858502316ef98feb91688ae24bc6d7e8208a38cda31f77ff9cbc7540bcb4615c

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

250a80d8a690d8bc781d6dadf7ade0cb_JaffaCakes118.html
Size

175KB
MD5

250a80d8a690d8bc781d6dadf7ade0cb
SHA1

8a71e83611ae081792e063aa41d4dd590413e0d9
SHA256

858502316ef98feb91688ae24bc6d7e8208a38cda31f77ff9cbc7540bcb4615c
SHA512

6e50cfc8f988d561dc6d25bec48edf3e747416bbe370ff2bc776c3df0023fe8bd3e3272400141de8e0be075d58e8892a04ff61a6cbde34a236ba828d569ac297
SSDEEP

1536:Sqt98gd8Wu8pI8Cd8hd8dQgbH//WoS3EGNkFVYfBCJiZc+aeTH+WK/Lf1/hpnVSV:S9CT3E/FABCJijB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5460	msedge.exe
5460	msedge.exe
5072	msedge.exe
5072	msedge.exe
5388	identity_helper.exe
5388	identity_helper.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 5352	5072	msedge.exe	83
PID 5072 wrote to memory of 5352	5072	msedge.exe	83
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5936	5072	msedge.exe	84
PID 5072 wrote to memory of 5460	5072	msedge.exe	85
PID 5072 wrote to memory of 5460	5072	msedge.exe	85
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86
PID 5072 wrote to memory of 1524	5072	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\250a80d8a690d8bc781d6dadf7ade0cb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf32f46f8,0x7ffbf32f4708,0x7ffbf32f4718
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,853105414030375983,3806183221401347815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
94b7b1ed17465078a7e30fb3046e05ba

SHA1
36f09ddfec56d7d83d829ee8edc3b77746775f88

SHA256
a3775e0cffc51115aabc4a0af5218f66601a24c9e7a7788c00e9d49c7e6de012

SHA512
85ed1043428aa91a2cb064ae9c9d4657932d4eabde6f8ccc495e975e37b2f2187b7ce696803837794990e4b2e5493338a4bc327f4e36483d3365380ffe1dd147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9b9a41e0dcfaaa6a45af218ca4369976

SHA1
c7a522055efe25aec755fced0df3498f82691e0a

SHA256
1d908cbe9a33694c173b3f104a210caa8f12797438301c4213beff2f0c0045b2

SHA512
38bb55e5738ac7a89cbbf19ab98d298f14c203f895aa8c1068c27bf6496d867e474a9eb8820e90b9bd22a4a48f21b3f14857cdb1c89d09788a5bc80462e27d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8cc32cbe610d7a95256faae66fde6b8b

SHA1
a8fa8b83b8c8de16095b901347833204e4f93359

SHA256
596f508effb5100fa15636f3d39262dba68cb9bbd88977ac2ca1222943a26b76

SHA512
8ea6c5e182bc908e8986771f6d00f88c63ce56dafcd2d00a0d7bb84bb3d6a5f33b0ef2f6a5bf189c7fcb6cf0c301cb8efbc0de3ef2e985f5c2fcb213f93c1e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
912d33f16763ac748ccc6f57de87d13c

SHA1
f7a15709e352143c1ae3eef03a6241b6c8f714c3

SHA256
57716fc3260686c5215a96efa409c79b119c36d5e60bcb9689c69d233b15a954

SHA512
b5664df42694ee046d674072392bdc87fc442b8279fb8b9a5c76ad1fe120b3545f0707ec4864dd850dd5c27996163c5b557440d5ecc75d6d1e197dc094d331a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7fb050dd9c191e6aeef512cfae187e7

SHA1
2da2a37cf5a6d9973a26c52ca5aa6454c5750e05

SHA256
7057f3d82812873e0a74e4d8fe7feef0dd0c24f7def78a9549c56ad8e4d4eb2b

SHA512
942fecd9a6b79372c153a25fd61398f6c6ad8ed98e7d2aa96cd6b0f9b89f0f83815c1434d6ad7d81d5149b11ad8714bf2b11b7f40fe7d5a82f42295375107832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
239b4679c38172a5b9b71eb7a633b139

SHA1
0d8f1a85ad0dc240457ce748c5d7947e493d9978

SHA256
d913c21593cf38c2ad7b00b29107f1f5a90568de80e8cc7c220cfb3ff167915e

SHA512
e14f1a47632e0f290fb124896d091a6caa5cf2ddaae5ac148b3b681ed6b44ac3523948b1478b13e50e53758527b5c8f54441c90ed032e7f39784e576ef4e290d

Download Submit