1b195cb441fe1b9c3e6913b39dfcc17879c299d48202e4faeb905eb5ccc42323

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

106d6bd4716d49be2e6c297ea70a1480_JaffaCakes118.html
Size

24KB
MD5

106d6bd4716d49be2e6c297ea70a1480
SHA1

202f91331d5665b1309fcb746ff5ea5833d8db32
SHA256

1b195cb441fe1b9c3e6913b39dfcc17879c299d48202e4faeb905eb5ccc42323
SHA512

b177e52bad1aa9893d366076ec3883fd9d86db685207652feebd69f1f36d0a4c5d0396ed0539b39e34dee847ed62c2d4df569b41524b36656f50707473f7ee30
SSDEEP

768:VBXuncf4khgBkDBPEFhtxTF5cwYLb+/syf0Z1Ozn:+s4kOBUMrthPcwYLb+/sycZAzn

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
2348	msedge.exe
2348	msedge.exe
1048	identity_helper.exe
1048	identity_helper.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2044	2348	msedge.exe	82
PID 2348 wrote to memory of 2044	2348	msedge.exe	82
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 2952	2348	msedge.exe	83
PID 2348 wrote to memory of 1852	2348	msedge.exe	84
PID 2348 wrote to memory of 1852	2348	msedge.exe	84
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85
PID 2348 wrote to memory of 872	2348	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\106d6bd4716d49be2e6c297ea70a1480_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6c0f46f8,0x7fff6c0f4708,0x7fff6c0f4718
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12503016363454506860,8881022465399615473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
25ecfad755572455883d0bbca4ad589d

SHA1
e2fc6abf3048f3de3b37fc04c51fb0bf125b2f91

SHA256
daaf92d93f927237d87b294d0082f210a5f24a350ca09a42592284216f28a9f6

SHA512
30ecd0537a6c909cecfae376443f11f0e33b4cc7c63974c8b2302eb314e621be7bee0e7d344edef357f1d6c4e2b743bfb1dd8f4321c7d9fc1af42790413254a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
905cd37568cbedbca4c002e4c58f4945

SHA1
8a782bd6ff6ccad1b18bbb7d31f6409006797192

SHA256
b8204cba0db71b0605ef338d50e4daf3f05e32bdac1f3ecc3e4a0a62d1d890f6

SHA512
1331095d5731c11fad2228be7e73d47ed1241019f97b9fef915e9dfd3810f7551aa790d81c5ebee2ece1e5a38a2b917abd328ca28c06f3724c075546deff1406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
69117cc84bb05c3a372ec27b7a5d5bde

SHA1
87e1be6745b07f12e5d2dcd9c238c27ba91bae79

SHA256
1dcf9040dedceb557c3962fc508fb4bd704d2ea83b01f64eb61f47b45f2e9963

SHA512
d8b4fc393ab47e8bec3b90b83ee1103383910828399a96f09b39e0eb56157bc44291824eb7893a6afb6e1fe1844cdc3fcb8b2fbf3dd301d7c8c0dc47c82ca2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
28b6138ca216f747418155f9e803817e

SHA1
f5f3094565fddf20c9823b969a96ce506dff9cfb

SHA256
5a2fd12ae382f851cbd76411beada67a067f914f4aad36538d3b0e7ed7ef3e31

SHA512
6df8bfdc7bea77f7c6b3c1ea64d8cf9e8a13a720937ce45f937e73e440e1537727411572ce8ac556a81d7c57924b786c36397019beb8d19e050785a6f25e844e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bda096ccf8b5f10d687022cf79011811

SHA1
e208964182de8c309a90ded4db43523f71c092ec

SHA256
3e4e906ae98a4365acabd13c4baa5bc25b5aae066697a8d25f06109c209e1c31

SHA512
c8f854f0bcd20d67f156d8ea74edbcbbf3b7da5bde120cc9626447dcb96b39e5579711353e62e4190369f60cb504e5ebd5106ab704cddb8dd9842cb51104788c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c7d62e703efcbfad293518f799d3ee6b

SHA1
791499c20982c1807630c740e3ffbd802ba7cfcd

SHA256
3eb2ac75ae7f2da18e5569697a7aaeff13237b39e38f1778d195ab5a90f90be7

SHA512
c27051d07766aeaf1f4b8d8bb4e6fd3c3115f75f325a7589b4c8998c63de12ac027c9b9444de5f9fa539134e4c2b7c5ab9e081a88ba3f327403f5a2566b16934

Download Submit