6f0b6a6648bf28d77b00b37deab01aac661bb22f3910ec696a918ea1546c972d

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8116777c68f092879101b1d073d492f4_JaffaCakes118.html
Size

175KB
MD5

8116777c68f092879101b1d073d492f4
SHA1

847b9931890cb32ab9854d6beed86040468d38ee
SHA256

6f0b6a6648bf28d77b00b37deab01aac661bb22f3910ec696a918ea1546c972d
SHA512

3f9629028a25304744cad2f04f317582457bf95379d71c22e089eaa111dcd2e41241e6222c0fab5fbd14a92b30dfd3874f35b4f1579ee2f66a73479b3f1d4dff
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3yGNkFWYfBCJisr+aeTH+WK/Lf1/hmnVSV:SOoT3y/FfBCJiHm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4160	msedge.exe
4160	msedge.exe
1300	msedge.exe
1300	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 4856	1300	msedge.exe	82
PID 1300 wrote to memory of 4856	1300	msedge.exe	82
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 1964	1300	msedge.exe	83
PID 1300 wrote to memory of 4160	1300	msedge.exe	84
PID 1300 wrote to memory of 4160	1300	msedge.exe	84
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85
PID 1300 wrote to memory of 4932	1300	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8116777c68f092879101b1d073d492f4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1a3646f8,0x7ffb1a364708,0x7ffb1a364718
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8442807491627286782,9341707162391332856,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
f00345a6481b55d7efc83c62a3a44cdc

SHA1
51e2cd925ace5ff1bd61ad49baefd3f508dc2783

SHA256
e176cce2f156edef560352f151386b6df88c7e13123936fa7bf216e87e2d2743

SHA512
ab1f433a1fe55a45700b23a7e2621bad5a72307528e6a09d5211f2379ce7c94a052c0a62c467312ba95ffba70e2aab26090a4fd3373912abdc17e4f27ec064de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
935c0c0bc33c4b12ca17d33efc4e68ac

SHA1
f6d9180378a49855c299af37c84b1c9b219656e5

SHA256
dc5d4c32543911488914bb8631ef8011e3ce7a9ac30c12d8b3a3a8216b249bd2

SHA512
44ad36ef59491b3e63aeb025914f734d855a4540460669574bb71369276007880932a3dbc50c76702ebf9567d35fc357c6071da247b467175f186db6c8a73a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
747a73d1b2a577df5f730feb7f27787a

SHA1
2958ee89a57dde19bf9ba412155f3a5f2400345f

SHA256
0bfdc4df95d1d466b2484dcb11f2f66bd1413db8b41f081a49aacd9eb00613d2

SHA512
b693d609caac8dae00b8f3ade3371117d2fc2a8c5918846e17e9d26597b5c4b62d699cadf89f8e5bc4928863ec9d6f7f90cf09ceb99fe56a4b24ba73d940d885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b8fbe04a01782467f2a141d852b342b

SHA1
5322b29b8a4e42f65d1939719d1c4e418585ce4c

SHA256
1368e92d65d51cac342a760c9e58fda7bf7356fd13d20b75a95340b768316267

SHA512
cce300dcb9d0723fa7e8c4494ba580d7072458c760e4d589a86626af1d300701690bcd1d54d5d4ffbf1b0e0791d10f5a30e113b5f81af3eef1dc6e026aa5b0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b64aa2fc2e0a98ac317c5b01173107e

SHA1
9477eeb617b4e0936a64f78cb965040a04d2f001

SHA256
2614c67617d815330664b59fb758dd72eff81b43582f8c52b63343cc541669ca

SHA512
6da0e050fb942690dd3d7f053b6ef4fe98ea61812bfa9526c1dc9b94977c91c3d92f5a16bd22d33ea07bcb8874fcfa43dc719f03c6467ce834fc6a62f0d3e230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6cc525a8a43627582a1e1251dea5c22

SHA1
096d8e10a77d3d513c31cdf1d8ded8508dcf0ca6

SHA256
ed81885c915d15d12401d8ffdced503102019930712365c01f1b5d983fc06643

SHA512
a6b37272d859e33fe7ac21573e4f7c6b87a1eb0168e940af9e03fcaa84da0a85e9f99c3b66fb258108ac2a47e7c416d04da88a9e0b2e080a9b54373dab74acf3

Download Submit