012b97697abedfe3e42161f5ccaf239b584a5ce82240c734f9e1299bc1000a43

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 02:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

03ffc66c7d1d3d5b4093a4e55edcf06f_JaffaCakes118.html
Size

114KB
MD5

03ffc66c7d1d3d5b4093a4e55edcf06f
SHA1

96ba2f132762ccb0fb3c78f1a1ae0d72053bad5d
SHA256

012b97697abedfe3e42161f5ccaf239b584a5ce82240c734f9e1299bc1000a43
SHA512

17fe2c16425eb2f770a63fc514b35d1f7e735d8517112104e472b041cc2e4b189a9b1ef4f959cabb4cea3faa63728f992493509a76d535b81077f19f7a2e9af5
SSDEEP

1536:sd2fq57RUgvl686waXBb1Yl6KbAbAXhi5nsOcS6ENsYQPrRnbqP5ENw/iwAw/97Z:sI8T3YXLYl6KbAbWi5sOc9in5nlBLp0y

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
1220	msedge.exe
1220	msedge.exe
4488	identity_helper.exe
4488	identity_helper.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 3848	1220	msedge.exe	82
PID 1220 wrote to memory of 3848	1220	msedge.exe	82
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 1788	1220	msedge.exe	83
PID 1220 wrote to memory of 2840	1220	msedge.exe	84
PID 1220 wrote to memory of 2840	1220	msedge.exe	84
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85
PID 1220 wrote to memory of 1600	1220	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\03ffc66c7d1d3d5b4093a4e55edcf06f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe667e46f8,0x7ffe667e4708,0x7ffe667e4718
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6513871858981890430,15206007951052331509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
cbdcaa473973dd8d8667185566d8742b

SHA1
e228cdb71db712d2aac0c4ed6578019d8766869b

SHA256
c876edf46d599cc9e286fee96a0355191555e8058640175de8d231d113e1c0e3

SHA512
b67e32d05882fb033aec32e64ad687929c069b46367cdeef837aff22bb1b133312bcc6c2e5713cceec707a3474576749bcbd65449229f31686987438edb37e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c670ef06350a3751f9ec83350c5c4118

SHA1
650df3b564cb15876df173d9464ea8b97c8892ee

SHA256
193e8db5b460d4c1a8bde3d47ce70487a6b94c19364de19fa899492507fd7819

SHA512
df85b8f33723f52564d101ce1dc41b9aca75beb88b3aa15acbea5796c80c759fe417031179a82168122aae3311ff0c2a98122fe9313cf489f6efc8f29bc1e4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4cbb602d78dcde0096d0ce9329829623

SHA1
0289419863b6bb553f05848ff0e338a80011f401

SHA256
66f1152cdf8f2f0b968e3f5fd0c85e57058503f99f1a080903de1cf7bd9bc786

SHA512
6b451e6012af836b1fc1c5f4bfebeabd8acd00f10c867a645466c305e68994e96c163e819d30710c4f2de2a7485f1313604a529aea4e936bde70c576ce01ec18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c75bbe6dbcc43418a330a49537cb2f4a

SHA1
5fd8bfbef7a4fbb0fe2fd37d318d6a1a1d627c0e

SHA256
4f1f16632bbc578e483b341678ae4b23bffb5c48f8c681efd6839cbf5dc9db8a

SHA512
5aff327719a138aebd55d34e1bca960f7561750f6cc0ab2255e4a775ef2d4677e71ec9b8e031431ba9806134999d5768f063d9fc2b0e9e71f0d91caf3743d099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a691f792cc2aa2931b9196e856d2cf79

SHA1
87b152eec9a15ed3e5a3921ab814de581de7cdf2

SHA256
a406eca04e226587db04f1cc80815a0c3ca3b9c0c743997a3b477810de38f0c9

SHA512
dedc38946df54d76537015ff02c320380db324af188c4ec185292026723244097223cc0f0ccbdf38acb6fcb2e7599d75b8df90d588581366887195aeaa8c6380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8458e0c55757a5eb21d77c6bbcd1a47

SHA1
c4198254dd4686292f40d1a8f80e679997bf7880

SHA256
901f25d09b4f0cbbaf11a9b2ce96b89d9e197bec9b7ab1cfb51c66b30a698b1c

SHA512
b4e80614a18d3b9c720dbf654473a693d8ec931a600ccf23619cb48d25f8a44e1bf9a1567d2a0f51266da415b6d4216ac2103e548ed1ec57b641aa661183cd00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
66e1865f8ffdd84fcf0d11f76537eb12

SHA1
1bef6c789e23641dea5d3e67b19e5c12838fb5fc

SHA256
f258a54f96d5df221d7b5a31d9b367946b69352ef0988e9874f93a0605eb59ee

SHA512
18e5d77a8d9836d4b3897f6248c9ee7d103c951eb45d64fa1d621527da4be7f535cb9c18f87445cc9fca0b5431493077eb9424ff0fbef608ba5fb42748ea032c

Download Submit