40f36fbc5060986f94f9a8ebe6841c343858ce3eb7ca9dd04f01685cbd6d8184

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

872a5826187fcd8c218efcb2866a26e9_JaffaCakes118.html
Size

114KB
MD5

872a5826187fcd8c218efcb2866a26e9
SHA1

a376cc6c21b36c6787eadc35852dab65bb063756
SHA256

40f36fbc5060986f94f9a8ebe6841c343858ce3eb7ca9dd04f01685cbd6d8184
SHA512

2e24b70f563548e9242e495a6a38f543855a36ce02d01a328ba0263f84caf11dc38a8b0bffe2bf66bd4e958ad2caebd43187b0b2d88abde72b97600879bd2600
SSDEEP

3072:5D3nDNbRE2/0YVNGcJjzg6Ty1CyQ2l6QZ++KHi3oCfxQo9oJGQD4H9:5D3nDbzGcJjzg6Ty1eQZ5PQg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
1548	msedge.exe
1548	msedge.exe
224	identity_helper.exe
224	identity_helper.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 4688	1548	msedge.exe	84
PID 1548 wrote to memory of 4688	1548	msedge.exe	84
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3252	1548	msedge.exe	86
PID 1548 wrote to memory of 3372	1548	msedge.exe	87
PID 1548 wrote to memory of 3372	1548	msedge.exe	87
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88
PID 1548 wrote to memory of 4972	1548	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\872a5826187fcd8c218efcb2866a26e9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa592846f8,0x7ffa59284708,0x7ffa59284718
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1692 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17900077171365609094,10077093035109667067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8cf8b729858d0a1e07da864c0a70b5da

SHA1
cfa274f9ffe0712b6890390ad4285ae8d16951bb

SHA256
a9d6dc732a34c4758527598371ac4644c7707f07610c450fa52fb19335e00a18

SHA512
147f30448f85d3e33940ac8d05d7acb83d722eeeff41c0f5c3228c20cc49cca27f26e4c38f3a1c60c154cfd87fedfdc209d510606242717456ccdfce8c2f502f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
80dafaa41bd341b1c9643e7689e9efec

SHA1
b29dba6669aab704cdc07f95e9e07d4c0539f36e

SHA256
58e7975770314a8d84ec9c9b57cb8c3026c7b82745da11dc89f697f5c39076b5

SHA512
17c746fe7c676721fdaa864cee88385f4d8c1ba1f42fab76b6b66232d1f96dff51f76f9fa9f6fc022c063f860c24e0bcf20851fbf87d4b4f053c507581433275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31dab9a799a87f4e3833bc58e54adb45

SHA1
6eecba2682c2f5dba44515c68d091d895dcd740c

SHA256
47923e83eeb0bb594fcb9d013890069dafdf1eaaa5b478b77ae75531513a6890

SHA512
f71aebd0affb7752bd69fc328732a7922f14be1f5851f053d4e406bca7ecbe7177c6ba9655663e5883e24f2c80df7ac89b113f5174aa3c0813a065b251b4ab08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77361de91f776081e9e4b366d3ac7de0

SHA1
67b47cddde796a1b11b118db3c539f9b08d7b1c9

SHA256
357a86cd6b31f2eca0cdbe17961d6d47aeab2c69d26145de5c189ea2c37011ee

SHA512
a46b048cf8dcf5359f60059332432c1ecfbdc8a1daa945b6614fae1cd1d958bbba623fc963722392659c89fbf868770acfb4d37b053e406d70452dd620dd2ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
155d10fb84007aa41fa2075c8a9ec431

SHA1
fc518b5a4357b38e39e60b981cd24c716b9b0eeb

SHA256
649745cc348d54dd7863317b97767cabd8e43b0f5804b3cc9c3ddec1b66ec51a

SHA512
23685dad0f391238060995f54b58a021ef91c517023d502c7fef3e5284923e4a311ac6de830dac11ccd06e01456031db2f87d1834f42be56d49c2fceed56331b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f9b4cc571f94639372116e0deb40f7a3

SHA1
2e3e36497c8703bd64a8ed8f7a7478873e2e897f

SHA256
841855ae46008b47ec90661ba44accb790b5b7260030b3d2fdc344f31815613b

SHA512
109ca39a1a03ac1d68c0c18c3dccf0b7e8944ea6cc2052fa814f7f453b19def9c9f79ed58cdcf3554cf717e99a045a539c9c284d5a3e8612a48ed558c8fc8127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58056a.TMP

Filesize
539B

MD5
1d73d326e4bcb8b6cd342041d241037b

SHA1
07441b136f03a9ba2298ced44ef88fccdbdaa516

SHA256
b09b57c6d4228e24a33e283cf4e4ff60995e18bddf26ee3cd7f3be098fecf294

SHA512
98f7d56c6d927433f8d12629ce9d7795fdbad007ba9ccc83c7d93e0a2ae58a8c5eb9626805db701413b3b4edbb4240bbacf9144b362573124db79c2764a55b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d4a258d0a0ca7087882c295294a829bc

SHA1
0ca0f88ff46b27fe736a49b6b1479ff11de59cc3

SHA256
ffa5bbff3dcec15dc568b23ff662fbd711133bdf5eb122b510a777851d9430a2

SHA512
2b24bdf05b16916e73c4db6a80b90602aaae81656f04b55bd35eba1f90dce202a5f436479a2270b9050efaf9eee34d6fbcf7259a120d88921aed43bff630c503

Download Submit