3c8229e0adc3f1f4264a06ceef15274786dcbff1ce98888ecd5b7a9f27fed571

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13e476f17039ab02059092d3afc94e61_JaffaCakes118.html
Size

175KB
MD5

13e476f17039ab02059092d3afc94e61
SHA1

e47b4e0bf003d084595b1f87ae426a944ca1cb65
SHA256

3c8229e0adc3f1f4264a06ceef15274786dcbff1ce98888ecd5b7a9f27fed571
SHA512

cb207b6a0bd7979974c9920cc2baf9056ec2ebc78cc55c43e798f408ca175ec24984afa5438d0c73b53babe701a54e93e1098ebe75c27d0246c27bf9af3725a2
SSDEEP

1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3ZGNkF8YfBCJiZ6+aeTH+WK/Lf1/hpnVSV:SHCT3Z/FZBCJixB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
2832	msedge.exe
2832	msedge.exe
4736	identity_helper.exe
4736	identity_helper.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4436	2832	msedge.exe	83
PID 2832 wrote to memory of 4436	2832	msedge.exe	83
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 5000	2832	msedge.exe	84
PID 2832 wrote to memory of 4916	2832	msedge.exe	85
PID 2832 wrote to memory of 4916	2832	msedge.exe	85
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86
PID 2832 wrote to memory of 4872	2832	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13e476f17039ab02059092d3afc94e61_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4c6746f8,0x7ffe4c674708,0x7ffe4c674718
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,16380440615483756859,12369366195405975438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
42a0fa51c621f16a3ca492a25e1d4fe3

SHA1
5a7cfa5b77150832b127bee00a97d84937fc85da

SHA256
97dfef1d8f8aa47731e7712e1bbff8c4d8eee216e782ac2969b1408d0f00537b

SHA512
98a36b59bce57170619a0345d78be90eb8cdd2e876db0eb09d6c206a138d1655c669eb38bcf687c33d1af2ee826f5018b3388e032ec8c10d38aa370add8848b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6940adc54cee10aafd8b8f1a50d281ca

SHA1
3c5515b4682c4234ab8c85c54e78eabff64dfd73

SHA256
9ca522fb34b9b995d4a62ba6dc31ce082b0cb1f2fb6609af3db1e7e355791c4b

SHA512
7bc3f1f79deb6ae767a2da0a9e61f0ec464114cbb1b8a7a2124ebd6b1565a92390d8f4a3e62eecc8af4e67904e6ffa5ef02c87e21f8d0f524d1617e847e1c1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
314583078ebb6c81c23adad8302f927c

SHA1
c67948ce482d3001c09d9b46c927dc2ed4f5a80b

SHA256
f6c6609ae2eec471ef515dd9a382bd1ea14d47c863b6957d21871a779b1712ad

SHA512
316b6aaf8ab6c1b4e6351c0c98151349e9af4f885f5f01f5ebae47717537c3e5affb1c2434f24750fa50197ff6bc6249203b4dd03e45adf65fc4acb6c195386a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a5db05d67fbc50233af4cffab496478d

SHA1
cfa3efee319da4210b42dff8b01be75cb54076f8

SHA256
e87ad0eefbe991e2b3d8919a88444c9da935532087f0dc3ae0635932261ab9a9

SHA512
384af94d37869ecf9d5da012aa525f2f9ae196212a7719a75aedbf78b03a7ec722e351a28643c11f0fd516ea43abd7b947a3e9f57eb0b60dbacdbf98a2f31eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e61f4be2647793568674212eff6a366a

SHA1
0dc363323574d3100737abdd5ab12067dc594199

SHA256
a577f0490a0ae50209dc494bd9de9e3c1b7a8da6ccebe79d712b397fc806387d

SHA512
688472a4dc8123369a281050eb5bf7b96ac0bec8a817651096c73b4b2763f0a0a562a59f6af06caae282ebbb4b7dc80941083eb53fd23e1bba6f188d86384f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e135fdd1ece36133dab113b2d8391249

SHA1
c7ad689a5411f0fd4967306a6e7d63718b937032

SHA256
426053fc71241c43e32c997697533af8c70d696aaf54eff4f0d3a6472a076861

SHA512
6b43de9c44957a6df9f2bf659e4c7e8636a9ff122b4c90455b407c6d20ee051b324e2fba4064f93a7c011e91ee68131eea55592876138c4a0f8884b7b8ab527d

Download Submit