77ae647eb9a2d3166ea6eb32a6f375d5b1f2f85f450c67b2cad89a8575eae648

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f0f498f2677c094054d733577a4f480_JaffaCakes118.html
Size

41KB
MD5

0f0f498f2677c094054d733577a4f480
SHA1

cb3d9bce3b7551cf2436d8ddf0d1d03153534564
SHA256

77ae647eb9a2d3166ea6eb32a6f375d5b1f2f85f450c67b2cad89a8575eae648
SHA512

02f0e8b8dd186c34b5f39ed06b546589fbc36c7fb0bf96931f9ce6178f7b332caa7e077ed6064ca31f2fafcb179673103ee5f9904c828c2828d30b94934a054b
SSDEEP

768:uk1ATx+Bw24Tp7UIYphYA+iQFV9kctjRB2S3p:OqIYphYA9KHtjRl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
2428	msedge.exe
2428	msedge.exe
3492	identity_helper.exe
3492	identity_helper.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 1096	2428	msedge.exe	81
PID 2428 wrote to memory of 1096	2428	msedge.exe	81
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3388	2428	msedge.exe	82
PID 2428 wrote to memory of 3040	2428	msedge.exe	83
PID 2428 wrote to memory of 3040	2428	msedge.exe	83
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84
PID 2428 wrote to memory of 3956	2428	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0f0f498f2677c094054d733577a4f480_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11448775664774880023,2704861696026953058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
21KB

MD5
ff707dbea4d040f3d79c697ba0daf3f9

SHA1
bd1a0f4af57137c44f8cd57896ec47a7028e1418

SHA256
15ba736f7df870aed03896ec1d459b8413bf06e76620633042529d1edaa8cbe5

SHA512
2eb4ab6877cbe224aaeaa6ba84471134ceb7a6066a59150e5fb60d4e58a60753e3334f803338e831e2ad12c361f9f593bc0f1c38b7777f5601d961929647e48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
45KB

MD5
94019c00785285cd78d6da8a1bdeaf80

SHA1
33ba11bbe8c91eca17a84c3dcae4667638a61b57

SHA256
2ea5a487d117c082ab04c8b2d979adc04c18f496af90ef2caf9910d9902ef8a9

SHA512
b58d23d9333290e203ee3191cbcca4686ae1f9b4c135ee8a8e0f014e7db4efdcffe6aa82b502b2d8e63bde705895a04726d799a4c6b0e22783b6925b4d297d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
157df301b1aac666cdee13cd39851ca6

SHA1
c98a78fa7042433fb3c8f134891d1421806e08d8

SHA256
5da7b3c62ae66661ee4089cf98ab5f126bd5b36769f7e341724fb54edddfd45e

SHA512
3207cdf8948984a81e1b3e95922730ce4a55c15ab3f64f277a9e96b869afcc08e87e471a680d8efaf669ce7624ce16dede5f9268e20b9fbe889b58056338e541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e0e3b9607fb3f5e84bf03e801f035dc8

SHA1
2a03f2c71f6547c6363cb7905ff7eb073937f28b

SHA256
636797a0a25285f48c424cedbd0b65baf2c8a9bb589bd6c39a2011cedc56a8c0

SHA512
36e7eefe913568ecdfdb81caea6b5bcc4aed34da4afd9771e916c3425bd733e82f65e5370f105f109c68b4b42c86b6d821aebdf544269e6cd707a0c177bf1203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a888276a6672e3a214ed75a48859a45

SHA1
b4076ce91e7bdc7c6394ec995ffa0f901223feb3

SHA256
5b77b92c584237ebbbaf53c50b8c059e26e63f053a06ff40aa2f7d4b80c3f281

SHA512
4e6236f00a8ee2efc8ab2179bf43cb4fa8394eb69a167ce1f724a865ac703fe72b0896bc94c5f9a638cdc840b95a8f4bc85611b9f6b572243f47bf7a8d01439a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
399405d0e8176191e41f97e8921aba1d

SHA1
7d5da126cfdb986539dd8c84d9fa826059c4c497

SHA256
d025ed80373b98a2062433e0b37e90473a8bde12c2415a765a86a7c40b8d1431

SHA512
80d39cc2922f8bb7be1cd8c88544091dfa378cd38dbc8707d95fa909ae3dce54de66aed661fb7f96539c3ddb6b845c52554c34d3b46c8496d4d8d06e18c01a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b5655696ef79206d8bf4121c52ee903

SHA1
6868022dde46fdcfc060239cf07df7d85a12f3e6

SHA256
10ea2f5e2158bd6cebf851003a29622a45456f09f53157e39896fa1bf7d4dba9

SHA512
38433a851f56825227feb9f9cfa3e260530dd8e84c33e6597d53a800ac1ea40c7165cc16e62e17396e96abb2265fd38b66676263ed606e45f94e4833561ee84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81fdaced3a65ce8dc57e4a0120a5ac1f

SHA1
53d2e3c99ff63b52049e18c7a9d0b815f4a5b311

SHA256
55581f08ec23425b9b5c31eb182679d0a74fa2bf959f2969386af4abf8e7cd99

SHA512
ac396123bff8763e92d1fedcdf6f863505df2bc37a9a31180a758ac924fdeed2e016b8d503350f554d1586b52f5971819728c23d571d2a4442596bd62120d3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9b9188b8c44fd88f7c2695e7484c10fd

SHA1
8acc91c84650878543ca2133f95fcccad6362d82

SHA256
26219548ad6782c901393ef183f3eb1ac659f83a3d973289e955335abe81b2e5

SHA512
2dc78f83b9b6924d10513b5c73f6f24402fc6c23bc76b23525ba492e72cc434af13383d917996311b019791f3ed7aeb64dd6fb62f3ad4627a887d71fa1a78eee

Download Submit