0196c12c63ef95d13b42c99ef895d1e82ddd0280c98068073db977dc6718cb79

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60418f7737c0c21bfc27efe979f5a2aa_JaffaCakes118.html
Size

85KB
MD5

60418f7737c0c21bfc27efe979f5a2aa
SHA1

42490d5bf2a7d0615254d45840f79360c8f5e096
SHA256

0196c12c63ef95d13b42c99ef895d1e82ddd0280c98068073db977dc6718cb79
SHA512

629689e9741b7275d03abc93b301438dd0cf0e08f21f0f27d8d94bf432086612f9a56bd9ca87e0d89636a914150d36cb7dca4fc896fe4359493bcf86bd66a03e
SSDEEP

1536:O14mnbQKLJBwkvYr4zJdKg+c9cm5l74DNn7CJkbxGC0ULWnZ2u+/EN9ThyFC+4iT:O1RQcwkvhJ8g+c9cm5l74DNn7CJkbxG2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
4972	msedge.exe
4972	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 4168	4972	msedge.exe	83
PID 4972 wrote to memory of 4168	4972	msedge.exe	83
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 5024	4972	msedge.exe	84
PID 4972 wrote to memory of 2328	4972	msedge.exe	85
PID 4972 wrote to memory of 2328	4972	msedge.exe	85
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86
PID 4972 wrote to memory of 1888	4972	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\60418f7737c0c21bfc27efe979f5a2aa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffadd346f8,0x7fffadd34708,0x7fffadd34718
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11828544189918605841,14456404822917365817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
11672f6d0c5cd12c25faee869d7edf13

SHA1
f1376087db1b812fc1c4c529d52293cd50f7ab53

SHA256
acee3a43cbcdd668f607a4f6f068c78e78e61f66b090121b509290ddebcedd8e

SHA512
df0358c9a802cc6a044356b21b062f229def8b18e055613188423178fa6f89d7b415fe7343b2ff82e16c2aa9a64f07a5488d435037369b76873bc975e737b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
897B

MD5
1ba825c0fb429f6817ac56f17e596475

SHA1
7f6e35b4495629d94ee4f78933cc7dda08224ecf

SHA256
9240b1e232250577c68060b179650a4b4896320d3d918f8694fc7c5033443f51

SHA512
911e34ccb746dfef6a6bfefd0f5f4512023e015fd6ca99fd78757558ed77f92a37c9ac56e879257c84f2e93597d67cca21745864798d0bbf6ce7ab6ad1dc4a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
959B

MD5
e771616f370cd2dcc8da63f95f037f30

SHA1
9209eb71e9cb0b2a22b5eb7dde961640f6d0d632

SHA256
cb5d045dd226b8e8783d44c496bcbed82c3232dfe0c22ba5d0cf89d7fcd74449

SHA512
9fbc36e52706efe92e31c7e4493f936e17e6f52b76b55e6d40de4b0f541688d22e21cd3b142daa59d910c1c7403ad4f2713c082fbe8e64d9859a58c2c3609a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6e44559a97a76d3af2441a9db7f3c4c8

SHA1
76da1537720c5ca3f2dd2fb3177fa5c7b35a3c9a

SHA256
1ed099876a98eaf2fc1d08535db5892150faec275e5d3e4d3d2b473a3e193688

SHA512
0024cfbeb5aae2111a0581b652d434494a0a1df1cff5d3ec7da59af15efc8be1ab24178068c640acdc29b65dfc15f9025bf94a1cbc1a3219cab679ba465169f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6201efb9370900d56bad3b54bac1e439

SHA1
9378aa02078423cb59ebd9fc722bb629923d3ae6

SHA256
45774d2c66d50598181c27d5d8f912cfd935490220a49372d414c1009adcd039

SHA512
8d4dad46524c2f286331526cfbe2d486b3314942cdb10861e3cdd44fb6426c0431605d1aa479c2928874f7842df0adc6205e7fdf7aba8e1421f8f75a18b2bbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c244e4abd0614fe67e0bbee9435d7165

SHA1
6f0d224008cbe0cf0b8d934ecb0e4166a18204bf

SHA256
5da94645be3833a7ada3db5db84e40314274eb6a07c87061a4fbe62621b5f92e

SHA512
0f90e4dcd713b5a7c13855aa9f49060c7f2d759c0b28580668b421ddec4c5b1a14309ec29187f4ec7a34213f101d486505856543fa099f1e718cfe68234e670a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c061f65797b3b321bc11ddac750b7769

SHA1
6d4b684a586d9f2bf31b16599555eb20d841a804

SHA256
b0419ec77e21fe7989323fd00ff4e13c55f9cf913b32e1e6757a8234d1969871

SHA512
08f10aeb83af2f274de18137ff2111e02a9a9d72b085274f9cac989b9ae3aec8dbbf1540d88b0b55c899ece2d6434b518b4a48071fc7f18ccd3c4ffb7df4d98c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24e7883911dec24aa64e5dd12c7b89ed

SHA1
767c560ae4413d44e4d45d6aaa223be363e3683c

SHA256
a46e9655d51d8122fbf4258f8e806b1fd472b95dffe5a32918fcf2ffd4004964

SHA512
96dc214f919d8685e62b3f22fd1840258baa917dd2e5b630a17ab8fb87654a1d2cea263807f5ca1b761c517319746f1db0688ac068f6df7083d5daf2811ac5c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bc6f63af485ab73c3c1632b09fd02533

SHA1
5a036ef0a0d93407b56b208452fc0ae90570ac70

SHA256
73efdc155bb7c2459a868a9d1cd0bc42085c3ea99b3b84108de1d7ca83725fce

SHA512
6c424ce5ebd3f6a450d02ee9f9469ff471d13436afabe7bb0171bbf8216b29b5aa33b8ceb24e3061028539788fd754bfda837785c3c940cce0a350ccf1caed9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb2cdccb09f9ea6c056e6f87735cb598

SHA1
6a1d611bd4c9702e5cff431b5927f7ae031b38bb

SHA256
2dca02afb4da89c79f297da8efcfa044b1192c0ec7d2b9b56043c77409d04ee6

SHA512
8105955f273c2a41eb3089f36ed852c0c96c8252cb9e37f5bb2af54d27aa519ba692a6c888ad0b6d92b0a21d08f2570883d86071ff668decb71792a59398d86c

Download Submit