62311e056008c1365d0407eca3f5002b5b65e4c87c6a9837ec0c0bcfb26c3f30

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c8b33403510faa38a64fa456e4c23cd_JaffaCakes118.html
Size

63KB
MD5

4c8b33403510faa38a64fa456e4c23cd
SHA1

4fc7cf904d659c1a915a24f6014e871529fe3365
SHA256

62311e056008c1365d0407eca3f5002b5b65e4c87c6a9837ec0c0bcfb26c3f30
SHA512

8032be2c84c2bf2fdf74cf218f835c74ffc10150acc1ea86d8c185cbd41706fd2d321633b65ab4987739daf10a462a0fe5fca0ffc7a8762fe27b218c007e6468
SSDEEP

1536:mCr7ydWIRVljvburV6Pf+9LfQ05YrCEohEwgA:moWjvmwf+9LfKrgdj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
5112	msedge.exe
5112	msedge.exe
1160	identity_helper.exe
1160	identity_helper.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3996	5112	msedge.exe	83
PID 5112 wrote to memory of 3996	5112	msedge.exe	83
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3636	5112	msedge.exe	84
PID 5112 wrote to memory of 3116	5112	msedge.exe	85
PID 5112 wrote to memory of 3116	5112	msedge.exe	85
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86
PID 5112 wrote to memory of 1496	5112	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c8b33403510faa38a64fa456e4c23cd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2a9646f8,0x7fff2a964708,0x7fff2a964718
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10270515356077105139,5259897282320955887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x424
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
189fcd54584f4a6763b74738e7ea2ccd

SHA1
6efd94e1867985749eef462b23a7df4b37da385f

SHA256
bf637d940dc864d2fdf4881a32a9ae61c036fb2f41d4cea26955125e7338c189

SHA512
382164ecbd27258fd1c78554c547addd9455cb8c107553c476139c970d014c472b11a9c3ff0725ed2aaf604ffb7522eb46d1c9d2122ca04bdbac6f427c01f9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43036d179d8afd6380c310776025fd36

SHA1
d413e87fd9e48680e3b32a0bc9302783e0c4915b

SHA256
8d45885e01fb65166174f73e76297d9bad101f82c98177c6e9ab7b716c03daad

SHA512
959739320f25f2686332cf61792ef5eb8585e3d46e2b893b1a0639e7cd0eafe7d02eaef649cf63c5e5667f6a4773ea4f36f25153b8b644e76a5d93a3f977cb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e677417eccbdd9bf19a571fe650bd14

SHA1
7b30e21de7fccc2bf79f974d5dd0bb48e1680ddf

SHA256
1c8ea2c6efcc0826b82cc6e9fce0133fa3b2010871f7a83a162374ee4ac0e93c

SHA512
ba2ae925c9dc8ee1b7658ad5eabaedcceea1223f6ab420c854e1f63eb977ed964378d7276ca58a10f57382b9e95d2d9cd162086be8a680cd633e70b4441a7c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa19c06fbbb034046161f487f00c1e45

SHA1
8a7b2ab8116ec50c7940afaa557d3c537fc4d4d7

SHA256
ca32d3cc590c895afd8f0f75323300c873067227b505a0fa032a7e1b1c6a10a3

SHA512
2988c5d1b0932082818c45013e36dbb54905ef846b0a7e3c3c65b040aeaa20cc49d4efb438db3020ae74891ddfbbc2f203bb3140fd5221cc0f58fec278f96215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3824559482d3438d6e2e6a98dde8a130

SHA1
c093a4caed7285141a00fa94ae221d066904b82f

SHA256
3c92a210f142b7874d4e1081afb22b3601c9f7e02f0b736a94bb8a6f64fbe1ee

SHA512
c914b6e803f696bfd6ff839725c9b7dac98c67a2c21b7e06fe98fdc730773196ac845810104b5448aafc89693d138ee8dbad2737cf2d528d02dc0213d045d047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
3223ee6faf743678d52914206ca8f689

SHA1
e0ff98d48d96b5c1df335ce7de8ba597be8ae380

SHA256
7e71fe3a167c63ac9eeecf9fc6faa8c71af3251021ae84c99a950d6ed79b6884

SHA512
7f26550664c3af260648bb96423c0b5570aeb9e223c4cb453eb98b4b113b6f5d09bd5f5f966870ba55ca42d9a9352525f85a99691050002847605b165d01cb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58413a.TMP

Filesize
370B

MD5
4841ea9a91611c8007596bd2984d6dee

SHA1
3c7e4215b6feccaa72511d05b7366cbb7961a644

SHA256
e2398a2547b2d08ae96eb99786948e52b7628f8a0af0511923764efe083815a1

SHA512
1b8e9419710aa4247c027bdfd89129edbf75ff93a25903484982b700dc1d204fb2e3ed591596c38799ffe737ac9331931c6536be8207b5960692d2eb031231ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb3e2881163e14b0970c0f0ae6dfd7d2

SHA1
f7881e3ed87d3702966d53dcd9ed9ab4f286582f

SHA256
00a228646cc4a702253d975176d01f6e93431c9d97c74a474a81d27c2bb3eee7

SHA512
e7622c66ef82fc0b432ff4f1183da842ad236667021e46caf0bbac1f616693b9602e76d732e5852b829e3cf622582bc1b063acb435601f721800e11a0b0b8a16

Download Submit