ac412ccf11b4a7843841d308e8c1dea73ed0a7656e10e86b4166b1e3f2416d62

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 05:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

974cf4358a395b638d9d9ef42f94eea6_JaffaCakes118.html
Size

57KB
MD5

974cf4358a395b638d9d9ef42f94eea6
SHA1

d5472a54d6e41ed3a151e1bf3a5d6e9d9497a4b3
SHA256

ac412ccf11b4a7843841d308e8c1dea73ed0a7656e10e86b4166b1e3f2416d62
SHA512

d02050176b2759b3ae8daba999f647ed0da84771acce30099aec26b205341c23a4c11da443594fb5e3ec29be60d5793af18a35e0fa2a9eb1e543cc4f39a2a71e
SSDEEP

768:vmT0EipBlqcuVDHllodUgrK7P1gRCZMLfaFP7B7MHuJw38ljXahyuUhc:OTupBlqcuHOUge7PMCZML87EMl2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
696	identity_helper.exe
696	identity_helper.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 876	5032	msedge.exe	82
PID 5032 wrote to memory of 876	5032	msedge.exe	82
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4572	5032	msedge.exe	83
PID 5032 wrote to memory of 4956	5032	msedge.exe	84
PID 5032 wrote to memory of 4956	5032	msedge.exe	84
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85
PID 5032 wrote to memory of 2056	5032	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\974cf4358a395b638d9d9ef42f94eea6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,8725578168260223151,5849509745091942033,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
097aa2d00b32fe6864028cec5057c130

SHA1
927c7d12ffe3ce023cd0eb79075d5d9eb1a946bb

SHA256
a4fe2303759b7c68ed10d3234938b71b9443af778697552191130d9d799e67a5

SHA512
a748ee088cd5a2db3f3f17e34e9236d1edeac5ca4a61a1d7797703e2455304d4e41d8facd2503079beaf9dd66e65ecbb992bcf57c111940d4371347e89d327ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
02eb2993adddb78a8e608710fcd3a2dd

SHA1
c96c8e51edb076b854897c732f68292e190ee63d

SHA256
b0e162153e6c92087661841e11aa7c58d95937c6c03b55cb133ec9ea20d77f91

SHA512
150bc871d85ef168825c7a252ba68caed49154b66f3198d79c37fa4fec5e33668d2730ee5bd28c96b703c86e4e59677d21d4552d00af8c8892beb15999cbfe82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d82698b18de8fbf9a04ec32225fe90ce

SHA1
4842d71b7c1da6356994c90ee19be3fb7f459aba

SHA256
b4dd60c5f7d892bbb0781f3b66b18cc18e2dac616391169a6b6b2c9074b97a63

SHA512
e61c2f3b8c18417fc958cd5701dcd03d04e705728b648e3952f64390768d1c3c7842662060efb64a1bd816250ac2df32e16266226fe122a0e374db987f4b04a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3117d46ffcd60dbd3a04d6161f252820

SHA1
3d014d9286bb4da0e00ca3810b8286332319b581

SHA256
bc40dcf63418bd7454e3016e5aa046af8705e86a16520dc5566c0a14cbed0c30

SHA512
a7f8ff532b9451279291665e1d85467351bfc4eab1e1f9e92176790d303404dc1caa794c4f8130c094b60d71e4c9de9c68cfc60943b56ef899daf528ee6bb004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
313e5ecc39e54dfc69eb02ccdb558616

SHA1
37bfc047e6335a8a1a8ebcc94bbf1e58ecb083dc

SHA256
5447344961350d535e891fb3d2dd617eafe3f326abe43589b19fe118d62d2901

SHA512
10ee3e4b99d6edc639acbdf856188b84b137e5b5bd3aa3b91788e24bb6e56471f16965ab91f9eca0060054e46eb31b4370edc44298c4d4901a632b31c4448912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a51b9b7dc20b7dd7aaa15162d1e06315

SHA1
288cbb812ee647b51d4ee6d5c536d203c3edc851

SHA256
5ef81982acfa4692fbc1af4f25acb6db27c1113f9b7a97eb880e983c6eaef1d9

SHA512
64ad510c3f6d3ece5503025d9f7210029464e13d753b7e7cd7ea64804cfab4340da7dbb385cb98ad47ee7a372c040c7f235844fc890778da62733e36a1ab45ee

Download Submit