48f1a992f153704f1b6cfec7a17e2fec34417af195052a2a1dc1bf0d1466ab0d

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddb5a8ce5a9cfe249afa3efe62fff448_JaffaCakes118.html
Size

87KB
MD5

ddb5a8ce5a9cfe249afa3efe62fff448
SHA1

f4a2950ecd06ff6f6e474f36c6f24510b81e2a91
SHA256

48f1a992f153704f1b6cfec7a17e2fec34417af195052a2a1dc1bf0d1466ab0d
SHA512

09f404a09440276deb19fd6a20aa58ba31e5b25c321cc17c6607cd26a941073e241c42d5ac6cf1f48d3576c5a1caa9225e14214fe1215dc8ae12c56bc9be1e78
SSDEEP

1536:WlIwMb3nRUU6Tw8DYwo41dVDJ1Gae3Yj0grfZjGrzu7j:WtQRUU6XDYmAanj0grfZjGrzu7j

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3760	msedge.exe
3760	msedge.exe
3260	msedge.exe
3260	msedge.exe
4052	identity_helper.exe
4052	identity_helper.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 2784	3260	msedge.exe	83
PID 3260 wrote to memory of 2784	3260	msedge.exe	83
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 2396	3260	msedge.exe	85
PID 3260 wrote to memory of 3760	3260	msedge.exe	86
PID 3260 wrote to memory of 3760	3260	msedge.exe	86
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87
PID 3260 wrote to memory of 4132	3260	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ddb5a8ce5a9cfe249afa3efe62fff448_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81a7e46f8,0x7ff81a7e4708,0x7ff81a7e4718
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7309620047321669802,14685127430998994507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e28d9ac92f4433255be81fb97f4ea002

SHA1
edccb0a4e7bc6765c2feedbb67555da9133c2918

SHA256
1ba5be9ea7ed90d1624bf282c0ab64ed027c50fd11b78b891e7c5725f2dde32f

SHA512
9124d5ad9505db549e48aa98ec591a95dae72898ac74455c2ad693c92d69631cb33ce78173437d139f55608f5f8344943ad6a1bb35a433351033323d0ad30e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1372df203eaaa0021786adf4a953a1fb

SHA1
b31e471ebbef9abf82848a9d83d1e119a54f04b8

SHA256
cd2315a75b0a60d051939ac2d0ebacaff7123a4d80850770b8ea76242eafa9aa

SHA512
58c50189f2cbcdaa260d0157d60d8d89e8a255082819a50963064452b79449ac7c7b951ee0d77e58598c4109993c9ee07f1f4e5a006e44f11b607197d76a2b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43c9bcc5fd4217ce98316b60bf46a5ec

SHA1
51ec290fe7fce0c67315cdd2e6e4960b06f467a7

SHA256
2ef524a4c677676e7d6225832f7a48f568e9bc06c35d23995b00bf15e2a19927

SHA512
b2b4472f4891328197d299a2ac7ac34a3e59a25dec794f8241a8d6f0e22498313e8b5b6610e4425f05880da1fe22b3f53a2503f3924aadd0045242354117fca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65f0cfd250452e6da415769bc9c8a7b0

SHA1
380fd6debc07aa7d2d1c09beb8a2eab79fc77dd6

SHA256
f0cc1437e7728d52fe959528f41610473923eb41f1256abff4deca4321690768

SHA512
fa9fd87d6475956814bac2519678a6b5dc186b22a2415f90e915ceb73b5e84e2ba54349ec6ca240ea3910aaf3d7ae2ade1e90a55696a68de721e394a284537bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3fc5205e20d31d508c077ff3c05855db

SHA1
8a15a361be81f5e3af759b608c92f8acab7a6b46

SHA256
7d1989170efb3b90c8a46cb9c8905319485b7098355f8e910454795cedc7979f

SHA512
9b20985491b3390b22c90127cc4f740818d4ea6eea7ff35a413ddfda1aa360e496fcce5a96aa1ce46830605224ced1e24459db46733f01ed9ab1213e5271cd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b18443f27ec43150c763a902e32d08c7

SHA1
19627bdf722c51b1469639e73f3ee9fac25fe679

SHA256
5324d3f0c1bd501b41d10069e78813737c56da8976b961726e61c3de4acc6037

SHA512
b66a2f400fd1bb90518b6abea1f76e75eb4a129594d9b104cec0e9cc96b78c43023423c2c763256a3e7b07a7fe869c0ea1fe71fcc9d80f385c068bc09d42d66a

Download Submit