d6f2de051163523d1aaf76baa3367156bddab6229cb849d97864d0bb32a61b7a

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 05:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe
Size

20KB
MD5

ba912e32791fb787dd446739ed1007fe
SHA1

155f5e1007aff9541bfb100b2021dcdb37dbcd5c
SHA256

d6f2de051163523d1aaf76baa3367156bddab6229cb849d97864d0bb32a61b7a
SHA512

a1faaed8bba85c05665b55f7dd465762b6226ae3ddf07fe2193af3fff2ba2f18c79313be680334cec8bf3030ef1411404ca4bb9fe81ce2b6633994729191ca95
SSDEEP

96:/lxW/1pe6ejwVQMgBO3NvfLAko5fwg3c7/FmIi3sVW5fKEx2:/TKeRqQ9O32ddN3c7/FmI6sm9x

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\windows.exe	ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\windows.exe	ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
4064	msedge.exe
4064	msedge.exe
3744	identity_helper.exe
3744	identity_helper.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2996	ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 3184	2996	ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe	84
PID 2996 wrote to memory of 3184	2996	ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe	84
PID 2996 wrote to memory of 3184	2996	ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe	84
PID 3288 wrote to memory of 4064	3288	explorer.exe	87
PID 3288 wrote to memory of 4064	3288	explorer.exe	87
PID 4064 wrote to memory of 4400	4064	msedge.exe	89
PID 4064 wrote to memory of 4400	4064	msedge.exe	89
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3616	4064	msedge.exe	91
PID 4064 wrote to memory of 3968	4064	msedge.exe	92
PID 4064 wrote to memory of 3968	4064	msedge.exe	92
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93
PID 4064 wrote to memory of 4576	4064	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ba912e32791fb787dd446739ed1007fe_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\explorer.exe
  explorer.exe http://bargames.blogspot.com
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3184

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bargames.blogspot.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfa7d46f8,0x7ffdfa7d4708,0x7ffdfa7d4718
    3⤵
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:1736
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:2460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
    3⤵
    PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4925580961599074636,1962928043190501849,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0875a797-ab77-495b-bfca-9fa45ecf719f.tmp

Filesize
5KB

MD5
ec683fd96d7ebd64b411b6efef3c0cae

SHA1
0c82d66c0931522bef14c77f64550da4a42e87f8

SHA256
7d0499eea5ef01a21a0cd4107e1aae9697cb95f16225b05e6a8a27be2f2ee635

SHA512
8c7cc53f199fe3fe95a0a2a38092ee4623f85672d412085f28792b8427d687f3490fd6c8ea9345ea5ac1f0486ea6759aeb94348b9552a2c004629c1dae5e1123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4586bc60fc20751fb37c1a7b8134f7e0

SHA1
0a6e4e5539fc73b2fd4bc7ab1bb5c81bb47c79e7

SHA256
c8fbb79c99e32157c7c42523b8604bb98f9f80e501c5fffe1e08d1ba309d46ca

SHA512
4c257785c8e1e0fc48fb66ddd1d6d137caba6afc9f1dd1f4ad9c322370178e6e542a64daaaade97bbc8f50adf1abf8db79ca79a2a4b6a7239796e589333fa2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5617bcb67a891997755202377ca881a9

SHA1
6139902faf7398d519222e79d6580df8b71461ef

SHA256
24963edb996fea2a103919239fd61a0fb1315535e9a1d38e36c617ef889ebfd4

SHA512
98fab4e361a20661776a5354877b02d124684cdcb293145c02e6c299ba87e1448bc4d6456032f1634dfbc7cc4a8488d480f9b7cd1b634edfc07696b2c7a110fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cea326034439c53895ea3d082f932fcc

SHA1
908e9ce5f95eb1e45fd3b15b32162cf3ed30d650

SHA256
71a827a4af36c47624ccac37ffbdfaebaa1d94bc91fb4d14bc3cfcecb9ccfcad

SHA512
b992800f21253bde2480593fd4663c95d3235d889aa544148f3552d940054e5c535341fee29c3a486717d79f732739a47b1ff31ed6314471b3739bb5fb31e67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99600c22f45c514d3f97d5488c9b7b47

SHA1
64d63ab64ed19e40657ffdb4e2c5a9f60cc305ca

SHA256
5632ed5f09090774d6e76b62d8097ce2bad253322bcd83f03fc48e5a539fdf37

SHA512
b99daf25d18c92c128b93283fc98a790a91604cca16732ae41914ee9b0f6a680be1793e3f4846d28ff330b39b570cb68586ae335317a4848d28e5d19c9f49498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f961a8fa2b1bf4eae68d0416cfdcf7d

SHA1
1d269fd5a25a371474fe5b5ad7220d2e2318112c

SHA256
ad010fbd9da3237c403608cc7352bc9764d3f882a9ca7ce8e6058a5bbc1c9366

SHA512
a1188691f0bfc4b054964eaf6fd3adbec53b9a75d50d16087a7a6034206f821dd22247139916f37d661fcc3b5da6de59a8bb98fe2ba50244a2a932192eb39c42

Download Submit