a57fd8630bfcb990506fb4ea37e85b6a37190892cc12281703fc6c624a8a3c6a

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

565f3a8c5f9fcb993e9aa0c34989bbfe_JaffaCakes118.html
Size

42KB
MD5

565f3a8c5f9fcb993e9aa0c34989bbfe
SHA1

ee4f9b0889e7073bc55a5c376ca5618c3e3f9e13
SHA256

a57fd8630bfcb990506fb4ea37e85b6a37190892cc12281703fc6c624a8a3c6a
SHA512

efa026fa1107c1c73f5a4edd1d205de1b4dc6ffbc75968feda73aa5029343ca4913585ea0fa919f6383c852fe59db3cebdf1d58fde14e2ce23acaec5e04d6cb6
SSDEEP

768:Zcd9QZBC7mOdMofpC5I9nC4h9ha+1hTQwBwowD2bdPd:gQZBCCOd30IxCk9hZhTQwBwowabdPd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
3452	msedge.exe
3452	msedge.exe
2468	identity_helper.exe
2468	identity_helper.exe
5896	msedge.exe
5896	msedge.exe
5896	msedge.exe
5896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 2540	3452	msedge.exe	84
PID 3452 wrote to memory of 2540	3452	msedge.exe	84
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 3648	3452	msedge.exe	85
PID 3452 wrote to memory of 1716	3452	msedge.exe	86
PID 3452 wrote to memory of 1716	3452	msedge.exe	86
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87
PID 3452 wrote to memory of 2368	3452	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\565f3a8c5f9fcb993e9aa0c34989bbfe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef9cb46f8,0x7ffef9cb4708,0x7ffef9cb4718
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4536473630638801706,576844337264409187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
a256ebda381d7950672bd90e73d0c2b3

SHA1
488a6775fa09504b50634b83954a65a01d3301d3

SHA256
39c995aeea3c5ddf0ba3d2b6001cfb0a686e5bdbde24b88b0bd447eab92b09a4

SHA512
f572ceb8a322858f9416d4b75a12f2b97a8455ce9409c453b1e21eb5cd5b182d9f225ba9f2cd3d9c8ae82ea39e6b1c2ca6311694bfba6ec049edf2bc0e244f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
52e2b3515e95494459ef1d33cbed5f67

SHA1
1dbf4f7792c6acaff614821c8da8c2e35cb4bf82

SHA256
e3221788c39af8d849a6caba9c30fb9bce22418162832d3e1f813f5f45aa6773

SHA512
9362a0803bb54d9e8887b84803946983b43c827e8c5f98371222c9a74200cf911babbb69efae599dae1e4ff9f084aa2f49d45e8f24488bdce1ed6e2de6f08689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb2924ebf7600e863ce573a8ea444234

SHA1
fdca5505e4f755d74eacbcf9fbdccd38f85df488

SHA256
07ce3ab133473faf98b8be18dd938209e0d5fcdd5da741729e203e92e236cfd8

SHA512
3f06bf6567bc2827376cec986213be3d275a06153e6ca2d3a57200a9e4212d848156549e1b9a6bed28b61f87dce9b7f2b45ff0eba1e98ba88b965730208fb89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19765b7ff0d37632e327a564ce1565fe

SHA1
edeb47fa5502c075177689b748d8babadc5d1590

SHA256
2740381c6108a0dd11817f4b59c670557534ffb71084d49418b69ef827d0a540

SHA512
df750c7d8faa975c722c8384e5896775714602fa87625a8ad924d52367070899e3222aa4c69c790aeae5ab931d4be616fc8bb3ee6a5cea45437d64f0160912d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c4f190060ec85fcdcb1551d746017d1

SHA1
2a42ed6ff1c94bd5b2d23952b7f7ffa1f361a48a

SHA256
db33277c9c77a956886b368635052ab7f97a293c0e764f2b2e881a531cd47877

SHA512
bb43a4851dcfc89b4c1a5b9a98b08ba0b921a4ae09e53b5e879d3f4a763ea80b99c6ce6fdf47c734f32ef2f29ad8ce45b6e299c4737b2424c25d7a853877a29a

Download Submit