1880d765d3d396ffc5da8c038008111079714c024b9fa8b5b3034df2dfbfb3ba

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40319125d09fc3c7c9500f77724f4ad8_JaffaCakes118.html
Size

175KB
MD5

40319125d09fc3c7c9500f77724f4ad8
SHA1

cd5cef993a27dc79186ff1d7a5971b81b7b8faf1
SHA256

1880d765d3d396ffc5da8c038008111079714c024b9fa8b5b3034df2dfbfb3ba
SHA512

1beec35b4fc3874b10d9f6ae89bf64d9ff994135023b5b04fd2e0f37d542ba9051ffc63c161764381ff856ba0e6ac1ce2c477c59f9c0dda6807f83eb650f684a
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3pGNkFFYfBCJisp+aeTH+WK/Lf1/hmnVSV:SOoT3p/FwBCJi5m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
4016	msedge.exe
4016	msedge.exe
1844	identity_helper.exe
1844	identity_helper.exe
5412	msedge.exe
5412	msedge.exe
5412	msedge.exe
5412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 5040	4016	msedge.exe	82
PID 4016 wrote to memory of 5040	4016	msedge.exe	82
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 3732	4016	msedge.exe	83
PID 4016 wrote to memory of 2616	4016	msedge.exe	84
PID 4016 wrote to memory of 2616	4016	msedge.exe	84
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85
PID 4016 wrote to memory of 2556	4016	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\40319125d09fc3c7c9500f77724f4ad8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc8f746f8,0x7fffc8f74708,0x7fffc8f74718
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5508589718311812223,3748014959330777284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
bac309c2f3a8265c874a7171fb481d45

SHA1
317bd8829112157a6b0d30c63d04d3c126371000

SHA256
9025b31f73d64868000f6e006a72a41da73ff917b037ea5aa2ef2ebdc60a04c3

SHA512
8393f6bc020bb3c7ce6ceeca8eb6ad2f09f0618d98bf2a9c5d4f0aef26adae99366759f0a5c20f6b335f439edcaff958c9f40a70d77bd28abb493ba29f861107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
97596725b7b76bc1eeb92c849d5224d7

SHA1
94ac1c40c94e704b418d99642641acab6571ba61

SHA256
0905175261fe92e8d9d255633e557bc2a265869ac1c2c7c940a90284d71d659a

SHA512
5ea4192cad8672d3a275743381366c2a2a119da6955342ee42540781625620bc8d504316aeb38ba76f6c4f9f804d7128f4fdfe159f1955f1723bf3f49eaee3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
72bc24a69a1ebda7853e371419415af9

SHA1
7ef270912f9629624d2cd30dc5efae5b23f49932

SHA256
cb15c68eeedfb693d7f71bd4e5f2c378bcc3299707e44d010c631a4a25c8568b

SHA512
be1f8afac0e53f046ca67df0b9230eced435e6151bb2b3b6d3566177061feab3b33779d9057470f40254210292b1293badfd885dd7325b4ed1cb79dde85d9286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7cff47845b4837beb0a9f804aa74655

SHA1
375370136652ec1a0044e1d3384694d1129e2a68

SHA256
6c3ca1a9afd536d076ceae671d73cbba79d78f7f4519ddef464ff928e4693eee

SHA512
f416af75a7a3c6bf1b4f46c11a8057d6facf28b6bddc16008a3da7339c5eff5d6354e68536a5ca83642f2ee5d281a496dfe167631467dd375f7403c8d16bae10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
32052f30016331f99df53fdab9e15de6

SHA1
521b2340bc6c8c870885d16dbd075cb75b15883e

SHA256
0e2fbf650197d80b6029746f4ac8fcad46a5101e9a7376fab4616527acebba62

SHA512
0c5daa1784280b1597af860e11e797d226d6e46a4e946e10e4e526adadf464f2929db6615bf8f741578c85db1ba988bae5930f861055704cfede787ef1ff5c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a187b66455e03fdc6ed07ed575e94ef4

SHA1
7e68a65b5cbff2efd27d9b85e370d205c4ff44c6

SHA256
b809f86843f00c37fc2b9c3bcf74839d64d7170625970e37bc3ab5f4047bcf24

SHA512
9fe51a81adfd4d7b4817de6e6c703af100168919b77d3b0925c61e3f4435702c30e9cc62db6d12487bb4fcd11db4affa3198d07360332062d1db601b64db5005

Download Submit