1afd97fe1c928d72c02421312240d62d38463cf9fea7043c93560d0a76a28573

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3708a10497d4bfa2a252e76255a1bf77_JaffaCakes118.html
Size

13KB
MD5

3708a10497d4bfa2a252e76255a1bf77
SHA1

865bea4fbc76376565a07445900a6b40cafe49f9
SHA256

1afd97fe1c928d72c02421312240d62d38463cf9fea7043c93560d0a76a28573
SHA512

4f55130fb8d7bc0583cc7a4731b671e7f01e2cc1bed6e73c89452efed0d7f2c43ea89db612255fca37a6bb8aa6cafcc54199c5840c8636b14803ad311e6f8cac
SSDEEP

192:nqwh55jctRlrmbXWoEbPEYYkb/db0K/r5ktZ2oseFMj7FL+CGoG2TJlmP3KTAL3N:nHdc0jYj9Tb2K/r5kt+eMjBL+CGop2V

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
1840	msedge.exe
1840	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 212	1840	msedge.exe	85
PID 1840 wrote to memory of 212	1840	msedge.exe	85
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 3944	1840	msedge.exe	86
PID 1840 wrote to memory of 2344	1840	msedge.exe	87
PID 1840 wrote to memory of 2344	1840	msedge.exe	87
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88
PID 1840 wrote to memory of 3264	1840	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3708a10497d4bfa2a252e76255a1bf77_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc54be46f8,0x7ffc54be4708,0x7ffc54be4718
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11428249648644018762,12995462465101817862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
98c6df5cbffef7a3356020035160f44b

SHA1
8e25359266969acf7216691b4b0fde7912cdb496

SHA256
b40fab94cc9c26e129b8b5fbf86551237d8b6329e54d0e2114bfdfb4793fe314

SHA512
9b0f7ef68fff01a30f22d16f054c1056b3ea94dfe34de8d97e670c55d6d1f99898ea258c09078dcb0c291b7e5d78c4422f89405b1ddc1b867b3ca296b97da556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9a1f8892f72a296d78cba00815516308

SHA1
e621b4c7cd2da52872afef4144048b7e5211cc92

SHA256
f13bc57d8a57702911eefc7fee28b3338479581aca6bc5c7c01d2b0ea360e87b

SHA512
7cb33d689d59fe54646611e490a79380dd95e2ab3d4d2c21fd6424f3257cf4717a535a7691792a85dd5321e0ef9f0758f98d5a11d83bc6393fe98876a5623676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee13224fab5db11e40498ceaaab11ea3

SHA1
0538dd0ea006d8c3f756fc207c56531e6967a67d

SHA256
4906efb3c3094281bcf5ead2df78d3a3955ef5dd732ea6f37b83b9997422750e

SHA512
2209ff21543eab3e50a2cdf71fb92d098ccaca6a1fdbbff890618fb1a46ba913a73bdeed78bd2969cab235169b5d6ae681bfcd5a4d537f7e9b7e9fe7f1578e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95a3eb1d832076b2d78f57dc6c8394b8

SHA1
ac839ef91e8d985940e8a55998e28b7115be90b7

SHA256
d6e17d88ca2ed8675b24ac422ccd0164758ad034855be5af5bbc5fa92504f474

SHA512
7105a3129859c4dcf6938af72ad1b6134f6c4aaf6bb8c8a16029fb1841921e073689531aa58ca3baa804c57886541ee1ec8c67ebf1179a809bacbabc7153460a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7abd17ff94448d1038243be54133193a

SHA1
671d7eefe1a86c957a53f38f92dc87d77a9f27b8

SHA256
b76683dedd75ea3e4fd2f6a42a839132798e1c4d59677a9cda9d7b0b7fbebb27

SHA512
8720a4f441edad2b761ae0324e3c7260a8390b2cb834e5b916e3465272911c1e52cf031c00418183c73fa6f0a6ac33ef4e19eb6e223d422588f5fa0cab7e9ce2

Download Submit