d0f136836419e017b416f9f85712a2cc7e9cf1bac4c62e77dbc5b76e7ce47690

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2024, 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c757d84565400d9681ca811d96b62256_JaffaCakes118.html
Size

20KB
MD5

c757d84565400d9681ca811d96b62256
SHA1

ba16f864777a4471e9e6f736db52c41e010ae370
SHA256

d0f136836419e017b416f9f85712a2cc7e9cf1bac4c62e77dbc5b76e7ce47690
SHA512

fbdb539c84d20b672d08c01eab492216ab50c72d308ceaa0e4dfaff7bcba3ec8885a398bd7ae34a1c8c5a85ff0b336050fcbff4bbcdd1af03970169f5b252725
SSDEEP

384:14pPcYhZy2+gekjNQkl03C2KJQnPCkBbwV9dxbFnkdtTwcKVfMWrf2V:18cYhkoe2NQCgMQnTGTtksbk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
4848	msedge.exe
4848	msedge.exe
4048	identity_helper.exe
4048	identity_helper.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1580	4848	msedge.exe	86
PID 4848 wrote to memory of 1580	4848	msedge.exe	86
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 4572	4848	msedge.exe	87
PID 4848 wrote to memory of 1412	4848	msedge.exe	88
PID 4848 wrote to memory of 1412	4848	msedge.exe	88
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89
PID 4848 wrote to memory of 3492	4848	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c757d84565400d9681ca811d96b62256_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5fbc46f8,0x7ffe5fbc4708,0x7ffe5fbc4718
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,424252358528442568,7462956039149707031,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
50cacf7827d75744b3f7c4e67d354c6b

SHA1
584c9409b44cb69d462af5fd49bd77275c7675ea

SHA256
bc6ac4a1f0d7d7066f36b14f925078461b0196ee1b314b4625cccdf7459ec205

SHA512
2fe46b1b5876442bd1f33cc5bc222aab19952bb46e764f7b04fd158135a1c339cc98fcdfee5ee8cf17d665c5ebcb4404cbf09627a649dad4e41610a0dbcfff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8cab50598ea4ef306840defcd7f0c19e

SHA1
4c23d385e473a3bc54a3d0269b27d3c807602a20

SHA256
75e97cde1397961599e88acb6c247be2a2fb67d4a22cc4d70955e64543d4d0dd

SHA512
e4044baa737d00fd16428aded6cace083df951739772ac47703770b6dbd13d91b229282b4dd8d3b810dd2fbda0f12664775bdd85e85c643120f83635c9259bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49e883673d5e5789f6ae3c8605036923

SHA1
9b8324dc51031ad3a2df320b1bb8e1cdf9367269

SHA256
edc2030bed93b7762d1d2348a4490dd11494c51d323053297b07661dfd815af0

SHA512
f383be6700b5b77a30b77e9e52078d7f906e155715d94ddd94096bb91287bdd07430ebc554ef0c81641acf0575bd1afa7806c6b7829c6f7dc4d1bce95b7adaba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
156d15d9b287eacc09462a598028b675

SHA1
f44cb6c1fbe536a7a2cb5ae13a1eed48f68b99c6

SHA256
1d221863092bd83ce840883760df34b1760851c14f9ec3427bbeedb5cc5d1c0d

SHA512
9ceeeaa463ad92cfb7008b28c27806190d242372488b21960a47d42f2f211114043c044e85e5d73ae0d47c7b77f121721b3734313824db63e848c97cac443be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
191bf49dbed599b81b26c1645cab84f0

SHA1
e10e91425d755da38b061c4f1b472294645e4e7c

SHA256
62a3b07f063fff1218b683883f6fa7b00e5ba1aae7b5497303b748e2dce02ab4

SHA512
29944f1f242941e2df43854fba64915ed93e604a2234f37c049d4cc9388515621d9ce7cb8e787dc6c21db79655696679dde90fb17f3a331cfc8cd032ff39f1d3

Download Submit