18285d5ec76ce81e40e95ef22354bdcd16d85f493f68aeb2b674773985c35b86

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240708-en
resource tags

arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e3ef40913ec8b6a5899178e8dc00e27_JaffaCakes118.html
Size

57KB
MD5

2e3ef40913ec8b6a5899178e8dc00e27
SHA1

695a3b98a9e5cb2b7cc54d76490d9e8f668b1ac1
SHA256

18285d5ec76ce81e40e95ef22354bdcd16d85f493f68aeb2b674773985c35b86
SHA512

df21038871d82bd29aa1eae065cdebd38ea4bfc6d465b6796fe5bc6668c3f303ebdb9a493c9d33c171f559c9b84118c0945a5eb7f650d7375d94219942eb1e7c
SSDEEP

1536:gQZBCCOdZ0IxC6jPNfjfRfcf7fKf6fmfJfGfRf3fwfmfLfHfqf/FfqfHfsfdfTfd:gk2H0IxtLpEjSyuR+JPIeTfSVi/01L6W

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
4092	msedge.exe
4092	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 1376	4092	msedge.exe	80
PID 4092 wrote to memory of 1376	4092	msedge.exe	80
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 3636	4092	msedge.exe	82
PID 4092 wrote to memory of 4228	4092	msedge.exe	83
PID 4092 wrote to memory of 4228	4092	msedge.exe	83
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84
PID 4092 wrote to memory of 2220	4092	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e3ef40913ec8b6a5899178e8dc00e27_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc5b946f8,0x7ffcc5b94708,0x7ffcc5b94718
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8731385216169569549,8549725181188145154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
97f8be9c465b0ed67c2415868506c354

SHA1
cdb221d6debcf55615d3b5f30796e32065046dd9

SHA256
b606a1ee10b65eb9077e7d2f3b34a0d7a1ed6a4802a169fe55449c975332ee02

SHA512
a0fe0ed30624658127316873137f4fc488a5916005e5e3f1f55b7d6442b54010c08d7037b94d0cf3c3316b1bb4acf91bad9e64ee6d15302e3cdd62bb18730542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ae84fc1e66cbbb7e9d28b0e12d64550

SHA1
100430bb653c896c11b94ac0bf2297a389ea5ad8

SHA256
856a9c0ac8c29f738a3501b6bd007fd8cbbac211e461b91f4caff52dd41da75c

SHA512
7fe7a8639d96118b843e67a6a6d397271b181dc6b049e6f7de77bee9c9214690b1b7f73164f7e463e117406dc978334ea02397fd639140598f60f89c6aaddbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
e37747f6b984c88582697c6d2a4e5eda

SHA1
8b1be4152e94176614703e492a8a5934aa908154

SHA256
e98dfe7d8a222fd2aa7eaffc529db036b7372b42f10ecc7b00a4e2f832aa7a81

SHA512
df97f3f31745f4513740dce006bdfed06b9c2fcbb99340ebd8213f85db215c44fb5d4b17906e997813e13a3317a7458bb415b9d4211958e3b2af5eed33b3fb5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d009696c08d8eba50c8bc212cb3d0a3e

SHA1
5031d227ef934b0fbf68678c8e97a5e87110363d

SHA256
3a4161840bd37ae9b8365e0eab93f30d04e4f7c3537cdbbabc631c151ae98c27

SHA512
a797a636788e635e53fde5ee423661a5e78ad9af34a2b9b8566b4436b48ea6eaf1f129fc0dc73b1b68fcf3b6d5f327af6eff118833d7c95cb9255f2584eff22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6ee5b58c6ae3a2021de8a4f61cd363a

SHA1
cf6b70fb63222eb03f247b8289fdb9b880e995b9

SHA256
f63b024490429889a316473cbe669f88afa2e450847f76eb4906122d5f92964b

SHA512
fb3771d3e9d9aac4221f5b8889f47daf1ac56dd02880020401ab1ff610fbd2ce781da55d0eb52ac2a873fb382e5ae5a701c906a0ae63b9314e0165cbcaf3af1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0a20f8c0bb591acbe76035ac4cde6e2

SHA1
80c50f75dd0cce761bb9d1780e5d775cdeca893c

SHA256
3c017af279867058f05c19622bff0fc6046e8af7e467cf22dc907db912746ef7

SHA512
7a9c292e12ee0fb65df5512c766ccc173034340359803b4bd1154805da0f1b32d400b29bfdb207f757b08b14ec37251b66dc302a9fa5a8b69ff7470e770d0404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a256f8af6f17b4460a915bcc55ee164d

SHA1
553e5703349a50632544df1454f26767dcd05b8d

SHA256
3e11ea77c13d4d6d51473e8b8fa0ae298e3bb2e983b3065d40088504d4b33b96

SHA512
ce918098df0826c8ab875044f724668c11c491b665b2d4b145c9a2de20e462be82068af450fd1c44d3609d274c87fcc0f416fc79afb480f84662b9909da79e94

Download Submit