3739e75443910483acb0b3634639fc6a1fdb248637d88ce9253bd70dd5f41e6c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 05:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5d7f6230dee2327fb00ba47b032c258b_JaffaCakes118.html
Size

175KB
MD5

5d7f6230dee2327fb00ba47b032c258b
SHA1

0630ed669c2518d8360e4b20cd9730d144fd2b0f
SHA256

3739e75443910483acb0b3634639fc6a1fdb248637d88ce9253bd70dd5f41e6c
SHA512

7cd29da03d8c935f7230189b36d6a1a54d421f8463b3e3e5e9bf9b73387699f00dbc2c4197a0d3099b91754549d0566b081d5aa30e4d33ed39181350b4cfcf04
SSDEEP

1536:Sqtd8hd8Wu8pI8Cd8hd8dQg0H//3oS3CGNkFzYfBCJisd+aeTH+WK/Lf1/hmnVSV:S4oT3C/FKBCJi9m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
4848	msedge.exe
4848	msedge.exe
2320	identity_helper.exe
2320	identity_helper.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 3452	4848	msedge.exe	82
PID 4848 wrote to memory of 3452	4848	msedge.exe	82
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1236	4848	msedge.exe	84
PID 4848 wrote to memory of 1236	4848	msedge.exe	84
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85
PID 4848 wrote to memory of 512	4848	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5d7f6230dee2327fb00ba47b032c258b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,7227314182029194671,16045135373717827589,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
2387feab00b52f55421d217a3832bf85

SHA1
95fe8c6eb89e1cc0e9d7f431881428e3ddc5e25f

SHA256
0ca2867d45805dc9001ed87d25843f486da034386bb10623a4d444418b358ceb

SHA512
cfd87e39e13c463b65ff12bba1c25fd11aca71363c6ca9fb6f4e645c2df87e845b44a6f2762e7ad57df98bbabfd387a0866c0747bca0ae9d6a1545efa7216f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
071f2bf4260bf73e88bc272f51e171eb

SHA1
c0422ad43375bad66475f88a2cc93a527d22f588

SHA256
2036271997ed0f54820b40fc2a52139aa867c0f4bf1ffc7ee92a9c43c8917e30

SHA512
b7dbac2cf5230111bec6b5795294c58c5fade46b19fdb326a531eaecd835b3202ccef2a5e0ac15bcf6b651225848d2f4b3476f5de96710c5b1364335323a5c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3b52db471775b3e607d4d1db07ada1f0

SHA1
bc9a752402c21aa96445b7a004071f73c3ad498d

SHA256
a83d3b6dd1c570d47c7d859c8ed8d6bee68d6bd0df050e92756f70cfa8949ca5

SHA512
9f0f6918616df45e8801c41bf5c8f25d53e3ac75eb9bdeb601df92286fd9abf520efe4401e29b0c10cb96b65a031da55b7d4fa7110b5f880aed4929b7c185bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d2967b24a86c5cdbdccb70a9e4a171d

SHA1
486edbe83f33cf9eea382f960acd97ea9da74420

SHA256
2f1d007845f185b7d89ffb4f59c99d6269ed5b48bae2458ff736323ac5b66976

SHA512
bd4e5426e6ff85c929b48594cfc65264a9111558dbfa2e571026c81bd78bd3ee914c2ead49e929eb4cd560f3234f25544653af71833e6e9e794315031104d46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3c26733d4dd0227977bdeec0219ad0c

SHA1
c5d6b195914ce15a5cf08f1b7e38010f39b1fa06

SHA256
e73d06c372c4a5bb50ba0ad814202e414961ed1d4474853662a117bb5e03bd5f

SHA512
11476a5d8ed7549364beb251e4f4397c1245bcce6b6c00ac544124079506da7db9437fb1b405e8feb0160c12f2a311f08e30549a5bcc3697cf8131cfe8c81a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82bd34184b1f3e12f75741153514b7b2

SHA1
6b2e43968a1d220cd837b9d2264919569771d0de

SHA256
70cc23c7657719fb47e7731a6947ddf95c84be96fc468c9a63a29b36efb86373

SHA512
365170261078b16668a338ff1b0284f912a7db6b864f58add7625fa86dee5877ddeb5a1fd8e03793fff71338e4d915d72ace80a6751e5158dd32fa9659707854

Download Submit