e4191696c764f9f42aeaf64673bbb6a0bdb667f22890d12b0aa7aadc3a4356e75aa0365bba46b177d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585242.TMP

Filesize
203B

MD5
36f1e6d9cb47cc790fae9b8df0cb5449

SHA1
094450aa89fa33ad4b2fe54fbc63a2fbc8a01190

SHA256
89a64fe7bae2c9c6ad69f487229c25e2132ac83721b62d5efaf206c1a2cdd4aa

SHA512
b1fae179fb3cfef329f63680ae704c58c61777fa27acf5aa6a234be67839b6762467c1845c488b8fd331904da6e0d11ef63bd12896ff76421e00b56f176d8cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
79553118db60b730397a9ff4a039aaa5

SHA1
49570c48d58613e860a513a1a5837d77094367bf

SHA256
b6e08beed822286ab6792470b859fd8e47a33a1654a456f82ed1378a8bb419b1

SHA512
20c7939852ed2c8df1ca2c83f72a35c65d6433bdc8c8d3a6bfc3422daaef0d5cdfb6705bf6609a0ab311a8632949743297a1e1080563cc98734dedbfaf199fab

Download Submit