76248fd278b4b8841d975c3eba34b85a8d3fbbdaadac82243d5924003f48d23d

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176a8bcdf843c119616eb65c6c4c6b3c_JaffaCakes118.html
Size

57KB
MD5

176a8bcdf843c119616eb65c6c4c6b3c
SHA1

a23b32c5a8596795f18652d031bbf4e38c0fd575
SHA256

76248fd278b4b8841d975c3eba34b85a8d3fbbdaadac82243d5924003f48d23d
SHA512

2e8582364fd40183e73e91f1dc053d6c86a01260ac9ef70aab1e0ee07280fb117f7a05559702fe5e3a1cab6690cbc2bb737141272425bd3db796cf0c770dce12
SSDEEP

1536:ijEQvK8OPHdyAMo2vgyHJv0owbd6zKD6CDK2RVroP4wpDK2RVy:ijnOPHdyO2vgyHJutDK2RVroP4wpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
2528	msedge.exe
2528	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 660	2528	msedge.exe	82
PID 2528 wrote to memory of 660	2528	msedge.exe	82
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3336	2528	msedge.exe	83
PID 2528 wrote to memory of 3948	2528	msedge.exe	84
PID 2528 wrote to memory of 3948	2528	msedge.exe	84
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85
PID 2528 wrote to memory of 4284	2528	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\176a8bcdf843c119616eb65c6c4c6b3c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa33e46f8,0x7ffaa33e4708,0x7ffaa33e4718
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7934488238389221327,10390511692764862289,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
cc2afab0b42a3ef227b51efecb4b2e64

SHA1
8d2142e0655b04ee2d3765f19e239fd8f25941f2

SHA256
11daa3d3b6b9b46e9dcca4cf0e0c35cdd6ddcab275b5aed5abb84bf259e178ae

SHA512
75506f01692801af5cbe1dca06a8180a4285fb94bb075b9d6eafb3fffc838c723f0ab466c5ea3672f9957e575791cca0234202f258685670fd9854bdbaa3eee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
b78bc1607d60a954c9cecebf7fadaca5

SHA1
5fd498af29b81373b284f0578a295f4d3145496b

SHA256
a6bfaf1ebadfa320ef6f463a4d2d5b7f65bc28a017fcbae58a92383b603195f8

SHA512
78238664ded6a49c089b9fa31538bc0d643ea55189f3f0d2fb5c071efadaf279c9f2cf12dfa62370a2872dad0c125d8d1b5e421dc8d4c825bdb462137620254f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b5301f68c29da3329e2a51ae864e4bda

SHA1
01eceedce405e7bb517e11331d06ecd2ae376efa

SHA256
12215411f189be6939666986fd76c7b22b184d80d6ce49fe097dc7ea412906dc

SHA512
c534b2fb1239949067dd29212254b17c5dd01d115ed80a565d0ddce19a48bf77fb227d42928781eef343bd09ee51efd6fa75899a3c046299c0e320a347d3f86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
465ac29c6832c5826be58af5f14a825b

SHA1
0a204cc052e98a08b9ab9085f2bb8ea43c6b6902

SHA256
b37edc7fa75a6deb7d088a6c6a5b41a7bc5b665d0671ae2778ee832ef4d58cdb

SHA512
0f31f745724184ae727f41e04ced82fd3e4b13f69aef51763599ab3cf593489c70de5effbc52b74f7001e769971a3de43023687abfbc401b09f9b76fcf3c365d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cb1e78ed7cfc580d882d9dc1b143194

SHA1
4f1b242814d9b91ca58c396161428d94a963a133

SHA256
bb4a27c38a9ade60a05dfe61220c676fd99bd729d2563d4bfa45ef907e5cf4cb

SHA512
71dbd856c6aa4261052ce4e566abdd922011f47b256b99f82c3de7946b1859bea7d426f0985106bc3a15963b5be4c7215710f2eae6cec6ce481eaaa91d9e8ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c311e5ada293ec4b4e3761490e29eaab

SHA1
fc33f3b26eaf333fdfb81c8daaa4fc7ff32c4e6e

SHA256
4eda298912f28d9aa19172a17cb8a5fcf399e39aae9fa4093128cbe9956150bf

SHA512
568fb02857c204357cf10d9244bf7f72b888baf843e661b01bd5ba0311d1091929501f271cbed62ee8b7750622a929915867a9606f64ecf50470f4aac06d6e58

Download Submit