b6689fb438768aa6aa26ee57091a74c39372a7c40f7831466da6c5ffeffa9d92

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58fab0d7cdfc2ecf77d7c08fe6da361f_JaffaCakes118.html
Size

132KB
MD5

58fab0d7cdfc2ecf77d7c08fe6da361f
SHA1

ce69bd3f3fc2e1fb553a65d265768dc91150f114
SHA256

b6689fb438768aa6aa26ee57091a74c39372a7c40f7831466da6c5ffeffa9d92
SHA512

45bd98bc831131d0e7278f5b6854823a466387998311a67db71a29ab40623807fce5cd4b425c4d84b7a170313c983d4fe7a0c9d8031111353bf22fb690754dce
SSDEEP

768:2Rk1ATx+Bw24Tp7VgOAript+CpC0/gAtnakyhYkmQEDCheNQGOXB9kCjclp06cVo:2/HgOAVCpBgNky9Z5jclpXcDObtQYv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
3976	msedge.exe
3976	msedge.exe
3736	identity_helper.exe
3736	identity_helper.exe
5400	msedge.exe
5400	msedge.exe
5400	msedge.exe
5400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 5112	3976	msedge.exe	84
PID 3976 wrote to memory of 5112	3976	msedge.exe	84
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 3888	3976	msedge.exe	85
PID 3976 wrote to memory of 2296	3976	msedge.exe	86
PID 3976 wrote to memory of 2296	3976	msedge.exe	86
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87
PID 3976 wrote to memory of 1476	3976	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\58fab0d7cdfc2ecf77d7c08fe6da361f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13cc46f8,0x7ffc13cc4708,0x7ffc13cc4718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12204928536097536666,823030577022808131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
bc20c9ce808eb3ab8b51242f4f3ad054

SHA1
5cdc994a2842353ebbbcf57deb5f40cd000fc389

SHA256
3694f72a82ea0c1aeb9b8b900713ea704bb247445b2dd17814e871831b2b4e13

SHA512
8160d08acabe82de73a6eecbf946fb379e5d25cda4d2600e434f90f22b0ba5a89f44b012d9fa4ae457b9d5fa1d6e1164c6244934ac9e97769a3d4c5ff98d75b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0798177ff90fc3b7ee8f7498e6201092

SHA1
9c5707e7cc75cc3f5ff39072fabfe2ccebf94eb6

SHA256
86213dc27e8cd6b79c49a20ea3cfdc2e8f6fb2d9047be2dea67449b517235f28

SHA512
77e77ab3cc8f9ac2de1091486396c6e67e80cee3aac453311b1438e512654f850cd56857bf04aa5001e4409aca37bb725a6e04cb151c702751f215c63cfeb0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1341850f051607e4104f38dab273125

SHA1
dbaeecbed13f03ea7809779461e4189e0eb44d29

SHA256
008b1aa17e95a98662de19e553176299f5249c6ebd51c7b338c8415b36740295

SHA512
b6be5aecd3a4a29626edaeaf2df5310f95f682cfe724fbf8b0d4848179e8b45a5c6f579a750a07383242a5dd8a876e9abd9f1bda69078781f3f8a13a410c3862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f96ec03bc812b389be9291983ed24a24

SHA1
a0a11743f1fd663c872339363456dc28fd0a82d2

SHA256
05d1a067fecfd653815d076f5b93f3659d04889c5021141d03e42de4942466fb

SHA512
4eeccf717beb0de41ea62fe51c8c9a2da708e9b59a8fa36a23e0d9fba537874337cc4736ed07a689d959ef7f807bc680c9f48c4facd6f4fc9dd2d4ff0a099ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1dcda82eddf86b88a12c798ef9cd14c

SHA1
92402b07454fe7528890fb203424b79b3a4b00ba

SHA256
016cb1cfc84bd3c8f484364abfd5af97e464a94f2d3e8f91b01cb292e1c13c25

SHA512
d2cc32878330fb7cd189e7fada552ca67ef9b0bd83a2a0385c14274e14dce2974fe21ec3df2c20f28581f6dfe604a82e297ed1000603b4a83630dce801e040bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3e3cf435a3d87ad709ea6a83dcd10b8

SHA1
9e8a96994aff6af2d34b50c1132eb9ded8dd3355

SHA256
befd37b5736fdc6b2bc41e7ffa0e13aa85e5cae5a2a103c244ba236f5ef1221e

SHA512
57ca13db310c28230ace66448886dde5c29c4478359ae32bbcda41a4e66b56f48cfbe969555fc70325bb412dfee10059cb91f505c5bec991e839ad85622876f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da862bbf1c9c68c95e6e790b6af77372

SHA1
3c85dca94088e84942cf9d45d9a73f4bab64674e

SHA256
dd0124a60cb427ff1fe9d61ab5dea57f88b5b225dc32488724a5abb80cd580f1

SHA512
bf272201bdeee9fe88622320cbba19a04465428970df6525e04dd89197d5c9e2f8fce5095fdd5762792ef4677ad149512f89852c2f1f352cd1a8a197f4cd7f01

Download Submit