32feec76790aec8426d9aa09fd217be884e173a4356eeef474692e5180b30cc3

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49de90165c7d8db0c065ebd1eb0e3eec_JaffaCakes118.html
Size

83KB
MD5

49de90165c7d8db0c065ebd1eb0e3eec
SHA1

1aa10fc831ca825b23592b538259d09a8f2e5ab6
SHA256

32feec76790aec8426d9aa09fd217be884e173a4356eeef474692e5180b30cc3
SHA512

86d004cab9c48c1327d3add1c9a10b0c553cea352eebad395f0f45f1e714a4f349e56750f113172dec77196d5f16270c3b67896791aa6be9d6373c90a4ebf894
SSDEEP

1536:w9zrHoEwOVtLl2FBTTQ1sCkgD0bUwHmE4UEbGtg:wQUtcFBTTQ9kgD0bUwHmE4UEbGtg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
1120	msedge.exe
1120	msedge.exe
4784	identity_helper.exe
4784	identity_helper.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2976	1120	msedge.exe	82
PID 1120 wrote to memory of 2976	1120	msedge.exe	82
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 3172	1120	msedge.exe	85
PID 1120 wrote to memory of 4776	1120	msedge.exe	86
PID 1120 wrote to memory of 4776	1120	msedge.exe	86
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87
PID 1120 wrote to memory of 520	1120	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\49de90165c7d8db0c065ebd1eb0e3eec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb9ca46f8,0x7ffdb9ca4708,0x7ffdb9ca4718
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4218902915375686455,17496776104513928626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
549baced2c151db8a02c3419aa5c01be

SHA1
1f36a9716da201c5e45c1cc23c349bbaae44a3c9

SHA256
11938f83bd463e29316808f3e118440f718f1c7a0761bc860171255a96cbefca

SHA512
12c40a66af58d9436d7c3361de906077402cfeded97361c81d9900d69d405b5ab002ac36aad3f8152c6083e00755442bd1bcd1766af26c097638051dfe1aa9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
45KB

MD5
94019c00785285cd78d6da8a1bdeaf80

SHA1
33ba11bbe8c91eca17a84c3dcae4667638a61b57

SHA256
2ea5a487d117c082ab04c8b2d979adc04c18f496af90ef2caf9910d9902ef8a9

SHA512
b58d23d9333290e203ee3191cbcca4686ae1f9b4c135ee8a8e0f014e7db4efdcffe6aa82b502b2d8e63bde705895a04726d799a4c6b0e22783b6925b4d297d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
cdfcbb6ace21c79ce1ae7a3e0e4d0785

SHA1
b1cd6c2ffe475ba4da843f4b91402053f86e8755

SHA256
fe5f25604481ff2430df08bd1cd3c51870f71b35c4d9d76d97a8cf1684c8646b

SHA512
01d48d0e41c7a6021332dc803f6c5b03fb4be8d5331a185c8d16b87943f343ad8256a9064a6a93b7bd3f99a4b2e50b6f2b1cb380265c8661b6d06f9fd7c6974f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30cebd93e6576807dc3de6657cba022e

SHA1
44580c549cd64d462f2161f848c598635044a962

SHA256
441d8881e348e8f5ba9558264a5fdc76133dd2eb79ad21b18fbb6cacaff08afa

SHA512
d1aba5db1c9efe65ad607dc85ba0b41180f627e0947903ba6ae6b33f268f272f921fbd9736bb353235142bfea45eabf4fd94446c042c60b49151e0358404c01a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af7a2978b1f0d4297e21ccb44bcb5cd1

SHA1
1b7e7db8ac0cabf964238346b7b7736cca8a654c

SHA256
241c7740805a37a028ddc6be46d9e105704d00689cc50c6afa7828778b22c5b0

SHA512
9b2145acb2e70a7e85ab0d75ff3785a8a3df87274603ee6d014b67247a44dd49c5635fe61d324cad81d98a4e5b7249a2d32009e87f310a96eaec79f20eadfa84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc50385b95b842a103e66f6d0c86b417

SHA1
7b03547dcb183c6afdc68b9c9adbf056a7aee4da

SHA256
f4b3ba25f0444a319f9ae2420f41737c2c2c21d0e3294f7ee788854103126c01

SHA512
48c631260400ed1648b10c2243ae2696c4b4766924d3d22c5163a1bdf1a48b6754be97f8ff58bf8187ecabf460f10ef7f64464f8ba0f20c54a76e75a8c478fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
14a7f1ab3b2d1cb4cd95c25852778ca1

SHA1
11e80e3122e8c4a8a7c9afb0b6b09e7757d601a8

SHA256
001ff0fd297d4ee7a0c028fe1f85e90d0337b7e4be22f3818b719591b2bbff3c

SHA512
795f32ce25bab092ab1353835b0e1d0c37b72a0c773c5f67a5faaff47854206aa03191623c7f85c150919ddf8c766095f2c1a3c3f5841ec90867e65017b48340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e33a491d020429f5ee62fc452732a6e4

SHA1
0aea6d2314af25bd59ed6d447f6654adf48e371b

SHA256
c5860494f2c1a1c0fd966a6113d2fe2fabedfb4b3e82436d41df603eb7a6973d

SHA512
7a93bc9589da4349cbd982e63a7830b468b5f0933d9993bd34a1f12b81b23c80cbb0ee18aa4c80da4fa8af00ba3c002985c4a1eb0c46a299b28072889e9e6853

Download Submit