8291c2f8222a36dade8e1cddfbeb48ca73899719e9344d3c77060d7b8736d9f4

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c25f5716e82b6a9c5fd15321eb1e2e06_JaffaCakes118.html
Size

200KB
MD5

c25f5716e82b6a9c5fd15321eb1e2e06
SHA1

1ae64b727e8adc32b2d717de0c3ec6e7667f8411
SHA256

8291c2f8222a36dade8e1cddfbeb48ca73899719e9344d3c77060d7b8736d9f4
SHA512

d774391910b06ab839f018437624b509af4e5f6f9da3ffb2680cc4963737f8912313f404c1d166309b2b6456f3e0d82ddfe61f7eb297b52dc191e7c4e84cc197
SSDEEP

6144:Qp8ZcIIIB3G4k5QhL8atVgiVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4IO9mge/bE6zB:3cD23G4k5QhL8at+iwMIsuQyf5bTM+M1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
23	sites.google.com
24	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
3204	msedge.exe
3204	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 2116	3204	msedge.exe	84
PID 3204 wrote to memory of 2116	3204	msedge.exe	84
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 2716	3204	msedge.exe	85
PID 3204 wrote to memory of 1120	3204	msedge.exe	86
PID 3204 wrote to memory of 1120	3204	msedge.exe	86
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87
PID 3204 wrote to memory of 3708	3204	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c25f5716e82b6a9c5fd15321eb1e2e06_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff79846f8,0x7ffff7984708,0x7ffff7984718
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7211098646617534007,7552546134406988456,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17265a90-ae02-4bfc-80e4-0562f7afb043.tmp

Filesize
537B

MD5
431520dffbfd36569f9827c6cf180d66

SHA1
de4394a56eb3d9f5cd40fc82ca060404deb1711a

SHA256
b578f755e7ec6c9dbecb486fb27bbac8ebb0724d9e4fa17ab68edc8cb4c5cdb1

SHA512
ccf045936b66a13605a5bfa2c312131f31023c3811c38334afde9436ffa3a0259c2228431a1e2f56a4ac34852d0ea1f4a22d33477167b772e9a02b7f4fe32670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9a31fd47-1399-49df-97a1-1a9ee39dd142.tmp

Filesize
2KB

MD5
46dac409df3b808000b8cbb2ab703355

SHA1
2e334b9975de845eb7a7c8ba4332bdc47cf19a19

SHA256
2d41f0742c5897a5b7c15dbd2a9924a63d26bf7531ed8a8cfdf12eb75a51445a

SHA512
aa4f097304a6e60f95a7a7ff004bac061deeca346ce26380082c3e1ff88beb467d7a018a5e24f37eceaf49045c2f5b630ca729b8b922ec9e62cddad2e80a60dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
768e97b802a39b55a4981479b73f4833

SHA1
f038a8aae6078bef5134a4f7f68667b23bc40994

SHA256
b63afade9f1c7d7f0e75b0875ac4e4119dd7c80de27c0091eee5710700d272ea

SHA512
70a2d8069d68a1ae3265714dedb561daf556f94ea3a3030f4f96726f7d801976c98a9939689264bb21f525c6f4dfbfcd02bf8eb6ae3dddacc5f4017cc42d12c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93466bd2b531ba442cae61afbf0cc921

SHA1
a0a2da857975d369ed59ea36e3481785ef1072f5

SHA256
13735c7528cc31377731cfa3435e87fb58f7c4296a57e9d9992e71815a792605

SHA512
5b9dc4197945da3048318e2d4590187f816f10f5e2275007a16c4c6e4aee498185d3c71453df42f274cca11b3eb45b053d2427dc8c1bbc227906e980a9e16465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4e356323442390284e162643af6e3bd

SHA1
16c8d6d1dda4c139b3a518f631dcef6fc41afc75

SHA256
6189d0abc24ac3309e79a7b3223a0af7b9b69922f92133dc76efa2f115ea4dc0

SHA512
36443c8a98164f629bae9e9a03f2c789fb0abc43d38c2dd5402217bf5a49a698dfe7329823a96aea84938453464e5506f492beedb8e84767ba73485ee9b6aa93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acf4e22f2ebca9b2064fe1e1f5c8a9fe

SHA1
0729687f48b8092990a2fe7d445e949e7d0017f2

SHA256
f62d01da48019c2433a59bcdfca794190a6f9e5496f6471c34cf4827e88820d6

SHA512
e75a071bee1cd07fe2b3d088538a0c9a6d216b478a7d0ac96839035ac02220179269da7c1c971e61387501e984d28bb738eab7554ffe4e6a1dc685413580084f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cf9.TMP

Filesize
370B

MD5
411e575c598ce9a092de153b7a6564fd

SHA1
fc93fd0aaf62407dc54051cdc3d77594e0f7a005

SHA256
70aa5b95059d74e72c1d2f7253ab04c1d1740041fb337baa0bfdd24cfe916b38

SHA512
ae8111d7bccc020145676710e02a4fa4d06044c17a8052c2d0c033b223d2b3b4d6441c77b7b3be8ad3f64474f7a6c92f41ab3de675fc0ab91a49a31f58e57117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e6db7ce6cac6474323b1fb15a127e0e

SHA1
ed4ce990a3a3d9a48d06153a9de19a5b0f7c794a

SHA256
a2f05d3288312287f83d7a6026384275a81ff22af01f839bb23fc01da808ea73

SHA512
5d1f456256c06250c861c8d033a1d78ed2628fb2b2021c621c10aa03ab416ca8dd8e7397dddd4780f84a4331193cc9cc774718f80a28300132fd15d3b71b7e14

Download Submit