4011d1d9768003121524848776188b1150efc3d23b9e026d2c2615962f7bdaca

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8370d3096568a14a0a759e1d594eba75_JaffaCakes118.html
Size

57KB
MD5

8370d3096568a14a0a759e1d594eba75
SHA1

83553f26e751a8bc446aaebb9f7ce63163788941
SHA256

4011d1d9768003121524848776188b1150efc3d23b9e026d2c2615962f7bdaca
SHA512

161f3ba44bf68496b48c1cd0dadb0b49e4c492446cc50208d887a6c2634a77040fe761aa5b6f558c40e162de7343bf2c1ca544651d9945ef740154a2942fa0a5
SSDEEP

1536:ijEQvK8OPHdsARo2vgyHJv0owbd6zKD6CDK2RVrotfwpDK2RVy:ijnOPHdsP2vgyHJutDK2RVrotfwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
4436	msedge.exe
4436	msedge.exe
1152	identity_helper.exe
1152	identity_helper.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 4300	4436	msedge.exe	83
PID 4436 wrote to memory of 4300	4436	msedge.exe	83
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 4352	4436	msedge.exe	84
PID 4436 wrote to memory of 2524	4436	msedge.exe	85
PID 4436 wrote to memory of 2524	4436	msedge.exe	85
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86
PID 4436 wrote to memory of 940	4436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8370d3096568a14a0a759e1d594eba75_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe27246f8,0x7ffbe2724708,0x7ffbe2724718
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7741257409318706612,12923623080127363807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b55d2d2ff2a4d5d7eeaff5ebb96f3b4a

SHA1
12d94b9e84142b10d6347a2ff3b634a20f692c7a

SHA256
3d249eae36cfc3837b043e4b8df670724fee5657b302c77d488f1da3d835f776

SHA512
4dc2fe1eeaca5f9c91d548c70a44ffd12b806a385e22a3c5f724b6f749a15c9ccb3ac1a752c63225bd4d1d90f2b25d8004a15d3912ca6a3cb92fcba91248626f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94c981336abc388ca817dab46e7fc547

SHA1
2d0f8d89a31adb0aad5c599a195ff40ecf4b161f

SHA256
4d44efbb5447fedc3cb21311290fe6a9d0e5a0e682387a1a341bd214df820ef2

SHA512
f1c9c98f6642ea3b90c8667a4871d5a3b8c05eb0c50d5dc31e32704e0eeca1d33add414df485aced130523d6be824c48e37d0022b4d58db60006efe3e337fdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
7629a1575f55785aeab026ed78910b42

SHA1
f7950709cbaf19dc6f82b1d32a98e44332515dca

SHA256
80dca901384f9f0badd777f2c1350e303781f900b7e3316141da5bcd79d3f40b

SHA512
8190069252e5182e71ee4cebf8e4ee93d327c719dd506d312868f5666d354bc75e64d553ee8e4be6a56f9491a42f5cfb59e4ad982aab451907009b7b95c3746e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
48f93e02d5b8274cb6e4d9c1cad9e621

SHA1
79e38a424322ddd8fbb29789d47d9b01dc2b85d5

SHA256
f73b4c87aab360c7a7148687f0e81ceb000ab0b96001fb1d3b6f018e6cb0f1c3

SHA512
1a818690aa198956a124d655eacb00f276aee299b4b7a7ba24b8dd3d3cb9ed2214a4dbbc4339bdbeceadab9bbe251edda5d9fbcdb7ad8316698a05f5bacfa93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cfa635737b70653c1081281d429d74c

SHA1
edf723365220d16a763f3cd1e9721fcda5b1d5c3

SHA256
c4907aff16077ac13e01692ac74ccbebb1e0c88caff7373365a2e3de716465a8

SHA512
35118f2672965e36bb04dec6616fc284cbab03baf3bf22ebe6c0d53b226c509865224e7ea935dd68a3a373c8c81a2edf6ab3fac7df2911f7175e6ac316132013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e53c08b392350a450eadcfcc1624d515

SHA1
439fd8885663b552df17ca80c5fb839c69ccb321

SHA256
ad6f2f8937b1dc4a4196e49978fe7f780287bd829c6d66f0cf96795f898086b5

SHA512
b19da5e2444fa3a994039ce2b28d56e9725197edc64d845f02c307359a24e38b34c1374fc3689cecc73d7451787b96beb2b90b9cd940760150cbd06eae2b1279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aaf3af7bb12ca81bc25a0df7c2523a8e

SHA1
c965b53a2e08797aa7a4402789a118fdb2efb565

SHA256
90dd7cb6671b0f8d8f1ebfa38042582d8a55d1fb8ef986b78702822ec633b04f

SHA512
229378a81a40f3c882661cda22c36f6ee9881b1fa8cf7e787d2628d89f675c7d0110a5317a2855dc11418e44b41c2d01bbf8d105a3ff4112275808782ce04b76

Download Submit