99fada1647c8f4d4bc411a979f1a2c283a5e84f21f623c63fca30e4ee92e62b2

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7c8c242796b2a654d9ac27a5bf175ac_JaffaCakes118.html
Size

174KB
MD5

c7c8c242796b2a654d9ac27a5bf175ac
SHA1

1d2cab4957a234cfb8d1cae23036e488c6e02fca
SHA256

99fada1647c8f4d4bc411a979f1a2c283a5e84f21f623c63fca30e4ee92e62b2
SHA512

7828fe0476e83d76500d91500955d6683f5e8395baeb1944819c75ccc7509a5975d407052f867a1a0961dec8adb2493938f00efe48a9967a03ac56ff65d76e2f
SSDEEP

3072:LyuH5nzbslDHjfkKG532lt+fudKja8u/cd0sQv108Jlj8mxC8eDFdYQEFfs2nYfK:LyuH5nzbslDHjfkKGEcdCCQVzbv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
4508	msedge.exe
4508	msedge.exe
1372	identity_helper.exe
1372	identity_helper.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 3028	4508	msedge.exe	82
PID 4508 wrote to memory of 3028	4508	msedge.exe	82
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 4620	4508	msedge.exe	83
PID 4508 wrote to memory of 2244	4508	msedge.exe	84
PID 4508 wrote to memory of 2244	4508	msedge.exe	84
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85
PID 4508 wrote to memory of 3308	4508	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c7c8c242796b2a654d9ac27a5bf175ac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2a4e46f8,0x7ffa2a4e4708,0x7ffa2a4e4718
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,838747355876638668,11942280579150986286,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c5bf47595edfeef5742dc5c54e6ba46e

SHA1
ddb06f25c6441d697b9f5412fbd0dbb46da1d68c

SHA256
7e799ea14cb6315be99453a6ba261a822326e0ac445e0fe618a07d9053ee19c0

SHA512
73da6fe97839f72bae4f3ae8ca252b7df37e370998e1c52d48eebd778ca6108889d38de87df5e2ae7b34dcad13bd170734aca3ec17bdc932f2e08ed58334b204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58da4ecc934ba3ac81ae2233123df512

SHA1
8a50a48e10b127680ec9441e2823d9409e9545ac

SHA256
45c58fdc21fe09860e0a7a119ff1e8860d70d2930a7666dc5a4fb43edbf74459

SHA512
b46f38629ee3d1a0b229ae339c676969dd021113ed1f4a65098bb88b1296de285dc0821bd8d27d19d6ad484d1ee860bc5a2f3cbeb4f277b06b4d3256ffbcae36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66f638348ce06a53a5d8da02e53f5d00

SHA1
5724e2d23cf3b5fe26284204d4145feb8090ce1a

SHA256
bdac86178e86d5de9e70a8d9c9b0dbde809e1d12303d60d53316ef396011cce7

SHA512
09a96bf010c9a0f99d1a83106ad72afddaf4c86d19eab2ae591eb0d056f5aceed4e87d701c7dc3fee3ab1a9ee52a44e8b6b17c8d60b8f828d416ca05a5547657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
560f1e210be42bdf969b7bda7e350fe2

SHA1
9f9d715c288c678e564b3890282d82e3f500eee8

SHA256
dd1ffdf85f9d63dff736cacf2d12e9552f1753fd45dae1a663c21c54f350d8a6

SHA512
f4e8d2403f7a9740fdd6f4d0908fa53a1c3f1e431462be2682c3863092a7c7afce751172dce5e72a49ee8dc330b44c2d15795075a83ad0bedcc7e202b27cef6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
3ca05ba79e680325c83136470be09d4b

SHA1
517a7df779e11c0f84b9eecd5dcb1099d46fe9d9

SHA256
7e5903146cd0f4f6b80a050265f5b5418a8833a4e29d3433708cdda4d5da8b32

SHA512
3358cff4a0a98ce872955ce418a6daf77d07929af2fd68a2d8a21e58245e3f1c36e9451f81db596f3dd8f0f59fd0109d16833035695f345aa195f9297a2e7b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f86a.TMP

Filesize
370B

MD5
eddb425ec6fc98827d948b88c23f1acf

SHA1
3bdbc3faf6aa0c8dddf390ae3fd1d51d520499e6

SHA256
54c698a7e89080971c521a2898a44db9b597ebe0411d55e83f798719859914cc

SHA512
72e7d5a54dcff1fa28e4d14a4828d5c4a6957ba1be1f2c25fd83ebcc0676208b2622878dc614cd8b087e7dd9894c7f111f54f663eb03304645e38a25185f7ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6f0c52fee660cb222e1bfa5d67003b55

SHA1
46a96dd4dd13832551bca408ea5b10b59bcd08d0

SHA256
a8541e22c871baca4832d6c6e87d94e32d452b2acc1e37ae9d073ac9cc9de92f

SHA512
e67e184c23af7327a4bf7bb97ea27865e94d9e7f897a3f9312c81b6df68c4796c7a5f6f130e26953619d5e010edba4661f876ab8e4db7f9f0d48bb8b2d74a079

Download Submit