dfa65fbcf78f4323f362dc993d46fe558aa2a29a43e216b03e408005fc9a3d66

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09c395de7e8e42e69a6a803231e12c70_JaffaCakes118.html
Size

50KB
MD5

09c395de7e8e42e69a6a803231e12c70
SHA1

92e487a452f87abf0a0fee03d918fb49bb8dcdc0
SHA256

dfa65fbcf78f4323f362dc993d46fe558aa2a29a43e216b03e408005fc9a3d66
SHA512

e46c512164741c3a8110e0886788abb3474033fc1b74b0b2b6bb32e319b2b6db4cdbfbf2ef9004d9c3a5ba7a414781bac52438e198a3ec9477e5a2bb4c33ec52
SSDEEP

1536:mbs7xilwo/c2WFuTd9V9iVHcn+VWklibzBLIh9zvY:mbs7xiF0Ne18HY9Qifs9zvY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1212	msedge.exe
1212	msedge.exe
4528	msedge.exe
4528	msedge.exe
4312	identity_helper.exe
4312	identity_helper.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 3036	4528	msedge.exe	82
PID 4528 wrote to memory of 3036	4528	msedge.exe	82
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 4108	4528	msedge.exe	83
PID 4528 wrote to memory of 1212	4528	msedge.exe	84
PID 4528 wrote to memory of 1212	4528	msedge.exe	84
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85
PID 4528 wrote to memory of 1952	4528	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\09c395de7e8e42e69a6a803231e12c70_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab34b46f8,0x7ffab34b4708,0x7ffab34b4718
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1943181517835381227,7205165985732650875,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
83e48a655f440605b7d4bc5ed2a4e76c

SHA1
19043450fcb45cb0e262ce91bfc88497b8f3a4d5

SHA256
f1381920d10f3533895b663dcd5260e417e4d8542979a45ef4d15dac46712eaf

SHA512
039cfd204d27fd432b47368beece8c4bbb9fa7b414880be9851e4959211e40e82ba459f13c449632cf676a270ec7f8f6d8cab9c9afdb1e1305dd5d83d34f6c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
86e10e0fb6804d6caa6c097119fc85b1

SHA1
ab6c69656898dc873d71d24b5936d6ac153b9428

SHA256
a436c3496eac02b013070c68a0603ce63c650750b8645149f1cbf8f8e9a9afc3

SHA512
ee317d8757ca7cb6d7595a1e873a3e231bdb088ce2176141050b2a3831204b00fe0019577147469a3f9fd4be818030e6929f50621bf8f72d19821e6eaefb27e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d46274f1dc1d1b7a894780a1990f4bd8

SHA1
9d314b33fa061f14e3fcc2274df8df13a25d1a74

SHA256
9ef691d5b55c46357a186504c41e2a2a5a14c91bf57863a566bf481ddee0f70e

SHA512
59595ddce053c12196fc776ab650ec494a0c68c287882f2cbf50da06c336b4ffee6a5a1b1fcb0dc28ecad9513aa3d59bee0670382bf4cb2a0281fac862c6ab62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e303d969e231a629c1fa070369ccd5d

SHA1
3793f22849ba62d9e319a9396cb1135923ba9ccd

SHA256
d7c0f1231911f2160ae00eec578b4beaaed80a3dd6671791cc4e514161afc3b9

SHA512
667844f355b212d9d755b548ea5daff30f3bd114e9a5529e3307216f726853cc9b164ca613e8c7d3840de91d1a87748ec46e923a107019a8edd75dfa35712b13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9267459ef28ba183c6af069e7f348f83

SHA1
ae48c71962e56ecc8cd9b3234e9ecfd337048315

SHA256
6cb4de533f9f7aebd78d2997a4d0e6aee357da209cc32327704e0245046817f4

SHA512
c94afa8e14a8ef23885c099500aa5796e587a64d8b488867eb53b7bf5982b9b7e262d53be2abbda397819ec253b17e1e9bd8b3ac0199d4d5ef6fe5fa4d39f731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
219a7e375b7a8b537bdd8fccc275e5e4

SHA1
debc33ab060d4ac0998f5f3eabcc9e850020514a

SHA256
0ab9a849074506ca0a5262152e98ac4a34d82229ae4b483f2668203c098bbb4f

SHA512
dc9df6cdbefee54f7eb353881d81a401edf30a01b8a7ccaa0284e8fd55e6dcceed13c78e714682689f250de39e3936e3144b00bab60b5e12ea43e1c559673d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e05.TMP

Filesize
1KB

MD5
b9f9c6799700408dc5eb7e14d4729f63

SHA1
31e50a379fd357143093483bfd04bdda9a28fdf0

SHA256
c5cb66802b516394cfb4726ab574273049c3b52be7c9df44259135c71ab3366d

SHA512
60119bdc923a5e9b967cbc116617687813a5b80b0435913a6a05b8f15de0e8074845cb8bd69e06b2d3466f87510c8edab49113a0254856d42b023fac770ec416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5bc9bfaec803987bb15d5712c7affd8d

SHA1
7a8646658f206b892c2d4c96ab4173f2c1aeb485

SHA256
ce03c51345dc345f50a41313516190ed0a58b1e6de15103ad1def3fdd495b5b0

SHA512
ac3475cc4ef14abbb1d25dc7105b47eb4b88ba066f64c12818a7af847665e7cdf1efd36c98ab0df76481c734baebb4a2f1e8a0e3341a304cd950d952d0cdc1c9

Download Submit