2edf4eb6421e87c5f0bb86aab15e57f06e6dc20e0661ab9f4f04f73e95017766

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

894d53837a33b0b2463909bad1f574ec_JaffaCakes118.html
Size

77KB
MD5

894d53837a33b0b2463909bad1f574ec
SHA1

3a371d652ceba06e1b00ec02827b66a4cdca82c3
SHA256

2edf4eb6421e87c5f0bb86aab15e57f06e6dc20e0661ab9f4f04f73e95017766
SHA512

08082fa97f33701b2477f7d9a57a5e91a8d5d0384af4d3e76e0a1c2fba3f273d2551b3ff159571f29f090580421b3a4ef8b31a4e05aa3c4bd529d6842f7c1029
SSDEEP

768:JW1ITbTFP0ejLVZopJRMscKzYsvxogXvJRjepEkxogXvJRje/A4P7f:JIITbTFMejLVqpkKznx0Nx14P7f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
3324	msedge.exe
3324	msedge.exe
2348	identity_helper.exe
2348	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4788	3324	msedge.exe	82
PID 3324 wrote to memory of 4788	3324	msedge.exe	82
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1856	3324	msedge.exe	83
PID 3324 wrote to memory of 1720	3324	msedge.exe	84
PID 3324 wrote to memory of 1720	3324	msedge.exe	84
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85
PID 3324 wrote to memory of 1644	3324	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\894d53837a33b0b2463909bad1f574ec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb042146f8,0x7ffb04214708,0x7ffb04214718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6506890993672190812,10194316967394036169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
475B

MD5
7dded827cf0932aa6f2803d181f3f794

SHA1
b3cba9d99fa25b2630bb8ef0a821d4115c2ad399

SHA256
a35310bfb82a9fa00089f1494d70dee090a13b6c06dbcb5b62870173340fc6fd

SHA512
bb204f9624a073d12843ec97226b3d117d6f85a255ff6d06424ede4d0128274fce6a2a1381d620d6fe05036b08de6d6ae58998b92ec1162f5c02ddd56c0d002a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98a11049a0a870cee759cf23836ddabf

SHA1
acedf11b2932115448386680f78d1c88921755be

SHA256
4ebdde16c59116cc23588dbb5c85fb5e59833e1dba0d2d5d8395d9fb32f0778e

SHA512
b252c56cd4da06e3815b97aaa662cfafe6f73fa0be1352ad863857d542ede1d2f2e7a1fe6c221e51146fa83d4ba13c4714cdb1f61c5499df0db0175e6659571f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c5419aafff37e80f1e53e9a7dc49f2f

SHA1
4e173b03da96560450f74b38f2f77516ea5fcb18

SHA256
8c84d86b076a50fa6bf6aed4e431b1fa884058329cc4aeb6e05f2a648bec5598

SHA512
ce839da2486aac711287e07ebbd3549d93c443a9e694a878d5d897874becd9ad33b2c2371d71e89d7bb7a7fb19ee2880dbbdef2053e1699ce6a19a58fb7fdb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b9b6fc129688aa263ec7cca687cc483

SHA1
90538a1ec0ac8707f3fb8ff0e4566784b37ec392

SHA256
fa282ca1dc696dbce1f77592990aae81bd9f3e3695cf724778cd2661e6252926

SHA512
a6704a0f70ce9c3c52b63a110184d519ef39cacefedc1ebdd3c9aa0b6f4d5c14f108d3e6ea71b9c2e9c77257a0ab5c077e6b88134eb01345ecb7acbab270d039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d08d735ca883b868a07ea202fe2b2193

SHA1
b30a67b3ae0ac1d44fd2634ab20cf5a34970f520

SHA256
affbfa0e7db09909f6c05dc94483b17f0cb42b25a9fed4599142a6d5169bdc78

SHA512
effffb2cb2ddc1709e43f07778a84bafef5af557fd10a7665a7721fa8e22c16a37b7f370e928ac29370c8944fa8f4e7f9d77e16076f38326c80554d4c3ddcf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c32532b5182228786869fc5f1c320dde

SHA1
39066b6705fac6fec8bed166e59c115f7a3d70cc

SHA256
5ca3af5240711ce9a798c810c29c4797dfe4b7ebc1e92f29025ad83d4d19694a

SHA512
5bb9ec161ee855c44bb7b08ba1fe9dfb80e0fdd315fe0abd3e94d234de141d40426732923c4e72dc35f6db5ddfff468d36b92a0a82d7861e8539dd7e9747cb94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b0fb26f575eca92adea7b1884e79725e

SHA1
9cef43e3c0c927b5302a64b372f6a09348d63966

SHA256
a90f13fb210dee90a77f1401fbcb9b3dae40da65f3aad97b234dd5a44335fa30

SHA512
f8271840df406ecd42f6c5b72b760718eaea4c476398ad5058a4d9b947089234338774ccf6a8428d95bf277b920a2626098d3f7ecaf0d989fc03247f70b284fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
25dcd1d7dd9382009bbf0c848ac3538f

SHA1
95be19c059400f754989aee0144b15fa63a955a9

SHA256
a92306eba0d5b22d7e104ccb2e223259f30c6c6b0ade9a9c48af437f60b850f4

SHA512
40a9f236a2fb84d63257b477b07d98985946cfc3996fc974861da0f2e116c11bd5925d7f60b981dcf3820cde233aa4b588176c7dc9adff6863b646df9f5258a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a44e.TMP

Filesize
203B

MD5
52e5e7bffd5b8b1143ba94a2ec65bd0c

SHA1
cbf662eae89ec927a9d1ce2a7a69da8aed4253b3

SHA256
af1c402e74f2345239fa22943c1d02bbc5425a6eecb7c6175243d4783640db9d

SHA512
14227b55b6500076e34366f6597d4f9184d419ec78e8a4f53c9bc96ff1982d3e7386ba79f2f335e775ebd1a8ab62b7aca066c966814c5c897e13ef12250cf040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
50caa6d0e27393ad23c570ba0ca8be54

SHA1
982edd7b07a7ae37860322faa445c60eb2989d72

SHA256
2c9d3986094f82793ec65183845638774b4e81600ba8a30e3f01922d965f1014

SHA512
929ec54ff1856f16c4874107e17ce2ec67333b5f5df6da042c9daad8a98d74da7330b704b5f5f10b816e87a144865600efdb4b11096e37dd2d848b6e04ad1561

Download Submit