0b27346ec5f59f9b288aca1db7c416cf462b796b9f727fddb7a0b68413829774

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ccc131cccd1722cc2d4b45feeb84324_JaffaCakes118.html
Size

172KB
MD5

0ccc131cccd1722cc2d4b45feeb84324
SHA1

4885f6122cb6c4f12b05b935b6297085acb711a9
SHA256

0b27346ec5f59f9b288aca1db7c416cf462b796b9f727fddb7a0b68413829774
SHA512

a21a54f6489f4b741a73e3853f4f142301024c72ce54f14d25b365f7a2ea859df18804d8096b8802d68c60b41999b69537721164d4a6f0804638fc8a19f39568
SSDEEP

3072:cvClHGzosgU9eJZY3gUbBYZ3gUtReZ3gUUnlZ3gU5Strnt9bZ2r:llHGUsXYq3XqZ3XKZ3XQZ3X5Z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
2544	msedge.exe
2544	msedge.exe
3080	identity_helper.exe
3080	identity_helper.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 1220	2544	msedge.exe	85
PID 2544 wrote to memory of 1220	2544	msedge.exe	85
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 4648	2544	msedge.exe	86
PID 2544 wrote to memory of 3088	2544	msedge.exe	87
PID 2544 wrote to memory of 3088	2544	msedge.exe	87
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88
PID 2544 wrote to memory of 4516	2544	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0ccc131cccd1722cc2d4b45feeb84324_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f8c46f8,0x7ffa1f8c4708,0x7ffa1f8c4718
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8223588691734539950,3909092698069773844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
03bd9259b22cfe395d7a0209d7eb61cf

SHA1
c1ee0b3595064a571251b6a20b3ac3757c9356c2

SHA256
9d872147a1ec44609692a58103a93c20884ed273dc9d5f793f16468beba93cc2

SHA512
559d03dcd96e7ab75d18e5480168790ef18f7d438896a4a4464185f885fdb551bee6b716c5de669aabcea0f65994bfa43d3686dd7f488b0ade8dbdb1c3d9063e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a33b1a93c55916612bad5c05f574013c

SHA1
77cdb24515d88b9239ec7d6686b472146dc898d7

SHA256
973db3dc5ae3328072c2f7ee7490879b02b63fbe46978af7a4e27840b3c70844

SHA512
8d2f281c910de1f648300425832ba0e6a6500f94e770ad702eaccf7769f9833323cc52f6a5869c803d9b2b3d3d8ff9ebf7d64424e678b9fe1ca90695051ee53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
42ec05b56547f9e958ae350c9a8d6860

SHA1
8f2eb2a3679e0d2f39019fd1ca8ae582f6ff5283

SHA256
29e08d0c5accf4612bf8093ba5c0fe837e1ff004089a43c9df7d6b0e4e5cf086

SHA512
609de33bd645c93bebfce84fa0cb28212d2b6a029e073e4ece3d1c96a915bc4f351050e930ae4cb97910816162348083570be27a11bd8141854d8626abf7df0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6711267d59360b1ffe0ee2c3e589f589

SHA1
69428ffcfe73696dac1918a9b8c696cf30498d9c

SHA256
cd1a3a507b758a81f6b24411cf5967ca8d07fc595a484c307311c20c655fc9ca

SHA512
4f37eedd7ee75fd2e2fdf9c9efa0fc92381838fddb12fe4f5ef1848f6c7e9b544c468b156a7e7a38ce652768299834497a09abf0b9b1972f0633d48d78a5596c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06f81dd3bb367d60373097cbcefde361

SHA1
3f8b9cdcf835f3422824a60c9a11a6821234bd9a

SHA256
254ffc7aa69d3b691a7f628148c19898d4fa74540fa4fa29e510cfb39152c249

SHA512
c22e88983b9a718704aa2fcd51533571b6a108c03adf9b62c5c2350b0064c2c8422fb6b997745c82628752ff38ce4a8d1cc767507e3b5eabaf01e612a2f80929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebb9cf20a41649586e3b0ea637d1ee71

SHA1
b50140ec067ce791aa7ee1d4c336d1151d351813

SHA256
196a70bb9cd9578d8f86e6dc669cba8daf311fa0268a23554ca124bb4d2e4cd3

SHA512
71e1c3af8ba9e0fc3d8ad76241778789994bb65c239212636df347b1f1bdc982eb1287ccba871efdb18d677f3fb28acbe29ee1f10d9538cbf722801005c3ebc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad5a780896abf71af3852c3b3104968b

SHA1
4fda7ecd0a44e5d4c52bfce4ae9d5bfa015a4e88

SHA256
35d6f7e76fc19160c3adc4827edcde2fa5d123c09ec517411618aa8c0f1c5931

SHA512
b07b9c934181481fa2689ab96a475f482ce9064459ddef86137c44edf8a2bad9c8b9b6781bcac7a9042fc068a9b231766241e379a31519976f34f592072dd5a6

Download Submit