691376ad3c078e050193424e580624e69d2ce3fc6481f456232c5e547df0bdc4

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79741a4223c1a8d3d7fe3caf596b53ed_JaffaCakes118.html
Size

175KB
MD5

79741a4223c1a8d3d7fe3caf596b53ed
SHA1

3f48776f0ba590b5629c249a48e11bca3578f41e
SHA256

691376ad3c078e050193424e580624e69d2ce3fc6481f456232c5e547df0bdc4
SHA512

8de60f5df716b97db432554ca24a790b0440ab3dc259fdf047c0921d50ebe7263a28b29f3520353e3b29fe2d3c23bedb32f70047e2a999925e0dc669987a1cd9
SSDEEP

1536:SqtO8gd8Wu8pI8Cd8hd8dQgbH//WoS3VGNkFJYfBCJiZ++aeTH+WK/Lf1/hpnVSV:SaCT3V/FsBCJi5B

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
2724	msedge.exe
2724	msedge.exe
1852	identity_helper.exe
1852	identity_helper.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2464	2724	msedge.exe	81
PID 2724 wrote to memory of 2464	2724	msedge.exe	81
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2712	2724	msedge.exe	82
PID 2724 wrote to memory of 2628	2724	msedge.exe	83
PID 2724 wrote to memory of 2628	2724	msedge.exe	83
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84
PID 2724 wrote to memory of 4084	2724	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79741a4223c1a8d3d7fe3caf596b53ed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff42724718
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12634043694120089697,10372814648325306098,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
4f9464f11893e5c5326fad9b7b32b5fb

SHA1
906ab706aeb93a0269b395977c81d4ac712fa6d7

SHA256
a9887a2bdee6be02216bd40095319057e7035483f5093cbb8168435be2ab8ebf

SHA512
b77ab917476f60a2d9994902a07f9a79edf28cc36f7b1c972231100d45f9e2d0b65c81b63f41a6fa98c6beb7ce7727f8b928b3b404b9619c0c6a176f3a41931d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ecc00618a3a9939d23917b0e3c636f6

SHA1
20e14b1a59ffddb0664a2a1b2430f95e0cea3459

SHA256
b44e1a4193544124690ccac8589903db53b0198d1318c9030595af6e6f28ad7d

SHA512
3a20d6485f857a919d00667f24bbb604b7502e91097ff76aa97aaf420a726f3bd73939dc8371e6a980fb4896969f8e11b3f3f7a812a2e58eee185fc381fcce94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
445db7e2d5573a0760fb6e25e1b7d872

SHA1
0dec66a1aa4d51334e113648932278f90fa14f4d

SHA256
be9e9c6b7655c546599598ce020c6dd967323bb4ef11abc419e968b2947b0f90

SHA512
1518c0ad063d439ade8ef9585ba325e5a17f8f5dd76ce0f9f86575c9f5f385b9abb4615892739bd6c93699d35c5b7700f1ed86ce6dbaff3d0c3b41b18e5f5646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f22b46480a51ce96e5a0ad9a6896bcee

SHA1
1d233778af8ed6741c3a3aeb1fde9341d480affe

SHA256
4df7cf5e0ee427ef8c78ad759209922a49670b367814029fb79127571a676ef2

SHA512
aef0715dc86b2971c900295080a97036a694b84501d558f6333f8b197507781a1ce503ddf9345b97783ef90f390988c8e7d01d16ddfa8b69ae443b8fe14064fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4a632718d11c101b98f5ca9d0a1e920

SHA1
389f66c0fb50703c57c4863c9b27bda3a79b3772

SHA256
d760e05833df269ae8ec3488d693255b114711df58bf2bb363a5f70ad9e2ca5f

SHA512
b5a12d22867a15f27031c18babbe395add6a76ff82d62f413f16ec6307d0f935ef8ac341a5ab64b9afc14d6734478b0f2921d1db45d241b12863b5ac2a464830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ebb8f5cef54ee93d845067e949479826

SHA1
9f19bae6c12a8304c16d8f429c6b8233611d8786

SHA256
bb5647d114e18bf687d7501043fef3177f891475a6b9ed819ac5113996d1a59f

SHA512
301fc924cdd6a38662e2f52bbf9d9ac5bc8090103a263aa1c66ec375e7f462a08701d01d3932d659f388b56803d8d31fd3f791fda7c850724e9a5ed28e9a66f8

Download Submit