8dc8a45d7d67e0ea706b8f253b6f9a4209c3327b3b8fd907808548c619a97f9f

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6226ec09f1327e2e2b4667984872e6b7_JaffaCakes118.html
Size

35KB
MD5

6226ec09f1327e2e2b4667984872e6b7
SHA1

014cddfcc99c8b4cc97825d3a763d36012114bbb
SHA256

8dc8a45d7d67e0ea706b8f253b6f9a4209c3327b3b8fd907808548c619a97f9f
SHA512

4cbd18867652a7649cb1be50f0df2a843256b1da0c62137f57aa7362e27c05c342378774d979e025bd1200fccb51b15e5d1fffe4d8dbf2a3b90653b5b0e974d8
SSDEEP

768:EI99/ciJ26DiIOi1uYuocxvc3lpabdZCzfgG0SKOg1h9gU+neQMts3V29Yybk:EI99/HJ2XYRcxvcrabdYzfCxO9efts3r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
3200	msedge.exe
3200	msedge.exe
2232	identity_helper.exe
2232	identity_helper.exe
6092	msedge.exe
6092	msedge.exe
6092	msedge.exe
6092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 4684	3200	msedge.exe	83
PID 3200 wrote to memory of 4684	3200	msedge.exe	83
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1856	3200	msedge.exe	84
PID 3200 wrote to memory of 1428	3200	msedge.exe	85
PID 3200 wrote to memory of 1428	3200	msedge.exe	85
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86
PID 3200 wrote to memory of 2088	3200	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6226ec09f1327e2e2b4667984872e6b7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8797646f8,0x7ff879764708,0x7ff879764718
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1676025725287883493,10978394033335756594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9dda2a5ac5290adec063583129ea0a07

SHA1
b8e0d0562d560003c276043a963cf5cb1b62874f

SHA256
f1e7d731210739b24ad12e36769346b32ac6a629994f432a645b053bb686dcc2

SHA512
2d0618019baa257dce5a0d9d9586fecef55091fbb16e6a27f10532f2c4ecc153e99b09d3338ea3d70665c45a959d06d5d088744b22d75719d92238b40efd977d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1606fb07b54071ac024151452463c965

SHA1
ab12dd9ac037a4b01afd2f1d0eca71c21dd669e0

SHA256
b853450fa1855ff203a6471bc628fcc6f9618a6ccfff399a023b4f685b2ba7f8

SHA512
f9862ab6d0327c540f01c022648a23182f4a6ac311e13d412cd7267f7ece9589d09f3964e842fde11b72e74eb3a5b80bbfe636556c2f4eb92206b917637f793a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a928ce1f6c341027b57ed659388fc6a

SHA1
d8f683b1d2aba9921f7370d823f52041f353f218

SHA256
bef3eb38cd31a1cd93bbd9603e05742ae0c97495a3a19a6c54bcc3802d582193

SHA512
7ec87336105d32e1eb37abe91ba7b9a0b822cd94f225639dd8369ffdd979f43e7124cf0794844f1cbc4a2bf73b469ec4bc321f03630097aaf25cad52f8c3c8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
261832b8b25c20420ac1a20bfddd62bd

SHA1
a02dfc554aec9f32cd28b97231c4a8fcec1564b5

SHA256
3cfabb81fefd575276c6e4bc56db24c2a2d88c2d0d98a14cd6dfde3b2840ff89

SHA512
3ba7039522836f13de6162dff7260b65f1df851a420279c560200f192f752e780c8033086e913781acfb691baf70e7ca36f7f0f5e04c7efed95bd1bf45d8dbfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a970d24834c88188d516c35e83722c6

SHA1
0bd9b36e2d8b7452a0d4c0c3287a1a6c9c33ecd0

SHA256
89dace58e4184080e83b63d5a9ed0bc5cb7f18ae79936160072cf536215e82a9

SHA512
35458187b841da4066c2d2a88eae1bbd671937ef011b132e4a80509d3ed0d4aa9b2440b3b0b8df964cb9b82e96e8b58fd4d810535ddd5b584592c382d0ca2c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa9248b5c6729c116da6c9ed4dc77f8d

SHA1
e49dad1a420d387e9b3922deb544ba0c7d6629c5

SHA256
f9cb79acb13ed30507ac998848a428b4f3af88d3b462863b0cb3194f992c16ea

SHA512
59a72dc9ac091c85865cd6fad125e2b7400549775aaa88efbf91d6c1aa36b7791ea8c1110cd8dc3638b8a23e787e6cacdcd4a9ff2aa2fd406f3b984d35b74b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7542efb50f01b9abdb287900e40e6151

SHA1
5da1c315598b04aa6e524bc5020d9fb259bedd8f

SHA256
ebf0ef6ee4c70b66f2d1b60fe188f06350babbf9fa1ced67d2b710fa8da03e63

SHA512
a239a4c6aa558db836c27edc7c164144c404e65b6481cba065abd25323cfcf9fb4643831567219f5abef5915d8b6c47ab52e94a80c823d29dc587e12b841c450

Download Submit