6a9d69e28f8ddfc8f3222331b79b93203ac6159e20184112058b8d780fd583f3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30caefff170c8234f6f0a9371d95f1a4_JaffaCakes118.html
Size

57KB
MD5

30caefff170c8234f6f0a9371d95f1a4
SHA1

d3a179a9cb482297f18ab41edfd8e5ea4438f141
SHA256

6a9d69e28f8ddfc8f3222331b79b93203ac6159e20184112058b8d780fd583f3
SHA512

cf3543048c10e8e81d04307c6162c7ae3ad541417a7a01b5c63e3d91010929aec8a05a2c7ec9187e07b5a50a197190bce9d7271594069104b9ad724558d8776a
SSDEEP

1536:gQZBCCOdv0IxCePXVfTfjf4fxf/fWfZfJf4fSf0fJfkf3f3fofqf2fqfSfHfUfnb:gk2R0IxbrrQ5XexhgqchMffQSOCa/sPb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
4036	msedge.exe
4036	msedge.exe
3592	identity_helper.exe
3592	identity_helper.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 1392	4036	msedge.exe	83
PID 4036 wrote to memory of 1392	4036	msedge.exe	83
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 2768	4036	msedge.exe	84
PID 4036 wrote to memory of 3704	4036	msedge.exe	85
PID 4036 wrote to memory of 3704	4036	msedge.exe	85
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86
PID 4036 wrote to memory of 4880	4036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\30caefff170c8234f6f0a9371d95f1a4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80db246f8,0x7ff80db24708,0x7ff80db24718
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6387449598951007401,10494983376902764265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
7bb40473b846c7c45959ffd62bfbaaec

SHA1
92645d4901efa6ba437742d6194b8d1185e3cbf1

SHA256
d4e16b3761ca79cacb63d83ae5e97d904a6c9bf846c2d75c7b49b10462a24f71

SHA512
04409033fd31e1cc46af97246156073c5f34e7986facd39dae3f92c778c43e5722b8c5095b3505a2aeca8c4dc84a4bfcff15b0941606f46598f02b82d0daa447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
854193fa4941a58cabf42d0b73c3cc92

SHA1
9080eb0372ec6a31f77a624e087b385bfe5c7921

SHA256
41e02ec9ba7f7eb79c307af0e502f41f43d50a5e4e62b30de208739848f17115

SHA512
bf792a42ca443d73d9463dfac9b39f1afe42987e4d1ab68e25228b2663ffee62d7c83602eda8d766a5ba4be95fc096a2fb9dacb07aa7a8d1260179f85a4d7cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f2d22f7bc767b99167b45a1f8706b50

SHA1
2d6d3b4c263462f0e1dc2e3abaaec8dbeeb35ef3

SHA256
35db076289dc25f263bf9873e19a590affc3214db6aee17fdff466cfbe5dda37

SHA512
c7f4c65edc962f4b6a1950337098931b7379b97977e7b553e71866f429d6535316661229cae740917df4fd9e4f4f00eb0a6c1d885e100f953a3195ac238fdc4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29701efea90f33d8c59aada24e8e89ca

SHA1
345d5110c7c84f54cd9397d51c25134eefaf5e95

SHA256
ae133bcf8cc5263a1b737dcf2335464186065e0d40521c87b0ed5579f7442ea4

SHA512
55f38120951bb3daa2d00a93beb395c67cc628c2f901d3e9c96ac7336082f7f64f80dbf26f320026f9913a7c85d0083c75adc252423d25c559fe2551798d1a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d53e7e22646ad791bce8b1827d5642d

SHA1
001b820f102d7099636656baf7f1b45ba2e3c5d8

SHA256
3f15d7aabc0544e873f2f4ff77fec208bb753fdfe9e73bb91d4db8154e0e4060

SHA512
1409fe4c1f9499c7fad3ec044c296a9033b4253b56da28cdb98f326a4e1bdb4d34b63801fec3a66d1a1e1587b9e5aca8dcd8fac6541acbc9fbcd06aa642ca4fc

Download Submit