161f4082570e7826d9c7ad32c084762f59088f42b91a8f7ea59d0d10b4c69aa1

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6be4d7e26034b8c09e91433ecb6d758d_JaffaCakes118.html
Size

89KB
MD5

6be4d7e26034b8c09e91433ecb6d758d
SHA1

578195082e171746c52749a3cae1a4589b80684f
SHA256

161f4082570e7826d9c7ad32c084762f59088f42b91a8f7ea59d0d10b4c69aa1
SHA512

7780d61c7535ee7b571d8adaf89e11f8731507efbda736268333e53d9590cc5f69a7e23318459d72e895069aab52d1426fbf98a2091592d7c699e41cec38fc3f
SSDEEP

384:hScBfb/nK+B1SonbU03T1xtxR3LqOkKdUY91f0S7Oe/pPkBY4fzEYGnqQ+dzN65q:kcBrnK2F5tLqmUM0SfBci47EYPDL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4036	msedge.exe
4036	msedge.exe
3876	identity_helper.exe
3876	identity_helper.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4844	4036	msedge.exe	83
PID 4036 wrote to memory of 4844	4036	msedge.exe	83
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4204	4036	msedge.exe	84
PID 4036 wrote to memory of 4900	4036	msedge.exe	85
PID 4036 wrote to memory of 4900	4036	msedge.exe	85
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86
PID 4036 wrote to memory of 824	4036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6be4d7e26034b8c09e91433ecb6d758d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,962456554578920304,9286575560976820721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
f48baec69cc4dc0852d118259eff2d56

SHA1
e64c6e4423421da5b35700154810cb67160bc32b

SHA256
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

SHA512
06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a2a5dc528b5875a0e499e5e0670857a6

SHA1
a850dafd035e3bb45bda577649692d35c8cd550e

SHA256
fb9d1205eb908db1d6667d6ee8009090115f15da7e980141d543c08be7a34dfa

SHA512
b4c63501b323b98cab26e958c4dcd9b4926bec28967df71e3d3d89b9926d26cf1f932149191f7a7b64e272fa0ffcf04bd2258924adb59eb184b16b249f3f530b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6abff2f43a67114293912d0d7d7e7d70

SHA1
0c3d43e37010123b539d23007ffe237044fde296

SHA256
b21ae037787a615cc00a8a5415bdd5c28d8cf9f7588167665d9d9bdc0a20f6b8

SHA512
680e2355e7f522c4a93bab0fb9ffd29170f4984c00dbb95819fcb06a09132e1c60ec81d253ebfc52ffdeebc8b5fe9da5380b8cba65d451a6e0271fade18726d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
df278e5d9a831544a6d2a6bb83142284

SHA1
98650b3687e43609bbda454d1d1d6f29d1ddfcf8

SHA256
53859b0a275fba234bea2990d008fc139cef3a927f674f08872f4ce9eaf9564d

SHA512
1773f0fce02afdfe2ce8773cb9e254ec605d63470c177b92facd84acc76a2750e78edca1a2a9b35d771e5ac10cd45fe5c2bdc797ffb4a08531f015c12987d721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cea8a9aa49c3738bbd057efa639036e1

SHA1
12774c7e329593a76f73983629cbf4332ee04ff8

SHA256
f4c49b3f6ac60aa2670a79c954f9352dd5dc2a8cf3bc248f6500536d338b3918

SHA512
1ea264212a2094b4cf9ed35d19ec4142ff97e1b693e882314e842d839c7d7a84bb2b14429945224745409a757c130c2c363ac69289db863339cf50cf78051348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5795197987f4edfc2ecbc5336058721

SHA1
b97d43ea1a74ba88006f36fe068cfe41068c823f

SHA256
a6bc8337fcb2b77b0ad6f807970998abab27d3de46158fcdea41d5b8a21c8562

SHA512
0df49db400e0d9c069ba83aca6bb4157ae73860e5396e44dc95a4063e708e2eecce879ab7bc83fcd105c72d692ac22b182cf5d1d54523812499659625261939e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61a061d1d8a3d13852308d88e86a45cc

SHA1
3f304811cc485bc56cb69d15c5604f176bc73802

SHA256
b6121115f287d2a30a292de16963ea069c36da19304389f49c1d2d203b25047f

SHA512
b49a482b7d698e36db82e2a075d72222156fabaad3e893c4c31fea3ddc69fe878ce3a35426fcf4408b8bd0da9123828794ec6df6deab636b28faca557bcd81e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
234a5fe14029d1c8ec534395fdbee78c

SHA1
f0b6db2f274fdda387bef34ae11600ee861e8665

SHA256
6db1a77454b81d193fdfa1a6fefaf3e03465a19d496185ada5ab74585841853c

SHA512
07cad27d9b5f7ec7b03ad09918a751ea8a85dda1da578be3647638d1dfff48f2815372992e7dcf3ab48f4b089461792bc22cb1ac922f7a368c339c0d92260202

Download Submit