c7f1a772766f6c4142e1f7215ecca566d95388bb6ccf242d3b9671d0afd88738

Analysis

max time kernel
147s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 10:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4f7f174370fc2579e4d1b213167d58fa_JaffaCakes118.html
Size

175KB
MD5

4f7f174370fc2579e4d1b213167d58fa
SHA1

0112499b8515d7e047e4a25f4fbbb1ed3e841aa4
SHA256

c7f1a772766f6c4142e1f7215ecca566d95388bb6ccf242d3b9671d0afd88738
SHA512

05da7e9cd86fbe40f30acbcf3207aecd74be7faca735642b99c7887bcf0fa53124176702cb9cbc65b915450c36ab1932a5ed43f65f1a3f10679da4ce91db1b6f
SSDEEP

1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3pGNkFoYfBCJiZo+aeTH+WK/Lf1/hpnVSV:SHCT3p/FNBCJizB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4864	msedge.exe
4864	msedge.exe
2780	identity_helper.exe
2780	identity_helper.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 2692	4864	msedge.exe	82
PID 4864 wrote to memory of 2692	4864	msedge.exe	82
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 3800	4864	msedge.exe	83
PID 4864 wrote to memory of 4712	4864	msedge.exe	84
PID 4864 wrote to memory of 4712	4864	msedge.exe	84
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85
PID 4864 wrote to memory of 64	4864	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4f7f174370fc2579e4d1b213167d58fa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f4718
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7000497321344203975,764460912548544862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
518f2d6799332aa56e8e57bc385a1167

SHA1
27fba02d5bc90e3d50a79f43d85f98ab6361fcca

SHA256
d6a3979754c6dd0c8b16f06edf84c4f80d9b903067a692f0dd813f9b4cae0cf0

SHA512
9f619b8efe3651a196cb9ba3ffcff747b71339faec94412dc010ee92df213f63c1b53d1588108597d0672941bd6887eb87107839d705b964bc868df7c0b303df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7f21eb585710ef47b37fa2909f5e5270

SHA1
3a947871fe020e172c362475d32f66bce5f7aa6c

SHA256
0bf171b7434ebd45b27b971f51b2b22b06a8eb7310f5fffe89fd7bcdc04df25e

SHA512
d7c458eb32a005c97e9695dd0fe174992c9e56d8f9a5e3a951476989cc049b858afcf9c875a0ff1bd1454b30d90bcdec70ccbdf61d2e605c55254f54fe5217de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1f54865a657848ad294b6857e2eaaf81

SHA1
4934d2615e6853aa929bc911ca5504df4dd56215

SHA256
7766abb7a35ee88d6bb320a659b09d4a09d88dd4f47875039143dff7980aa353

SHA512
484f1c92e5988f735912f795065c4593119b71afc027e639672e8bf0f620440365262a2d35418f2d762704888d1a9ed6c8bf97d45ffeba9529ee80e49e7cb294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93882ba45789e24be75763e81d34597d

SHA1
575e4beab3b7549b159c2a715cd14d9a8083f8e3

SHA256
c3cc53422a271598b528140e8d1a397ecb23334e7cc1397e35e8bad81c37f646

SHA512
5232b80ee16281dbb541beb371e08a9c4b38a3ed9d29e1c2ea8ee473ec2046eef5790915c55fd8fc496f519bd1c80a8dc043998028d4efe15bcea126976835b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d54d50fa65303cb3a0447c243e89ff6

SHA1
f10da1078b08d1181f76715bf47c00fc83786f1f

SHA256
ee5417698275b9ccb0e285c66ae9b7ae1c6762b952d8732e6aaa64d7b56efad0

SHA512
b3220ec0be8b20664139534b12a61a01489ee3ddac89da06731f1ae8b1b7dfc83638e3fca406c60cd61c959cdb0f1602cf4bcd7280631b3e24542d9c835ca85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66dc340b5afd0c7baa8a09d381938a52

SHA1
bf533d9d43c5f5c56ecdaae75e138b85d6bb1919

SHA256
361f1b83f1d471b75b6fbf6f880c8e45aec0584b460752ce6524cf23f2efa05f

SHA512
6d31feeb5b47702628b94f8561e23a1d55c76f077eedab4528611a7bf0d5c473fca3622784362334a84594faa2bc10b776ac6358aabc46d69b4b711de89b24c8

Download Submit