f49edf38f6ebb82bd7983098dd8b6e22f4834d41fc75440230fab686b322a000

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40f5fa0829e553ead3239542a7c471a8_JaffaCakes118.html
Size

1.0MB
MD5

40f5fa0829e553ead3239542a7c471a8
SHA1

f31be8dec4bcc2c1c3fc10d7e10ba574808ec5cf
SHA256

f49edf38f6ebb82bd7983098dd8b6e22f4834d41fc75440230fab686b322a000
SHA512

4d5f9dd979fd21133ff793d18dc774161f4828cd602d9921674bf94abd007f046a1e5273e2cafc0e32a7ec806291e2ec6d5238dc11f08739b668747c298cff15
SSDEEP

6144:hkclh6of6dhNE+0Qq2yP17rBMj3zeH0yWe5nEzDnxUOaElwdyMuLVWH:hkcl026ZE+0Qq24rAO1jQL0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
3768	msedge.exe
3768	msedge.exe
3456	identity_helper.exe
3456	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 2784	3768	msedge.exe	83
PID 3768 wrote to memory of 2784	3768	msedge.exe	83
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 3912	3768	msedge.exe	84
PID 3768 wrote to memory of 4816	3768	msedge.exe	85
PID 3768 wrote to memory of 4816	3768	msedge.exe	85
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86
PID 3768 wrote to memory of 3060	3768	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\40f5fa0829e553ead3239542a7c471a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff874cb46f8,0x7ff874cb4708,0x7ff874cb4718
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,10934194600907017587,4021693449017579235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
95f8feed4bc122b1961c8d5cebd6d7f8

SHA1
1bc14ad0123377d088e847cb5d8975027a737f34

SHA256
81f29660c9954c74d576e1ab6629d7400d5005a7ceca777260fa5d91a182b38d

SHA512
257b760321efe8973e1df82528c7456819ae9bf6d83b92bd2116f9a10b6f08b2a8e692138f17e1ecba0e945ebfc54fb20b85a2b8c0e8cbfe901f4b32a0644218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
551aa9304ceb75d5a87973b384d231d7

SHA1
56b8508ce4478813800eb0002c5af39c632a938e

SHA256
86f4cf5bda6a80ef38bd55d0868e062fa864a5d1cef679d51d6c6b175e5c5156

SHA512
397d6b37a37d1118244637bef0dd8ce7df589fac01a6e4cd392bc24ea408081feb68e16df05d7b2c522abd7bdf9ca1641b0ccd4714b06ace8fb2385b390b40df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a36f4d427945f70eaf9290349cb13740

SHA1
58ae64d04f89b71b0a195211677fd8c187fd24dd

SHA256
ae397320f83b311cc29d6601152da11ea3c2cdd90fa7a144b538b5ce20987db0

SHA512
28c13e857b1c23f0f5e8aca1bb7ad44f7255d18e08f944ae138632f97c8de1e24121fdc6cc5bb5e937c68d15649486091c6213aea36336c9a4f8753afe001727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81975d483088c9761304c04c08f7a51c

SHA1
85a2dcbfd500226b5f53c6aa69416ed18ba55f3d

SHA256
2ec4aa70a67bd19ff38ab160155545f7f0aa5495969430deaff3b665a22ced54

SHA512
6a4046409bf2d28916ca1d8f75d74229da52a7bbfd93bbe89d58f6794b5e9d23ffd9f43365bf4c34d6b60664f546842e4b2c747a6043f5126b0b1f267ed4ae2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
83ee015dd926811cdb65d28106ec55cb

SHA1
543f2d821d9a28ab4a4cb0e32b7a971686083759

SHA256
12e564bf1a73f98653a656c1c539903476bf74c03fb42192d4dbe881ef84c28a

SHA512
1e3b455846a07fc2ac4896812de88e17ba8a65deba8af9b61bcde78b8988864e3cbdf35cc398a18bf46bd4a4ca3eadfe05280ab5a820b6fd4ccc6c1c255ee2c9

Download Submit