78e704eb346b22b108b6da1e70de74535b5e9e4d043ff7503e38ef04e2b5a636

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d3eb3850254e71a23ecb5b825874ef0_JaffaCakes118.html
Size

25KB
MD5

2d3eb3850254e71a23ecb5b825874ef0
SHA1

19bc82267f0e9502f1811e6910d0e5c2537fdd01
SHA256

78e704eb346b22b108b6da1e70de74535b5e9e4d043ff7503e38ef04e2b5a636
SHA512

4da49d5044f8ab43044637c275e79e31d4dbfc7477c15354248dc40d735eb9c0e23f4dc10d2092cda3e72ebf52ecd32798cf3b99955ef5549e9870ae9f9a3aba
SSDEEP

384:S5a6pe6m8u8AIQ1ZSkPkWU6DfhCccFF7XCT+XCguEE:S5a6pe6/nAIQ1ZSkcW77hlcFF7yqXCgG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3528	msedge.exe
3528	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 3388	3528	msedge.exe	85
PID 3528 wrote to memory of 3388	3528	msedge.exe	85
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 1840	3528	msedge.exe	86
PID 3528 wrote to memory of 3888	3528	msedge.exe	87
PID 3528 wrote to memory of 3888	3528	msedge.exe	87
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88
PID 3528 wrote to memory of 4524	3528	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d3eb3850254e71a23ecb5b825874ef0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1f9846f8,0x7ffc1f984708,0x7ffc1f984718
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14240687626174284629,15657031834578629317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
da9c87ce78feb7b7729f84d91c5fd908

SHA1
fdbcc2ea831589a8f70b5c114c438fc9eb66f48b

SHA256
9112927ac0946fffbc501029ec2bd5c265b61d7721311944b4ec2b910ced304c

SHA512
a66abc4a2371c4af077bad46caaa274ac16efabf0315467499b341e80fb41a62d7ebfffca963b8651f305e78fa1a046a07e5deb01f3d25a4fcc22acab8e9d173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d4f10e5443aa5f030ceb0b29e128af8d

SHA1
ec6281d76e022183022faa36b9ab6470ead8ceb0

SHA256
0a22a596e985e08e3a36812b0eaf6071ac4bbd25e2149f49e1288e45f888e9a0

SHA512
838fa743ba4eca4567bcccf9ffa0f28f94ba403b6cfa1bff9e35f4c8d02893adc555a3dbf2a09e8e56a96401ce29607faf2704db6195d4ed257ee10c96bb24be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6a12eaddabc14ed5a809229401a54be9

SHA1
1acf6a8f8d563cf26b6884f025b27321f5ff71f1

SHA256
43780309c4dbe61452533dea3a3deafb45435f79b326a6100a42f2936bb132b3

SHA512
87b18a8b07f9367f0085b148b950b77d5d52d2b9cc6ff7d8e54c92d778b7d3cca3c56ffa0e1fd9e40ef52bc571d4ea5b51bdac5c36456f33f657953969415e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b8318dad01b6fa819d4311b8d762096

SHA1
6532ad0d5dfd27ea34c2179839d15447203fcb1c

SHA256
fffbba0158ec2f76b8a54c9702ca82f954ab0f1d822e8acdd28b8cf04d1ef0ba

SHA512
449703d7a10c5a9603e0e98c7cea44b19fe9831f7ae6065a28cd54f5d8d45dba173c98baf73fdfb7ea8d021184445a8a19f8156a9ab100a0cdadeccf5c6510dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12a9661b37bf5098b76842c1ad421b0e

SHA1
cd310ccee78be887613e310166defc9b00891fba

SHA256
36f1d6fcfc0772fa573e3533302e677bd4feb8acd7566ed9bf5872828f640b62

SHA512
bc16e59711d1870c462d179b24079252461bfc2c5eeef1d937bbe29d58f2abc4984155400da24a24c80376e3fc29ea3f06d5b2a43f52fcb49286b1d436eab465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06976b090fd4687aa2dd825dbf7f4d10

SHA1
6c9d9b8a805396ee99c3b3c42aa35542ab3dc27d

SHA256
b32d0e5433a068bf5b2327f2e2e1b3106f13dad4a8c32ac38a534bb55559bd92

SHA512
bf5b49aa7bbc96a5fc04f79b3d7213e0201dd239a0f1029de05a222bbc31cf6bb695190eb423a76e9bc70a14c1e12e57878a76cb5762855ce958a22519a936c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d16425a2e1a7f6b77741d1a397482558

SHA1
90c0386f801a6ae3714b59541fb532eff91709bc

SHA256
f634a5ec1f99f57661a04590194b67abf2bc6bb5acecc81401349eb646ac69e4

SHA512
80e9344136bda9f00ecbb8bf9c25b0d9374d21192842fd87edf3a39d832665e46eeae8c3d04f791c9dc8e9efdb2110767d685a72b944deb4006dc3e95dc7718f

Download Submit