8c88e034cd63d11fd397e69d46fa994ed92a5870e8057185d6d39c87a7c8ef8e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

054e37d2a0a945c9b1de64833ac39a1c_JaffaCakes118.html
Size

50KB
MD5

054e37d2a0a945c9b1de64833ac39a1c
SHA1

3344b4af93731060cb9dbcd33681a06af7a95453
SHA256

8c88e034cd63d11fd397e69d46fa994ed92a5870e8057185d6d39c87a7c8ef8e
SHA512

e0223ea2868fcf27ff370b2fa70b54c37c78f1cd2413d3e2e3a7673fff348649e4c516221a7874b707e6a0ca732d5e5e7385250836c117eb37be29b3d19f6ff9
SSDEEP

768:MX8Jrpje0DnLmCQHNeTCINdYlu1ZsDkDCoYNyL+qD4FEVZ3obdiD7rk:Mipje0tIqdYlYCjcVZ3obdr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4968	msedge.exe
4968	msedge.exe
3824	identity_helper.exe
3824	identity_helper.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 1344	4968	msedge.exe	81
PID 4968 wrote to memory of 1344	4968	msedge.exe	81
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 3076	4968	msedge.exe	83
PID 4968 wrote to memory of 4796	4968	msedge.exe	84
PID 4968 wrote to memory of 4796	4968	msedge.exe	84
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85
PID 4968 wrote to memory of 2520	4968	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\054e37d2a0a945c9b1de64833ac39a1c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5ce246f8,0x7ffa5ce24708,0x7ffa5ce24718
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17150778879493084456,17120801187066663065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7e06095c55333232160c8613aa8497ce

SHA1
e3abc06ef52842f02a4f61aac81533d053e2db42

SHA256
d583841b167143b01b4417734f19696aaa451b53feb95a41a8aecec0f44100b3

SHA512
a47a487e7d0ce65dfbbec4045a542505393ace2fe372da576d0682c3db2b295a92d64155076f612df95935460166a9e4cbc7d169712328c1fd24d27e8e85549e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9436c5e6312623e613945186df72f974

SHA1
d060edbb8983a1ee889f1f1db6738ca6346536a0

SHA256
f7d264dcb37b0ab1a682748ae4cc37a9e6ee949ccc6f9ee25e69fed925b6f8ee

SHA512
783ea4c26f0620ed2b2768539f04900b42a8105870599ec6ddaccabbae9ad60adb985e4f026385c58e66e94629187e7a7bbe8eacfa280bf5089067ae61a0454d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73c604bb45944af4a7f074aac3ed0f4d

SHA1
2d4cca9f72019d6bca0def4608c2ce1ca3b68acd

SHA256
7ffb4a5c37da936fc2fe5ea8fe1a75d3dfd668154f092178a5a07bc3ec7f102f

SHA512
fa3e71f28376b6b439a9e0488289f0ac552a050da27a1a60da06314b4963508d44ce5dba514fe5047b7d6e8c5186d13622d3ff6656e64c86079010b94b3b78cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8a670c596b12d3a238688c26a34cfc7

SHA1
d60631ee47bad94fa6f15c034e0d270fedda4099

SHA256
7456808667804bf6a150e6a3c579daee211cbec2c59af2f61ec3d7c177a22073

SHA512
4d35e7493d45e2cbeafb78e60ae2b6b690328f418b34f46cbf3ce1d12855af6ee058b7eb9c52010843e3db3d823621d630b270b615af87987737030baf34bf47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cfbffff0afafde9955282dd29930ba0c

SHA1
f2f1430d69450c82217aa50bf7613d1fbde2fed7

SHA256
18510b9fc78e45542b12e31c068b0fbc73ec07129c07fc440a94f22cc1ec6f1c

SHA512
12246581b99937ea48e15db6eb886bb6cb06f7ce0dccefb88a9efecaef5cf851b36abb752908616a3e54d087f5b7da9ea445b75a2d00036956d2eb7f5cd45919

Download Submit