8f9d84a894d036a59a5d380fa6109a50729c9a91874ed0b699df0fe12fef10ee

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 20:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b0050c97bd7c25d9b85833a4b390b778_JaffaCakes118.html
Size

27KB
MD5

b0050c97bd7c25d9b85833a4b390b778
SHA1

9442313c4d4da60c892c0f6611528e60f0bfea57
SHA256

8f9d84a894d036a59a5d380fa6109a50729c9a91874ed0b699df0fe12fef10ee
SHA512

a4c21b2632cda52c3c7390a6fb8f49856f6cb12e2fa9033dfd5512ca04be3e7f68264bd65857a4219d68755ddd58d3dfdd5338f6fa64a3a0e5ae8e3bcd8ea42d
SSDEEP

768:AyKy3zyHHvPWdo9e2vPunuGBVYsqlzW29JVK:Ay13+HH2dKeIPOBVYsqlznK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
508	msedge.exe
508	msedge.exe
744	msedge.exe
744	msedge.exe
3220	identity_helper.exe
3220	identity_helper.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 4756	744	msedge.exe	81
PID 744 wrote to memory of 4756	744	msedge.exe	81
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 1228	744	msedge.exe	82
PID 744 wrote to memory of 508	744	msedge.exe	83
PID 744 wrote to memory of 508	744	msedge.exe	83
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84
PID 744 wrote to memory of 1528	744	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b0050c97bd7c25d9b85833a4b390b778_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef34646f8,0x7ffef3464708,0x7ffef3464718
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,17938660410566976621,151820557376277051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f4405558e407aa863ff18668bad00516

SHA1
f740306933860a3c1eb895dfb16b459f5f3cb828

SHA256
50b449e6748fc125bac271fb2afda24a503c03a0237db438d8e1f13332b6cd4c

SHA512
2edf2f1f9f3041303e05141da11abdf09b9346cf5eeab4e4fa102f40e68ee9c9cc9942e65b3734cf06f9c837d8887f130038e3365c8ab7451165ff71c37a3888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f09c22fc94358d1860c4f3ce1e167c9c

SHA1
0d13a79138a7ee2e6adf600060bb9a9f0c298394

SHA256
8c542a9c86f80787f785a8049a8269208e5ce1f6e5461ad829c78c87f99757b6

SHA512
d447ce3cb7ceae594da57b975b6f956064dba117f736b8f55d7570b3932d2c1390cab45751eea560480acbd396e140134402053b8ff4cb2a231e653c27eba004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
df2fd6e92baf79faae8644924d211c69

SHA1
c6f27207ffbd28c35aa29ab988570e4fa268f70e

SHA256
9c69bcfb01625fd9f8d4c933593cbbd67a8827407eba7016ca8d5c49f54f166d

SHA512
37c9f15cfedaf3abd31b185faa672082ac049104731bc04c4ccebf01c5bc596cab2ab5112f604ad44a8df9328f241ae7bf58865f583cc6ba7ef408c9f0f0ed6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
938343641bff5910dfa2a48fba230e18

SHA1
5d678f2b3778f5c723cb3ce2808dd350851d1510

SHA256
6239e589d1adbce9168f0d3757a1eee2843eacb2f2ec293f63eac4ce99211583

SHA512
76d2a8b481e78526ac35a71f21510d591affb1709d2da2ba04e9023cdc538d32c22a5de746363d29f19398903b08b293125d6f225693c041a4a7819fa1b0aa38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f09f122c581f74134938e120c818ef31

SHA1
6bde282bcd5eac776a0053ac0e6d7fc855f4a12b

SHA256
311615eb2a92fec7fd2f0f22deaf852d1024f737a387961ffc60bc9dfc565544

SHA512
b8904d9aee6df8b5a3e0a60cfacbb2095d321cc8dc11e8d1ce1f84362d45ab62ce240bc7b6fc987b1a0023222815622da5352600a9fcaf5bfaafb3d64a32b280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8897ffd546ed3093f6a0ea6238b030d4

SHA1
217aefc9d08a1eb7a54cc5ef01c2577ff154b0a6

SHA256
befb1b0ed132ab0ee2858c18e2149a9131b20384b867ec9acef4965e23911018

SHA512
ba525b3d4636dcc8ae32cc4a0a1b02c4590f9544cf67fac9e76437b64ea98d5f69435668bfd9a0493fb69dded997ae8cab753ea2e3ed4e3969d8f5889930d4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
809a1e0f0d1230784289f75f1f1cab66

SHA1
946d5f98e5d894a728c67b6a816fd51a3badee4a

SHA256
083fbc4b655eb8d3f005a63cca29532d8d6556c1b4fe2b10f9f3ce59ce677e13

SHA512
0e924553042651361d6ef47c371b2f9dac0cbe06a64c447257e430780a644df4a6799bde0a77d1faf687cd7d62c6afcb2cbb6bf2f3409374d8771f84fa3f5676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
485b9f88a847d6a2d33f6e61c1570316

SHA1
92d50cc63297665d14cf78a15c6699e1ffbaadeb

SHA256
4a1d136c1f9c5c5805adb0381c72a377b9c3a14039a54d577c9823d155365675

SHA512
d23575ed5f049ccf71620b78c6027605858125a279f0b2ffdbcfede04d0b95f9bb7f0d0942aa5233acac9daaf51c30ce68985270a16576311cc5e6d5e4c3a366

Download Submit