f7848f8905e796e5b7c25c6dabdb965de84ffb9ece058f1e44e7706f2877f17d

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8c7865dcd0d343e2aa6c7623b588a2f_JaffaCakes118.html
Size

115KB
MD5

f8c7865dcd0d343e2aa6c7623b588a2f
SHA1

a4b5951aa85d8161e51e218beb14f3744539ffd0
SHA256

f7848f8905e796e5b7c25c6dabdb965de84ffb9ece058f1e44e7706f2877f17d
SHA512

f729a9e65442c70bd4099c5ca71940cf9f153563a5ed2ca47c508f161eee861a2cfe566840dbd9b3c374ba1bb73ba31148c9ac017560eb449a7e1bfc758f6e6e
SSDEEP

1536:1YuNuNxZOPdDcKAE41ZbFA6bL/FtCDIjpPnSFVIEtmOSOd3758eOvDuO1WSfCeIW:q6uxIP6/F708Ft5FevK2DlZfdE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
3196	msedge.exe
3196	msedge.exe
2148	identity_helper.exe
2148	identity_helper.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 1328	3196	msedge.exe	81
PID 3196 wrote to memory of 1328	3196	msedge.exe	81
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 4480	3196	msedge.exe	84
PID 3196 wrote to memory of 1520	3196	msedge.exe	85
PID 3196 wrote to memory of 1520	3196	msedge.exe	85
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86
PID 3196 wrote to memory of 2760	3196	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f8c7865dcd0d343e2aa6c7623b588a2f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8705146f8,0x7ff870514708,0x7ff870514718
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7181196293815038401,12789956010026173260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e7b1f72a6a4914a5cfa0d31bd44048eb

SHA1
6921bc7a275bd05b2842e2fdb4dab446a7ad158f

SHA256
fdae06894847c6898f09c8bd59e72a84b1e865c35ea538edb804929027d52227

SHA512
0cdc6d44709edf51e1279337741f0c401ff9a62db6af23cf9c0466bf1bcbea40090bf6aa9e1f5fe75ba4eb584c9bd245e5d00902b655aba999bb7bdc9ac2faf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4671cfb08efc92a4695906f2f7d312b

SHA1
07961db91a7397f33b8e708719a9c73cea53e91c

SHA256
4ef612152b50dc98b2c524b7623e88f1ea499d421c3acf0057477da4acc442a0

SHA512
31adba1c6f53834cca85eaac227154bc18b8e99baa28a7e567df3473eaaf7f2037c7b86e2f0f58983650b45a6b2e07f231204b3f7356cb30b5bf3e9184148551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c7f90ee17505bd945184c26e548cd3d

SHA1
281fc4da9f29393682c4a48be6b8e5d7fa828dad

SHA256
20eb53fcb41b4137cece8d0e587f4ca7ba716488090b0ec3816de9eeb96e4ba9

SHA512
f9f97b86f73bda85901d7a33c59f8475ddccf307391de5bdbe9c07b31af2dc40b2ffdec2bc287959d88bef9db4c92594a66d06f1b5b048b3e966512d442926b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fdf7c8f6ec7e5e55e2ec6898024d6c3

SHA1
33f80255bec812d85bc077774d8fd931a14b9f4e

SHA256
471b5665d21931ea23a7f5c24eb3b9be0d956f68e74ee1e2788a00a83b3c04f8

SHA512
d68bc9bcc4da81e15f9e0cc1dd626553ad551b7267e5f8b0f6bb622f125ecc0a4bd3f9e1f91a21a0508932fc3c38761800bc7c858ea4caae96e38bb63fb365fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c5c2b125b8498ca3808ad98a6d78954

SHA1
a4ba8e431ffb7067dba648d9c1a59964fc10907a

SHA256
c99760a57a17accd76979511f069aabc3c895bbfad9c6abe7aac4f82bf3a325d

SHA512
486f6162bbe41af03dcde29b1387d85dca6d1044f7742cf706ba2ad7bb1ea54b40194488c53daff8fede804fccd955f158726d209c8b6ded089a918b7e6c8181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d3575d28b8aef1363d8e622f21408c4

SHA1
9f3a7174f50f1545a39b29ec99913480e983330e

SHA256
8d87fda321c30f700df92f5f088148333f6ec5c81595ae05155e74a7d3b930dc

SHA512
b568e0d148018c287abdd0d7227725a8f6e42d12bcdffe256251a62c415be95ff23c26c64ee3e913610ced55fc4478f76858babd30976135e2e7ecf2793cac3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
008febf53ecdecad0f1bc9109480d42d

SHA1
bef75aacefa2580ebea3f9f759dd41c485c71ab0

SHA256
a7c3719972f5580bad57b7466be46dfa2fb29d104d5d0972f1ca7a9e10103c2c

SHA512
1e31efb7525f864a22ed9ec2df238f5673bba7deff8472211d073745a9c3d76c7e079275d4c290e5ed97b2345e3c8ebf3fe59ec95cfdbd9f35c3f3a30fe6a3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58360f.TMP

Filesize
1KB

MD5
bd25cf96070b02b060511ee436471d4f

SHA1
600cbf9dea52d206c7bba4c8f128e47a7f147626

SHA256
c6797529c0ee69a79a452bcd282e3c14dba634e89c2852c5e7430df156fb476d

SHA512
aabd7e829257f9b19c69d49ffd8c33e2f7ae2528bb0dfba333c152c2051308bfa98efa180a00f3ea0792501ce8c3efd4a827b71515ce292bc0804147fc014bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38f6da545b34eda00f63ddc227eabce7

SHA1
d7d9e872f7e0dcec0ab3001f1fe6d6e59f8e7121

SHA256
2526d6964ab088c160ee9d61d507e20567b8d33347178253bed9cbb135343445

SHA512
bb998ebc53b14c024949573a030cf5c4144c8b1a19b84f4123e874c2091282d8dcdbc7b79898f89e23f2b25ffa498adc451bc92683d72888125c1c0237a088e3

Download Submit