c0e666d4537667a3173b7be54f3ae2661d3ab56938bc697d4f8fbd93e0a1f0c9

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba7b7d90a4f640b4b9ef55577e7e2c39_JaffaCakes118.html
Size

16KB
MD5

ba7b7d90a4f640b4b9ef55577e7e2c39
SHA1

5784e03da61979f988626c9182b3dfb6743677b4
SHA256

c0e666d4537667a3173b7be54f3ae2661d3ab56938bc697d4f8fbd93e0a1f0c9
SHA512

d976cae90dcafe765d9efc75ca4016da39778700b1990990d8d645456cd16ed81811114f7fdc6a98a3868c66554903e869481b43b4f3a8e934d90e8f4949cb4f
SSDEEP

384:RKONclIaPd1EawwpTY3IJtuoy1Fo8gH3BwUf8/E2V:zclJN503WuhgB1f8/V

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
3308	msedge.exe
3308	msedge.exe
3872	identity_helper.exe
3872	identity_helper.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 3076	3308	msedge.exe	84
PID 3308 wrote to memory of 3076	3308	msedge.exe	84
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 712	3308	msedge.exe	85
PID 3308 wrote to memory of 3672	3308	msedge.exe	86
PID 3308 wrote to memory of 3672	3308	msedge.exe	86
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87
PID 3308 wrote to memory of 4328	3308	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ba7b7d90a4f640b4b9ef55577e7e2c39_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3ef46f8,0x7ffba3ef4708,0x7ffba3ef4718
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2118970695954317939,4189155899634710601,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
471125299d40cdb7c853a21163efa56c

SHA1
001de27abcd13a003968bba448ea60441feea4e6

SHA256
6243b8cb9ab558245dd6f3b04695e57e1cb5fd6b22ab1aad15e12cfdacc51bb6

SHA512
5b49791cec939c8a32a4257ea9dd82e8014fb76c4d58dd7659367492f6834852d9412f020efa3a44393f94c3b97cba2bb8e2db3424d79a2d1367a1d2edb616d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa3846686e896ff34397c0f012829a2e

SHA1
b508ea4aea3df810f8ce245ab6aff5aca30be6a9

SHA256
3b2dedb0189f49fef4d472828ec711aba39bf8e3d3d26ce5fe6974ccb602a105

SHA512
22de70a3ac3d3db5168e935e7729e0af90d2d8bc8c35b791c72507d2f86bab5abf81315a36c0a31a77d2861c3662a395c7e067a4f51f5fbd50d1b889ee82aa68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e9c20d2a7f2dc552fc6037f3ae09dc7

SHA1
05d7779e2cb2cd17c6d2a1f2dc8d59ac58969074

SHA256
3e05650132ef19d5d141fc4ea142983d3a5c2aceeb09c3bb66ae35e1aa31515e

SHA512
972e9a9d0be00dbe4aa9cdcbbf8946f64de2000d0588c687f2e64672669923f497f957341a4e48082d9eeedf40a9673b072b4f0d1d5392a9a5e862d6be8fbed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c373508d-b59b-45b9-9d54-6ee6b8e1c958.tmp

Filesize
6KB

MD5
ce16043a73d5d8063eaf40cbcaef8dad

SHA1
4b7747b70fc8b00d27a9a08d6980277e907a68a1

SHA256
881d901c8dd941c16f36cb473aff94677d50e04e69cd43eabc3f4abec20d8841

SHA512
a889e925e08f859e95bd6c1319075e0bfaec22c811fc30d65bd461fcd40caa5771aed9bd2ee08b9909fcd16ba97828b71e97b408e3cbb9b96456864a06a850f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de6b7af5cff1eb3d09d212e8f0a6197a

SHA1
a0640beeae84f130ebe8a54b3f810876a8335dda

SHA256
3318c79c96eaaba0ea103ce4efb48389f1dbde346d52ef52026c0acc8e65cc38

SHA512
c167b01467c466364bb1a00cea981d30b0f8b029f9645209b67d5ba1f2a3a3d1b22c46209e6d513d70313e4ff2d0754d7221916e27a986072c4796dcc1629e99

Download Submit