ad38670be9ad8ea8813a79118bacaeea49877b8b9ede9f0b4e2efdb9be1c02ef

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 13:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09df8bb623cef821fca91ad345a12858_JaffaCakes118.html
Size

30KB
MD5

09df8bb623cef821fca91ad345a12858
SHA1

fe5167ef97591f512422f71c6d4fafc368ba8a44
SHA256

ad38670be9ad8ea8813a79118bacaeea49877b8b9ede9f0b4e2efdb9be1c02ef
SHA512

4d7c3031022cd4b6b9f06126fdf6a45d6a7bd69dc2124c641bd925019d7ba50fc314935f6154b66c2f3842d73c21792a42de227f142779d060cb49d594d06245
SSDEEP

768:T3mGf0yL7b/VEXjPWHljWLwPWz3bdRr/FEIngAN/zrVr:qGf0yz/VEXjPWHtJPWrhRr/FEI/N/zl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
3264	msedge.exe
3264	msedge.exe
4252	identity_helper.exe
4252	identity_helper.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 2004	3264	msedge.exe	81
PID 3264 wrote to memory of 2004	3264	msedge.exe	81
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 2912	3264	msedge.exe	82
PID 3264 wrote to memory of 64	3264	msedge.exe	83
PID 3264 wrote to memory of 64	3264	msedge.exe	83
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84
PID 3264 wrote to memory of 2376	3264	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\09df8bb623cef821fca91ad345a12858_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc8bf46f8,0x7fffc8bf4708,0x7fffc8bf4718
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,11851173499606760725,8927481197579549982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
fa812f5cdd9047354536f582f6fc9959

SHA1
3dfcf942d741b089dc967609e21eebda11b6fb1e

SHA256
dcf55c831eb803c52fe2c27b3dfce8785573f7e30236fcedf56bc5f15ac73141

SHA512
97a6183406968147b4b45ecfe01a0c1bef11d5b33aa303dab6c7e7e3da24c75d23ac6029d52a1d51cbb6f702b7b5f0f5046ee3bdf8052a464290c5615fea1bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a626ce0e72eac006396e24d4e24b1ce

SHA1
629a709cc6dea8c3e71f6a1d95945ec20c20eef1

SHA256
6bbd68456af2273ceba370a37a170b5633dabec11832bc0db0bf1d5cdacd47d3

SHA512
cf53f111e047ced79bd1e86f086cdab2e57a791d7a22aea30e767a33619b17f3f269425ae7417e33b4dc57bcaf80e86622e6f022bb257db7b66c5a82d46db20f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b845bc8cac002f0b9dc37232bdb2e9a4

SHA1
b6bf706a2a3ab306f2d91922624f11acfde6c643

SHA256
bb747a1fb97d0411eecc5eeaed27a7147d52ede211f0b8942ada4d585e4060a8

SHA512
92ba82a1e3824408a4a48562d20a0830f5f3ba38bc4c28897e49631bdd43abee071f5a623e5fb94c9daaa7704a428bbbcb66a7c8381f30c75b692cb06abd3a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7d3d265a7cc914d1f3db158a0c943f8

SHA1
e68cc99b999cc76d4c087dac61779f84286b53ac

SHA256
45708a57e5d804399c37526e5a745e9ce894fee4ca2f270d1ed8f2138b419441

SHA512
8402f7e6da1a900cd6a5bf0e4b0c52a5de5c9cc6ef8d635da4add17aae6cd508104cdfeae0a590e64b04b12f48069b01f4da4adcd0b5628482a15fa45c636097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e74d1f7fce751d5313283202bcbf6c32

SHA1
d6f93faafa4181dc7e5a27ed5809ba5464322289

SHA256
d00859bf4f820c7f78173a899ceadabf1308784566db302017e64ce682d390e7

SHA512
8e981d6de4fb92d0544affa80d55f38dfa8971365c79ee0a8b25586ee8cba1cd7ec46c0c0c3891da6815d874aff06945fe1fdf028dcf79f64cb554179c8d3eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9571cb516e274601384fd7549056f251

SHA1
405f50cc77d663459cffb75f8fb53088be517cdd

SHA256
6e35fce73447abe02f733b46b4f902d27b0296e4d09f7daa67076be0159e21ad

SHA512
30ceaa4d3f35a1054349619f0627ee60e97cac2b6415dc47125863642bb174982376551fc8131d92d598c7071cca742fa27fb52dbc904e18d18ecd1edc15fc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3dd4f1cb7ec1fba1aaf33b8c8a420fb2

SHA1
8184f7152255bbb8cf6c48bde0642d24c51803b3

SHA256
39fcf6e08ed1e67ed86fd855d547267270951e03bc6683ed0889d711be79d8ef

SHA512
258ed4fb8379ecbaa6d29d68addddb68b5aa67f605143c6a60cc3b61b30b59905450a8f4574bff37dbde307acd4fcab74405a341682897a77d371a240c000f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b621.TMP

Filesize
203B

MD5
eeab9e7369feac621757763314b5b683

SHA1
6ace49f40a15d2a37d330a679ca5304981ac3669

SHA256
e0c6ede607a91083afca2a68f49a3f32f281821102a8aa6940cb240639e9e214

SHA512
66f4ea3292922447e11f1602e9a7262b89919197ff2b018d400aaa0b0e0df18e7b566985fe770cad6c741f5131aa4bffb15cb643dfd515b076baef7a9aadfd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
9923ca4abc4cb2b34d11d3cbe89e6cdb

SHA1
12d1e8a49d58b73ca286b908bf82ce0f0987baa8

SHA256
7a948302a76a27981607f096622bcb4eba4a7019b38451b4b2cabab673774312

SHA512
7d091cdcd6ed99ef9a2721a4dea8820a300e7fc59341f7f86111677ac607751685f4f92eeabceb4799a5cb7a0951dd6ab59db3d258a96b4eeaa3eb187f05169b

Download Submit