d2527176bfa7d8758c0d51cd74a068d69be3b34ff3788d457e4a59313372ba1a

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ce02a755251a9f556645fc70da7f340_JaffaCakes118.html
Size

19KB
MD5

5ce02a755251a9f556645fc70da7f340
SHA1

bf1f8465f0416400475b47c57b694ec28d179aaf
SHA256

d2527176bfa7d8758c0d51cd74a068d69be3b34ff3788d457e4a59313372ba1a
SHA512

9ff3d77dd96dd866f294161f3972d74e5b8f36e5e781110f348f6bfd7c50fa285ecd148d11f5c2666d5d2fa513ea0354339529e1080ffbf44941877ffa90b791
SSDEEP

384:4+QfPFd9QZBC7mOdMwatKfpC5IgSnbmFe7AcGP6NGLDPd:Zcd9QZBC7mOdMwPpC5I9nC4MPd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1940	msedge.exe
1940	msedge.exe
1580	identity_helper.exe
1580	identity_helper.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 3748	1940	msedge.exe	84
PID 1940 wrote to memory of 3748	1940	msedge.exe	84
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 4824	1940	msedge.exe	85
PID 1940 wrote to memory of 1996	1940	msedge.exe	86
PID 1940 wrote to memory of 1996	1940	msedge.exe	86
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87
PID 1940 wrote to memory of 4704	1940	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5ce02a755251a9f556645fc70da7f340_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc28946f8,0x7ffbc2894708,0x7ffbc2894718
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1437850355764748697,5854877773824084415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
6077b2e5f8996e737320c3f074aabead

SHA1
b23ccdb4373d4f3e4d4c54cea812f209255af7f5

SHA256
09a908474a3aa5bebc737cc3a33e5ed9ceb746dda205985123eb60bf23a6849b

SHA512
bf4c9bbf3a9b7df2699f3983625f429e89cdc5af0fc21b9f40717ee41437e8cdc9f6b863f59739f40e6e862d41ef78505d1c046c5e269a626343d01a443962b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ed383f1032c03d88696c08a67ab858b9

SHA1
41916a1260806f97a2d97c1a82243bd01d266a36

SHA256
d8082bdea7efc679ae33d14507b4e056b558b8d2d5574412adc091d2cd1e6457

SHA512
f12c739f88dcc29e685ab57ec409490d8c6fa2866e07ba636b25925c423a8472c127118a14a1f4afc1edc752f3625d9589384f6f8f0a5f0fe92ee473399cf6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4249fba2d31c5f3c7dddf20a67f01e92

SHA1
108ace5c43766abb1406f22d89eb8bf9758b8d53

SHA256
aa85daab99c66ef4e838b28a951934d29ec6f8abb51e136546465f1c826dd294

SHA512
3e9779c570c10f48711655c4028c04ccd50238288c2020052266ce5eda2167fa7f4ffdee3eb2c80ca762eaf70dc116535c475178fa56e3f8aa74d77bce43c5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3f267bd36f04520bd9745f513c6d248

SHA1
b62ca919cb120d6f71e163b28a9792c00fae9d57

SHA256
732e3f3ed5d4daa0df11e8d7b27e219f465103e713b20d094fd42976b6c8f091

SHA512
9dfc070f5bef75c609c241514ae8a0bc397413c972101af1c422f868c596259fd0b33458a35d5dc5c47089ab41d375d3f78a04c0e78b9be5569727c682b1ddb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d6444d05ab4ca86db6b63aae33312c5

SHA1
32b70a09ee1d34ff097f1cc83c04b74698ef513c

SHA256
e28997cb19f06fd366bd4b0be1f5ee5f2070d2515817ea78f2833e1761e17415

SHA512
46b705fef5b37a20470ec499e059ee7f2745ef6387b1e7042b7c20dcbf98d780d5e85175bb6439258634cc7d4df2614c178e19afebbdeddaf78b5bc68f581185

Download Submit