d80e2882cfc19edc3c3e7c9dfa3c6de55846ded20019dd622f0e9297bb34ea35

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69d91b97ca54fae0d67df9ac649d3a31_JaffaCakes118.html
Size

91KB
MD5

69d91b97ca54fae0d67df9ac649d3a31
SHA1

f26a2e18efaa3614c4521b5a0b26a5e6bab92126
SHA256

d80e2882cfc19edc3c3e7c9dfa3c6de55846ded20019dd622f0e9297bb34ea35
SHA512

f71d2ac3b1768eca20089b6d8d10de270f55df3d88323f7b8c235fae6c83881089e290bf682480a88f07556379aa2293effa92990a45c9d6e379de09fa3eb84a
SSDEEP

1536:+aHHHh2hBEOeaQYtzvOOemzQrESm6Pk7TtjfcdOq:1HBg1hhPTtjU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
4616	msedge.exe
4616	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 2408	4616	msedge.exe	81
PID 4616 wrote to memory of 2408	4616	msedge.exe	81
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4024	4616	msedge.exe	82
PID 4616 wrote to memory of 4700	4616	msedge.exe	83
PID 4616 wrote to memory of 4700	4616	msedge.exe	83
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84
PID 4616 wrote to memory of 4952	4616	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69d91b97ca54fae0d67df9ac649d3a31_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd168946f8,0x7ffd16894708,0x7ffd16894718
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14964529439283581972,13710470595389155797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
476615d1f212d004bb4f9a6dfd9e67af

SHA1
c5419da5cf69b4f371910cc9c9dc90cd1b74fa64

SHA256
de45875c763fa1cadaec06a3aaefff1d7df6fa295d52baa3c791503af134ef89

SHA512
0f1040972132231044d592830e1a9a4cecf5878e9289a47513b545e6bf9252fb8be59711dd7f4d85ae15a26c720febe66aee42baa942b80e5ddeb1c8ad8406f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ca89b1986a059c72c4754c363f2e6be7

SHA1
0c680b2dc07bdcc177a112d0085183273a4aacd4

SHA256
f4c04fde0dd8d542fea6156e9ea73ea8d9f98b10b6566c08369c7a0ba960d0a9

SHA512
97b29e9a00a8714df4d04c4a485c38c1b62ad79ffbc75668622b20d2acaa959a983694fc15144dd4cac733ab6783fed9e6e07ee503e3e705da57c05f0418203a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ec48745a8f25d672dca34d22ff356ed

SHA1
7f1733665b7ee3f35c4b9c139113dbd9c9785fba

SHA256
9969ad4e08eef2c26366310406437e38650fdc2ecc1c3aa8de9f3b34e13736b9

SHA512
020e971104cf1c5cc31872bf1bd0359e0460c4e3549fca6e963f20b3689bc538e106e7e429739b37b2e6461630ff36ed509320f52263c94c94a58d473aceabb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b02c06d07aa0f236651c41a117f1c8e6

SHA1
fd4a4851e5921cbe1f8e348f6331d722b506365d

SHA256
42c7bda796f6f7c5da023a23f85dee34b52b725e365bf80a0c974763bbbcfaea

SHA512
ca4656f027e440e1c7b17c20f234f87104ed13bf4e40c356f3a1be73aeb4e8fea3b0299a004bc439be7af85013c21bb358a727861a1edc4682ad631f24c4e67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad552a661b2ac3d092dc9eccf74193c5

SHA1
963cde54c8ab3c8e3d13aff1440f20078fbb9306

SHA256
9e617ec88ac5281ef9ea220516063f78baa246813ce793dfceb1264915854894

SHA512
add744158cce0ca1b61ca9c88a5e16cb8f71a01a9a2849abf788b5c0926bc684b1c75885015ff3f0f0a43d94046692913c65d7da6bc28223def6a08ce71518d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
210bfbeee5fc7e0f67fc5bba979105b5

SHA1
fec9c0db51c42cd10dd14b50674fb0d4d511cad0

SHA256
dbf1d451abcd2f613a80f22395fda6c8016deec652b68c91de9b60b8c98a1cf5

SHA512
8c87a3de7a8cffcbea3273ea7eec5c5a163ee51f4caf41bd4704d7458b84b6b60f25350281cea40311ea3566e7a75c4245f9d3b2768f1f0e37e21f6853342cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb35d7114d54473086860c2b6861d4c7

SHA1
f8620e94c3afcf090fb9e7a8f801839fa82889e5

SHA256
659e4bec5f67952bc8726e8804a28eca00a4a84a24829e789e9a00d2ac99b815

SHA512
b2c91cfbc06c3d73131ba3768f71cb0eb411eb9917439ff7075d52daa35376cf43c2daa8c367c0267a63f2141ec40435cf4f26365c69802d92df8e84a22c2bab

Download Submit