6183685015fc5fdef696edc73e2062c364c84a8050300732c28506959689eff0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b9bc66f9a52fe35c3f4b1d81a85ea00_JaffaCakes118.html
Size

38KB
MD5

8b9bc66f9a52fe35c3f4b1d81a85ea00
SHA1

8cb0b54a091e3d3f76f8d9ddd61a29e66a351942
SHA256

6183685015fc5fdef696edc73e2062c364c84a8050300732c28506959689eff0
SHA512

027262d1c053ab6a709c29fa4f639c55b85925bd98db8b7aa8a79a8d0bfe93018a604bd9eb9f9dee75962ed61e6376ad9ed97866e259bf1962ab8c7c38a87da8
SSDEEP

768:SwlnniLqBwYq8bcbo6DeYzSQPO2UhvE1iarKh45Tk:Spq7q8wbo6DeYzzPO2UhvEt5Q

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
1232	msedge.exe
1232	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
1204	identity_helper.exe
1204	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 5000	1232	msedge.exe	82
PID 1232 wrote to memory of 5000	1232	msedge.exe	82
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 4856	1232	msedge.exe	83
PID 1232 wrote to memory of 116	1232	msedge.exe	84
PID 1232 wrote to memory of 116	1232	msedge.exe	84
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85
PID 1232 wrote to memory of 3048	1232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b9bc66f9a52fe35c3f4b1d81a85ea00_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc030346f8,0x7ffc03034708,0x7ffc03034718
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6320405971822001879,4055802895476840673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1afe1edd5c53fbf95dc2edce6e496f56

SHA1
08c77b70b6f691d3bc197a92393a3c7eede3747c

SHA256
4be8b43b617e4326372b3c47a689d296d2ec2ffae299c1a6c3ff84d0dfb4408a

SHA512
e61add0e10d241fd153272309bd705807b458ba2362d562d062fadb4e389f7eb763c3fbb60af6532ad710b12fa2f1ab620ff5f9b69263b8951fb9c9921e5ba0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a22c766cbff2a5874dc9363a9c03bfb0

SHA1
b6fbfb8449279b4c42198066d80fd39ea35d49be

SHA256
8be83238d67f0b47021de4d5dd2befa7614ce8eef19db19dcbd6dddd24bed6bf

SHA512
52df5456ea970ff73dc99498a6adaa141f556e71cd649ea039ec4a396853e4414ea14bdf98a92e06760ea484b1e8a2e875c1f26aaf0c394e8f94a90d857dac30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41cfdba30240ef344d6ece5cbcd91fdd

SHA1
9f507574cb03582f62b5b07d4db984ad04f392fe

SHA256
1765e172aae017659a1e7339fbcff316ef3864887d26e8f92a45fbec7bffc7e1

SHA512
02e9b4fd01488e4819154f14575cc0ce09e8289a587ac89f44be15330814da9a6aca633143499ff2d99689ec443b29eea56d0999d6319c717ae2ba6b7c66703b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcf6d8e4415750c9abd493af03d6deae

SHA1
da86c17cfecb26440e7df5b7c88ea9d38b99ce45

SHA256
3bed7b2f84355178bd30b947a638ad1c3769b3ba0754c026fa717aa07b697bec

SHA512
94d37be1456bcdfa2e175831cb7e0e64ee2656ab370a2af411fa46c8210f12be87e257ae15de0a3ac692e70f39cf7199561e7798327fccf53fdfd2a9542dc174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19d7f495ee10fe737156d8949d341a3c

SHA1
ec91c882ccbb031f7e34e2acc75508c8daada05a

SHA256
10034094aa3480ab9ee3ecfdc0b44188118b32807ae2872c84810af4a2f3e8ea

SHA512
5885d8693be8355e73cbcb118fced046094fb62aaf1b7cd1acc5f8cda980d1288f9f58521462b0353b9e7c011fc4041f623aa231bd28f2aa4ab0d26ee9f77fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e6e2131652847a1c7c97191e235c42e5

SHA1
aee28b8f087daacff30b7876c990f04d375127b7

SHA256
4beac7941b38202073cf24047ddd4d85280a9b2622295cf8744d22cc06a19ebd

SHA512
180cd2ee90daffc9106a2e2620272e6392c238811a275889687e01d614ed49561aedd881c2f4b26afba56d6b2059deb6930bd5d71e010fb6285d949a6768d6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5965c5.TMP

Filesize
539B

MD5
6ea704585f69a20b6006ccfe80449536

SHA1
98edbfb1dfc9fc798a37405756de6105a9226838

SHA256
ddf3d1e76a7af23ebde94d87ebd83961f5c8da8d18e5cfdbd4022a6db27acc09

SHA512
bd9e267380f5da3aeeed41a5b3fe99ab41a9f3eae228c90c9808666b3d6225099b6de2f3216983e5f48b4e19aadcaa820cbc93f4d40f662ed22623c06dc0c88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56268d1a4fcaa50e4a15ed2984821f97

SHA1
4c6f06aae04022c455c156808594c16dc7632f60

SHA256
d1a346b3d99416d43cfc10f769343baf9dc618eeaf3ccc603224d4905d5b65ec

SHA512
5dfe0206d2f5ee92246b7fcfed743b511c3b28c5e4014e85a2198768921b470db64a40d4f7c1fecee70fd30dec0e70f16edce3538cd276ea90fb1fa52a618547

Download Submit