b467942ed775d51e0b1df8a6333719126a5f8df989cac1a1c49deba87b2a61fd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8340463651d4b8be106217e9588f748c_JaffaCakes118.html
Size

105KB
MD5

8340463651d4b8be106217e9588f748c
SHA1

972216355853dc9bbe9f79c593d523ff708390f8
SHA256

b467942ed775d51e0b1df8a6333719126a5f8df989cac1a1c49deba87b2a61fd
SHA512

2ef58fbb132592abf52023ef66ec2fe8de1af5d29324484a670b3fd92e100e4a5998ba5686238fb9ca62f5017069dbb0854a510903eeaf1534f03cc6c491017d
SSDEEP

3072:YLy4lKw3sI5i8Xikmf46dvf7ue14wvgylvB5a4WOgMU2S+nOTAeTwdCZ6OK1Enxo:xfLHSCT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
64	msedge.exe
64	msedge.exe
2696	identity_helper.exe
2696	identity_helper.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 4952	64	msedge.exe	82
PID 64 wrote to memory of 4952	64	msedge.exe	82
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 1712	64	msedge.exe	84
PID 64 wrote to memory of 556	64	msedge.exe	85
PID 64 wrote to memory of 556	64	msedge.exe	85
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86
PID 64 wrote to memory of 4756	64	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8340463651d4b8be106217e9588f748c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde10f46f8,0x7ffde10f4708,0x7ffde10f4718
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15942579336046113504,3496521362336454272,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e22410f5deb5d8e4d42c616fa58933ec

SHA1
f1ac0d09c4b3d9c71535c9d68ea5b9b427d57c89

SHA256
93cff2b373f5c9ccdc2e6cadfab2ca455c8c7bb86dddfbb18969f4f1c401d8eb

SHA512
618eb915b8955aa400621b0b26d4b4a5adf7664476c4bf3435b3b3b579c58e2f81d3553829b603ae468fa960471fbd8edd5182a4747c88ed524b97810078b298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cb644cef6e6a54cd5335c7d7a57109f7

SHA1
e4eb3edbcc287e7af628c4c3b96b883ec506f40f

SHA256
b56e2d97425d90811ad053e509806774381646c4cd3112431cc792154ea8ed49

SHA512
bf2539ca029ac29b1c0e6ea9cfc4561c8c7508438e690236ba4b9335b7cd62512981f16be968a10066bc90c02ae79f1b5e98f9b71ec55f9e48b5ca4500ae1912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f5c774d02083ed39ee169b2881ddc209

SHA1
773b89671d38e454fdb4ee3d90bbcde115a7f555

SHA256
2b17a4e675b51f4a888b15c0fe8d6c488b4535189262bc7cfedaf123f776bca5

SHA512
94e760c3b0c8ab5f2079af3532621118e16539003b6d976a45ef4df8ab94e9d3ee3d826c019dae805384e17fda892061f4872a642bfdc000603badb7c11a12c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcbbe4ea85191b67f51c69c56e138acd

SHA1
3ce11bbfcfa73450c1aa31ddcdafb87b9d516e3b

SHA256
c5fda3e797f9252896dc931fea5c60e4d6f45130b71e79f3b676bf670f1cf711

SHA512
9e8f73a6c0a43861e42e4e93c4bb06ffdf15dd4cdfde0ff8143979e2bb52a7e3f0542bbec193b6e436c66bfc008a66dd5f98565f006b665036b4ad3a59dbdeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb89c773f56b99bc80d7d517a3421261

SHA1
e76052a7cbc84e34422c6179cffaeca90700b440

SHA256
34021aa19eb35e477d72ae35034b7049e1d1c1df974c063347d21d654e450c8d

SHA512
d5f144f34a98a8d75eb04408cd3b637d42ea24f4a116022dff25faaa05540059a1537bdac9aa746d7faaa176153bef101d78adad4fa402ea91d1204e63d05e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cc629514132f960aabc28482c92a858

SHA1
311ad92f5beb34591189e683bc9458d2a33edaeb

SHA256
157148fdc7a48aa638ef843f8a51166d30d334a500b2ea91df6da42a07b765f6

SHA512
2985b080538885864931df674abd103d99de8a56563d10b3779ce373c126c1557a3dca3d985575d2d99cf3d01d019d0dc6f3422ea92e8b822aa9331de626947b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
dceea24f27192447fc158dd104d00a87

SHA1
ae68b08fb0c3deb77cd5827bac4ecbe5eb6d3f06

SHA256
226549773d14b2526e7d508e92f273955c79a0c81a389195c54a44f3a0df841f

SHA512
450d60711e90482c2747f4d281fed2dc137a613b6ba7531d2c52f2398666f401200eca79d16d1f4725b83532fe8349d35305724244efd0878c869236b8f344ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581fc8.TMP

Filesize
371B

MD5
cb2ca0e4de053bfd33f2442da4e89c78

SHA1
559d6c6050dcbe99131b782af980240a4bb8874c

SHA256
e95eff7bff3e50d3de7dccaed4353d6dbb8f1a6e6ece7290bc5a4fdf085c34d7

SHA512
7c0c8597227205071ffff9f6ff65ca3cfa9a4983b421de471abce5fa30ac63df14520ad32d85678ba05d759b291d5fc8090d8c2ec8da4c2afb5fe8b2a4b7b358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d51628ba69a06e21492213273d6a9d9

SHA1
30a86dc8d14360f785ec397c557cf55820d9db06

SHA256
a8a36e361080aa1bae4e0a6331558203d23a1a4777efd3a16d11efb7827507e7

SHA512
98793ec1646d9f8b29b5d57f3d42edfa5edf47a893dd9753297edcb665c80e35a0ec415c67a50938215bc63bd187c49599d5be47ac57110b9a78077e7bf1def4

Download Submit