834a628b2f55969e360b8b1c948706493c52c38889ff906c195f05071f364315

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a48907e5480e73de42b66e5e493eae8_JaffaCakes118.html
Size

175KB
MD5

3a48907e5480e73de42b66e5e493eae8
SHA1

015b8d44cc142e2a60fd12db8b9e1e7ff87f235a
SHA256

834a628b2f55969e360b8b1c948706493c52c38889ff906c195f05071f364315
SHA512

8c428c78d436534d4a9356dde0c296a6f3089109294d00471cb488989929f66a4a5b7856d9d177b226e8e5d3b9afcfb38e54d27879d311a8e7b564a3fe6c4e8d
SSDEEP

1536:Sqt58hd8Wu8pI8Cd8hd8dQg0H//3oS37GNkFWYfBCJisZ+aeTH+WK/Lf1/hmnVSV:SOoT37/FfBCJiFm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
3932	msedge.exe
3932	msedge.exe
1444	identity_helper.exe
1444	identity_helper.exe
6140	msedge.exe
6140	msedge.exe
6140	msedge.exe
6140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 1908	3932	msedge.exe	82
PID 3932 wrote to memory of 1908	3932	msedge.exe	82
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 3132	3932	msedge.exe	83
PID 3932 wrote to memory of 4608	3932	msedge.exe	84
PID 3932 wrote to memory of 4608	3932	msedge.exe	84
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85
PID 3932 wrote to memory of 1872	3932	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a48907e5480e73de42b66e5e493eae8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
5f774ca3d026bbd98a9df7eec2646471

SHA1
89e9f337f4343122cc06a2e6e527ba52c1f54a2b

SHA256
bb4bd9b135ca822c62219bbbe64a26118d9d67d31c8b8d48d199d5797a6a32aa

SHA512
98829110ee090b8ebc1504fa8bce6b109a198450f2fd0139d2b1f499019f09a2ee29f0b6c37d5c1f19f59d11973f207fe2ab6529658cecbadfae84ada85eba13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3aafdb470b1ed0489d31ad6358147d29

SHA1
6c6508932910d20345c87dca04d1ecf780e23310

SHA256
ad301c10dc9057a4e74ca63b6bb02439ab76716d822ef55d34414fc69dd75fe3

SHA512
20d71909b63a136527bd67c44dd47dca3d1d1c0aeff03b752ba3bbaac86bd144cec83336769d07f318b8b2a839059d3ee24feaf4f1927bef4eefcf2c63b14726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
94e49fb9ada3e20d7235e44947999ec4

SHA1
0ae2c4ae8d7926fb9904cdfd93d689f2381d13c9

SHA256
a4fa078ac786a3a85fdb62e8dce376f3da359ad321ae81f43f8431b02bb2c7cd

SHA512
ab30fde1e99d7d1be98e8de56aded82a7bde2d59a320f8ed91a88a8581f0261e9234606a8cdfe84bb6a2f56428b252f2b7e348ff6d6821f306f280708e5a0f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2fdfa04d589287683eacf588e3bdd3fb

SHA1
7fe945732415d2cea81fddde38077e8189e15668

SHA256
1218043be39ee953b4faee8e9b5a7c2f4a1adb9e832a335c89c4106a8c947e5a

SHA512
9782c60a3c4ce6ba96f03c423de7fc35fb6777ad92e1c7c2bda8ef319158991f66abdbaa6e650f1084de1045a57d2f874743351de30efc01d863f35b1b7ca12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
abef5789db9fe8f7154953d00e78b640

SHA1
4e2f71d0c92f73a61c141a2f5cf1627d7dd34ffa

SHA256
452a35da765da0eab3e6ea080a3f41004f8799092b88b5c497351b99d5e47c27

SHA512
2b0dc77a4a4c3eaf571f8a02bf240514ffca42590beb11c2abcdebb6c1dd17dfe3444278fdaa04e9893a9992014aed309220e1f0f5a0159e8e32822ad3d53f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8ffc9db3fa5f2b67319997b42034e105

SHA1
6ff11c8c108e4d70b369462fd3d4da05ad9581a9

SHA256
f31fe4bff5013d037f9fe9e7e4f229b065b9bcc2468934315486c47223e8f885

SHA512
5dab0e085a3a943be5e00ea0dd0a6d97042a84a3bd139866bde2881b7bf95650667f919a168b2f39ddd1139129ec476b45026dc72bc5013fb6593c0e0a062173

Download Submit