ca2cd75df31746f57b5c7abba7b6994b363dec6d22a2a74b7343a6579e0667e4

Analysis

max time kernel
146s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 22:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7617b9011a86e08c597695370290fffe_JaffaCakes118.html
Size

78KB
MD5

7617b9011a86e08c597695370290fffe
SHA1

5fe20f7d01bcedc92216c9d848a9ee6ee23d059c
SHA256

ca2cd75df31746f57b5c7abba7b6994b363dec6d22a2a74b7343a6579e0667e4
SHA512

3da30f025a494c8186f69d3d740dcde36217f16479dfee03c707edb36afc6b35a7a42411a48cb6520ff0c2e2f048da024e715b6d6ac3a6737a3b2f66451bb897
SSDEEP

1536:fyOrV46Bu6K/ZYlLPciafxXKTv1kHXl34HDpUreydIQiId:4FuhbsVIHFUldh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
3192	msedge.exe
3192	msedge.exe
2752	identity_helper.exe
2752	identity_helper.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 4648	3192	msedge.exe	84
PID 3192 wrote to memory of 4648	3192	msedge.exe	84
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1384	3192	msedge.exe	85
PID 3192 wrote to memory of 1128	3192	msedge.exe	86
PID 3192 wrote to memory of 1128	3192	msedge.exe	86
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87
PID 3192 wrote to memory of 2024	3192	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7617b9011a86e08c597695370290fffe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8f9246f8,0x7ffa8f924708,0x7ffa8f924718
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17253750093358965195,4911418969869662265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
83334a75a1623804b4289063a5f310db

SHA1
d91602613b787886f5ed8c4b6e8fa998cf1cc20e

SHA256
ffae630611c124af148aae852684cfec4d9157dad338d2c775eca810ad4d9037

SHA512
2fe4191bcef8df928d8373da0f6d4e162da6c2689171493830079a709d2368d55a6002441895b2f02cfa847ab5b462ada1fe80d5d61b8115949ffa454216ed4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7ab571d827a99d24688a7742794bd80f

SHA1
ba99179288514cd58ea1618cae0f097f00c77e79

SHA256
7bd4d3a53ea961b6911cef559dd2b1dfe5d0ea9bcf4958230b001cdb2c666460

SHA512
1c9195501dcfafcab1bf845ce0ec82256062db6e9f347bb7e640b77930dabf7a5ab7b993444f51df1973250d3f114f4135e1d7777589fc6da012b36a837ea278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15ccf7e9fc8df445864f15ead83dc6cc

SHA1
1bd31fb9f6ef5f78e5dfafedfbbffff29e6dc312

SHA256
fe630e2e92fa0b1022e1e373e2a7d456e84353415acdd443503dad49e70741c6

SHA512
6ddbcc57bed33ecd31c7877564baf2b7a47b59f2a0fe76f255fb32f4173b8020328fb5f39e71a541d8743e977527a8c83d8d0e8b40b3cbc12f3251a1abe036ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
924071175efd70eb1585d22b4bc4f1b8

SHA1
b80c022b3791ec854eac84e39e16c7bb639f0950

SHA256
c5bc55ba2f618e70b24037e6bfbb053c669389365639dbd512b9e7732b2abfdd

SHA512
0462035288a928501aad9e5ca55a65fea2a27a91c0c9ab4db5e1be81a5e51e1c8b44b8afaf8afee9d3d0a068f33aa002596e56722ccca8cddea7953f1bef1110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
889be370bee1f222bbd044b2001457ce

SHA1
895c0cbfa82fd03a670afe4fc6bc34fe230b720c

SHA256
53a2b4898bf0928483252b4c174eb867452aa27a58d52504edb73979b37ab18d

SHA512
acf76f654cf30bdc1d84a9084416dc1108e92ec23b1fdd2122740f923875cba06fca40b6dc7062a43d16b9490b29b0e57a0e11d2b897aa29ff0288f7269d30a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c55fa6982af7cf358ff190a90ef0cfc7

SHA1
be17bdfcb803958e549bc18a791c502f5c186f83

SHA256
a0cc5e2616735dd674ef40266036f28a7551000f064baad50b47dac41eda7189

SHA512
48a5d7e0ca6fe496039725865003626cb5b88a29f493b324d55e2e8b7fdbe56f0358e3c32869a5f84021acfea4e7e810eec336d65c670b1da9a651d58b7e0932

Download Submit