42f197bf01c38cf0a9aacf9373eba732c15c026f31efd98a91f083f7f5023d55

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 03:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15bb1cd4aa8e4e62d1952d5e115cc38c_JaffaCakes118.html
Size

175KB
MD5

15bb1cd4aa8e4e62d1952d5e115cc38c
SHA1

41b4c440b3a8c6c0efcba785fc3f84b78e9a9642
SHA256

42f197bf01c38cf0a9aacf9373eba732c15c026f31efd98a91f083f7f5023d55
SHA512

4cebcaf6b997d4006b77d01b98a65d0f593b6b886209930b5f4cdab36edd0d7aa4d5022586547ed7bbfb3d2aae3331aee75b9bd9d0d647eca2bef8ecd5085204
SSDEEP

1536:Sqtd8hd8Wu8pI8Cd8hd8dQg0H//3oS3NGNkFcYfBCJisd+aeTH+WK/Lf1/hmnVSV:S4oT3N/F5BCJi9m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4140	msedge.exe
4140	msedge.exe
3376	identity_helper.exe
3376	identity_helper.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 3124	4140	msedge.exe	83
PID 4140 wrote to memory of 3124	4140	msedge.exe	83
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 2224	4140	msedge.exe	84
PID 4140 wrote to memory of 4120	4140	msedge.exe	85
PID 4140 wrote to memory of 4120	4140	msedge.exe	85
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86
PID 4140 wrote to memory of 4072	4140	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\15bb1cd4aa8e4e62d1952d5e115cc38c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a5546f8,0x7ffa0a554708,0x7ffa0a554718
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,11213288818580475252,6228117117383834342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ba277ce0e433b8d6d4bfe29922668a01

SHA1
b318309aac5eeadeac3f33108b6662b72c5bd2bc

SHA256
e454b8d869740698b2be419952f383baa215459dc031513ba919a4ed32940cd4

SHA512
221a96c8f13cecb2527c7757edc34a5de82a8bb56f7e5af769cfbf15a4a80ba7d067ddd461cca6355c9ccc774dc3b07e4ab222291008d9179afeaf76c9ef4880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3e8aa00f2f77c94e9d25fc3bb9c70803

SHA1
e917ce44f82c1a95e2967134e0720a9c0fd58a5e

SHA256
78a852be700b23eace831338966ef5bf80c913165b3cdf95f52f4351e6cf2a8b

SHA512
61b88162c06bae00fe50a2d421f509a1e88c2e84ac9e831414294ab6e39d870b56afb617213401ee6511a5004f51e3f3868aea8d4abfbb2dcf68db301bf00441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
24688c1de3b6ea9fdd11b062e5671702

SHA1
32897735fb277a5ea37973bc81d02bc3f6386808

SHA256
9a3e33d96a5fcaa7c1a83414f572941f05a9fa56032b84b8090c5fcac858f00b

SHA512
599a22e658aecf89a27b0cf2ec2ba61165fd9b5075d7c1b0b1898864868d5b219ac0f80e2d4c1c6654a3b32fadb27f78a37f30ea6cfd95795f6a17413af70c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
592bf4d79240f688e9dff42a088bf896

SHA1
ed5538ff9978ebbd474d00d71169af7d6d2cb6f5

SHA256
473eab26029f626e3537a8cb9f036f70c50fe1560874cefe6176bd973dca7154

SHA512
e3f372daf2f47a8429f89d61299348775a0214f16e533a34c040c41e8062d0b1b4466db92aa7077fe58c09201803b6ecac2d6563ce3ab46f97189ad3b8998eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ca952b3bd77494a9f43942ba8dbcab30

SHA1
ecd20af895bce5d7287da46e8441d4864a7cc746

SHA256
c3ff63eac329312ea360bfa0a106752bd1b608a2e42ff6a848849fc5ae47f090

SHA512
e2d45336c54bab3876ec9d88f8b5522f457fcadf067577e0dccbb95739696409125eee3ee438b574ec8d42768ad0734c0e1d66fd5a610be61510589ac987ed24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9f66b94d46e5878283048e852b65c07

SHA1
e4e25635dab4def86112ea94556f6b66923b8677

SHA256
85660c87446f6d65af1ed4e2fca09491c08840f68989a1604aa0e5d5de19df45

SHA512
f777fdc11d321b6a3edfe18cefa3a581921acac0611d2c6424c0a043e2f8448ca542305257b452c1d5ba96ed052c27f5b7258455c30985d41c23aa92fe9f73df

Download Submit