32cdda4fe0b6277cd4ba858e1977d485b864a3c74d69525da1b961d034c40f8f

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3356d35dc27e9ea4bd354fab829aec0_JaffaCakes118.html
Size

290KB
MD5

a3356d35dc27e9ea4bd354fab829aec0
SHA1

8e8b6b507086eaf042927c69d526902853b3ec92
SHA256

32cdda4fe0b6277cd4ba858e1977d485b864a3c74d69525da1b961d034c40f8f
SHA512

c434da524b820ad68d17dad6581b4d43ca5efc4efb67636c085ae9ecf5d4325f548f3dad7f546c5b22821dedfe38b959bb490836c481acae06f657fc59d29514
SSDEEP

6144:5vFSd9iQ54g4i1q5qqRqoMlqfqJq+qQfq37d7Ri7QVhaYA:59Sd9iQ54g4i1q5qqRqoMlqfqJq+qQfZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2080	msedge.exe
2080	msedge.exe
1932	msedge.exe
1932	msedge.exe
4664	identity_helper.exe
4664	identity_helper.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2448	1932	msedge.exe	80
PID 1932 wrote to memory of 2448	1932	msedge.exe	80
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2868	1932	msedge.exe	81
PID 1932 wrote to memory of 2080	1932	msedge.exe	82
PID 1932 wrote to memory of 2080	1932	msedge.exe	82
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83
PID 1932 wrote to memory of 3684	1932	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3356d35dc27e9ea4bd354fab829aec0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa63bf46f8,0x7ffa63bf4708,0x7ffa63bf4718
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8447914386288701130,11100916760052465495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
865f58b2c2a89a8c8d39feb8c5c01f37

SHA1
444894bc1e4ab3c84224af3c059a2b757d9e5c3a

SHA256
0456837814c3ddf4c344f2f78b7dffd09e4847bce2a79cb42506c72058c72f9a

SHA512
9d825f49043ed79cda6b5b86ef155b7952e10796ff2360adbccd1560d19d86bb103ed7f83833c6836b7d1db101738610b140e0a82e3a60557648ff8a5443bb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
451bee120bd8fbeba0b38f5acd846146

SHA1
7bf89c7ef4a03bb37045585e0cb3a07128bdcaf9

SHA256
3b74a09e03428239daa585fb685141ed94aa16d7de03d94d4fde7a82caabfaca

SHA512
311ffd8b7127a4db6e6b11298085151988abf5015dc63d35ed0654599110c168905612888d7aa44e8c379d6144a53638cdebe62ffd9112a8b0d1ba11ee5dc14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6c893106f3b4dc7c28f00cd4f5f5957f

SHA1
894e3ae135edc9fe5491bc600d3658676c01c277

SHA256
4462066b6facb4ffd319261fa5811d8e5011e9fd076b66a8d43909ae5b68ba56

SHA512
4ce55ae2089f845f4a3ee170a80e14206f612f1c8c61a70263060cfbb9cb7f90a66d93e399d9d8dbbb48d774c2ea3b696cb78dae365810091ac3e209a8480214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee3fd7814afdc248a1952b662b20b71d

SHA1
b8f00e6d9b874c8bc234b0dec7999182f32319e2

SHA256
e3e9e297a897e01db95febf09bdd5fc9f1c2ca2672c6f2641726967444ea82fd

SHA512
5f6e1b3faadd489d758b23444910409bb26282890e0cadbbc036e8d94a956e054e0a533beb0f103513516a7df120f7d3e1f776fd4fec825fd1088bf33d02f24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3902a7f718cf18bd4682e0562283f124

SHA1
113a436d2f684d6b819badf2a564348c92108fc7

SHA256
7bd719b3a0e361e1dab2834f9c3560a57fd0525bfb9f6afeec67cc596766a9be

SHA512
9fc96fe30751fba57610f514e4ebe1293538631f794b487bdf4b58ba23000cec503d30a71970e6ad4401870207a1bc52e95de5e66c1a5562f6a3f9e741296bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2133104fa2fb050c7cf82ca62565c38b

SHA1
cc3286d99dee34bbf076075ab9ff36f125d3c768

SHA256
02dd415e5754cbdc9720957b29c73e42a58617080daaaa4f5782a034d94af5a2

SHA512
b4fa9804bf8936dd922d19b13900d7e24ec94b5277b6c0fbe1d84844bb428d75d3f7d8f717d00f7fc91bd0c999061bc73d2339fb0c8f00cee073dec53037c57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a169371f4787d387fad59a1254d29af

SHA1
8fdddfcc0c26e7717450b6b3d8a579c59ac1bb1b

SHA256
c2e13e3e42bae894dbe3b622961ec4ae49a16c21b51e857b29d788c60b0d4473

SHA512
f99de134ae4582d816c74b456fadf6e151444412aa88eeccbd0f6074a7d5ad72dd027848c0800f85c4e9d6ca2190d73a338bae6b6ee1261339fc617a20f0e185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ba9a42cab2b5e59cff3d97d97a9357e3

SHA1
46cda912dc798f901464967d0dba837b270457bf

SHA256
837cd121e58c55db96b5156dd7fc04d75d56336eb5091cad69988b80d661dfb5

SHA512
d224066f475af66ac806303ee93532cdbdaeb66d13e8f3abb6e88871828a047055124a2871ec1afbd1c7a47e94be581544e651d08bf40558f4331eecc4e92261

Download Submit