64ffe4ae220c3bf37b3e136355a2e701b59f9f0be4f348aefbf3cf2b67012e85

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 16:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd4c8e053202be21219c2d03b9a2b7ec_JaffaCakes118.html
Size

175KB
MD5

bd4c8e053202be21219c2d03b9a2b7ec
SHA1

b4e47311e43743b5fe3d7dd8d15567a6929e1955
SHA256

64ffe4ae220c3bf37b3e136355a2e701b59f9f0be4f348aefbf3cf2b67012e85
SHA512

c1ddb700fb53141ed8018925a2beefaf00c0bd5b7fa11910f77554c659de6e4bde0a34ee08742b4f05b6b1601e353c64fda664f9d53ff6af321611ad15ee0a29
SSDEEP

1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS37GNkFhYfBCJiZK+aeTH+WK/Lf1/hpnVSV:SHCT37/F0BCJi5B

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
4300	msedge.exe
4300	msedge.exe
1624	identity_helper.exe
1624	identity_helper.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 2000	4300	msedge.exe	82
PID 4300 wrote to memory of 2000	4300	msedge.exe	82
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 3092	4300	msedge.exe	83
PID 4300 wrote to memory of 680	4300	msedge.exe	84
PID 4300 wrote to memory of 680	4300	msedge.exe	84
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85
PID 4300 wrote to memory of 3164	4300	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bd4c8e053202be21219c2d03b9a2b7ec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa600246f8,0x7ffa60024708,0x7ffa60024718
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18080562430801204157,13269679330270306353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
550add5851d7d66b5a9d5b9731c254b4

SHA1
b46d7a4180c7452828fa7cf817c0282465d60604

SHA256
abdbc97124757486bd188294523eb8afff4907bad7a1d53442d44ac933a768ab

SHA512
9b9fb30d1a28bbdec5e3ced9d36b9ed226b7eb8c0e8347ad1be5b28b2ec5ebdd9288ae2feddda2d4c23b110aa957991e3caeb2923dbf827da92b52be1cd5c993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
551f53ab777580ceede2e701a9914c5c

SHA1
b3f1c6e42dd3f9f3643b8b5d38d273b0e7c834e9

SHA256
c3a3077ba115169387c08b1867318afaef8c0e055c5d7fe8790db755bd462e70

SHA512
7fc1b07ab6d4dc5abbd3364d2bac4ab10ad4c1eb3a45062dcffc32c8bf5421ae36dd66f3625edd3f5be5ed80f6924c56c4b05fcd090820bb2ef07717b007941e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
34cce1d4f0c822fad6fb4e78f2b11112

SHA1
c60d3ba249d39b64c9ca9a2bfdbf71487e81c413

SHA256
c5135214290e91e380b385fbdf18b88b53d04644ad6449cb16f66c019f4e4456

SHA512
803e174907d47f4edd86944ee5fe20a68ff0435ccb3076de4a3cb35607d98671622b046a0de7dbd5b744a97f6902265a1795f33d041f3f4d7325c1005ae22d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e083af4409961b990f91dd045643ea38

SHA1
b63a838da5e9470ffbd59a462ab771f54032acc9

SHA256
9ea30a32117b2fa704e77cc801dedf9102a104a9af94e354696ca9a854ed3147

SHA512
33b8d9377bbc9a11ce60917cd4c326737f1a01d2f980061b6428bbb92a82f1ba991e3752e69b8af159a453d4b499adffcdbafcc5818eea6e607fe1b54962192a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
353c67194a6632222a880b8a8ab30171

SHA1
27f368f722997d7bc5ba9f4d0343f5177ad7b409

SHA256
de35d61986df734008a6ad240d02a7e69e875765eeeddb2bcc401aeeaabf72c7

SHA512
9e077d50ae26b8d98b103f81ba2a2b1cd75699837d6d4697e6850d0398bbf6bc622faf19cf1cb40f0380bf8d3a63f9888fbad5ce791c5ad657cd2a4377e4c0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fa2364b158bfc55ce9319a128fc44bb

SHA1
dc08ddea2b71f39a90b08cd5712f83ebe107c7ff

SHA256
954b0f11f8710b52f4a3a9b45589c6ffe2bb2841f390437b5e04a2aa82c96f5b

SHA512
48687e56f76dbd07dd63ae919b37d0aba89f397bc8bad3a9bd0853402086608d90b72c9690eb29efc2d33a98b4f448ee8cdaabd1b684d83da200202ef4a4c9b3

Download Submit