b1767efd70e4102530d78fbe76a015efe93557c5bdc8dfc942f868356a41046f

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7acf7c1f133c678dcc9d3ae935f965c5_JaffaCakes118.html
Size

58KB
MD5

7acf7c1f133c678dcc9d3ae935f965c5
SHA1

4647b15f1cf63f276a54bc7254a42812d92c5e80
SHA256

b1767efd70e4102530d78fbe76a015efe93557c5bdc8dfc942f868356a41046f
SHA512

b1428336d09caa275ebe08cf0706248de3aac1aed9ceff711e900e97a0267a3bac14a17d034f2808d95700a96c352f26651f3828a97c76e846a0b17d8de36573
SSDEEP

768:Jelr+Klk3Yi+fwYUf2l8yQ/e9vU+ZI4iwoE7a2ZQNh0DDUPfnvr4c75R:JelrniSUf2l7f9vqNhOUT4u

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
3004	msedge.exe
3004	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3532	3004	msedge.exe	82
PID 3004 wrote to memory of 3532	3004	msedge.exe	82
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 4544	3004	msedge.exe	84
PID 3004 wrote to memory of 1544	3004	msedge.exe	85
PID 3004 wrote to memory of 1544	3004	msedge.exe	85
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86
PID 3004 wrote to memory of 3408	3004	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7acf7c1f133c678dcc9d3ae935f965c5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7a7146f8,0x7ffc7a714708,0x7ffc7a714718
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9198824991228752877,9299516438096506379,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
8dc757d1fbcf2f0bdb51d1f98aad2d36

SHA1
3b2600dc278ec75245a182863edb1aabca15c4fa

SHA256
3765f93fb5be3251dcf66b659f8a9a41b6ae5fe6767036f8f89e64a92234fece

SHA512
b0dbd0f4ed7757ee70f27ac8716a0d11be7a9b7668460adfea7b143d035d236edb9079cac944b64e92b6955da6ca279a699378c3d22bf14c76791e192a8f40ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
903B

MD5
85c5e4236de38e0fb8da2aff0fea7e19

SHA1
77a7aee3707482159f8cc0ddf843f8ed8a4765f4

SHA256
680bbe88d0e0fd9d559b3369b2a86408f69ed08973a405376853e7e522f365ed

SHA512
dca7bf3218c23ec2bfa0352527782973b1697a9696a78b66e4a4a74c62301726764f4431cee682ce8426222ed5efb28888d1c74b6a98a9dd3a87834c27fa51ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ebaca3809a86afec5674b2bb7b643ad

SHA1
a395ee46d1ee4ebe4ab010f396069bd23d649857

SHA256
e23332731677ca27ae91525f40f00589d6cdd0278a89d32316b1a64f83a48480

SHA512
fe9da9a398c69318a3e64c849d42b89805364c2c85baa93bc4f0269dd9bff7afc5a23dbd941a66cf9254fe148a4302333c273bb5fd62cb1f7c38e69a0e41cbcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb4c4b93f6e7b81cff26be709f640f7c

SHA1
edfc699a0146111e2d2e70666dbecbb20402d1b4

SHA256
507f00f4f5e70741f0032fcbd13c0f487d10ca512a5aad8e446a25722cc70c80

SHA512
166693cb7c655557e4fd37265ea98476de08688d7292e0949ae831eea42b2d879a47c467dfd39b5b14abd6b094ea7c4e1eb611776f492be2b436cc7e9362b8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ef969186882dfc8ed6245d0dc2706fa

SHA1
59f3eba8e01e08f56603dccf289408d5b6253f31

SHA256
79195f2e49119b9380ca5100af9bccd266aecbed8def3f538701dca59c37d820

SHA512
8d43e2e58af3fd9d62fc8c6b727b712acd4fa06445a328b4ea46e530f2645eb4e7b234a2186c2bf29412a0be1e7e8c726863bf69336d184435e0076a29feba63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5d3.TMP

Filesize
1KB

MD5
3aebc00bce30cd313cdef5bc8088e22e

SHA1
dbf0902bbec236f1f400efffa85400e64d700ea8

SHA256
b322ea5db74e5afd92a30f6d40945de03463354bff74981a4e2e1b1cb62af54a

SHA512
a66eddb5b94209cea3c64156243ea0f768f50c1ac0a3e7fd812d29f9e848c5ee8781023cb497b08027198aeff5e74224202b1edc2cd5eea6eb08e5da33fec86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
52fe45d20da713d080ce51d1afd10847

SHA1
72fb7f3aec3bab7917da578c7f1050d5efa179c0

SHA256
2d54a77c823fe3222a15c0d74beff8c898e1b8a22c2825aefa2c29a1a083a804

SHA512
afff6d7e7f4e7d97a8c1cb0b10aab50e3862633bee341d332ccad538490663e08f87e46ef61b8c46db82c39d64a31dd1525aab9c5c69525d052e9a60af918121

Download Submit