5a5a65cbdb39b4dd613134d105c75286c92f2df8733b77a71469814d2b9e59bf

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd0c438091c28a162f79b2d297b1db77_JaffaCakes118.html
Size

57KB
MD5

fd0c438091c28a162f79b2d297b1db77
SHA1

6bbd66077e11ddcbb2c5aa5011cd4b7e9da84364
SHA256

5a5a65cbdb39b4dd613134d105c75286c92f2df8733b77a71469814d2b9e59bf
SHA512

042f20c346ff97cb3387ffba723195f73ea1c23712160e8c94793f76c31b120fb894e455fb996f006d0c167d45f27bb770fab8c19c34f4a03fd64b3a35833e6b
SSDEEP

1536:gQZBCCOdL0IxCKVtGAf15RAUYRQ1Gz6z67prH71iPXC4UgF+VHaBOE9tRtrQ9en1:gk2t0Ix3GAf15RAUYRQ1Gz6z67prHhiz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
1808	msedge.exe
1808	msedge.exe
4376	identity_helper.exe
4376	identity_helper.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2748	1808	msedge.exe	82
PID 1808 wrote to memory of 2748	1808	msedge.exe	82
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 5036	1808	msedge.exe	83
PID 1808 wrote to memory of 2736	1808	msedge.exe	84
PID 1808 wrote to memory of 2736	1808	msedge.exe	84
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85
PID 1808 wrote to memory of 1440	1808	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd0c438091c28a162f79b2d297b1db77_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff877946f8,0x7fff87794708,0x7fff87794718
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,411652252960482805,457292570772382713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
94e883ab1688759497748d9304e5235d

SHA1
133fe39a79226a9f534615e725e430af6d1437e0

SHA256
68e740cef746a42a157672a340204e0b25bb10c18ab7ebcc8a96bf1a95df7b93

SHA512
497ba079ea874fdf2745c49d0ba177ced24b804bdc35383da2ceb6d174c7b6a3ccddf0e0f41b83674ce239caae091bb7652426d99ff431110cae816b8aac37af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
226e8dc0da3620aea3fa1d690c84b4d4

SHA1
38c278fb8db9a0c34e7aff52b6542847956df58f

SHA256
6cab11905d696702e4bd473e5989cf72f8e0574366baf9a1cd5e6cbccbec1425

SHA512
ed971f50014cd703bc15d736260ecb550f9fd70f87c642467430e992c9c44a672d07d0963ac9220517cb50fffa1990b8462f518b0899bb0c5726572e295eb526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb411295c394198ea4ab91be8562c064

SHA1
bc79be015707ead2cc19545528c80dd87ae05c99

SHA256
1f86cf5d364fc44e58382b70fe1dff62fdfab549afb683170c6a9fb58c7aaba8

SHA512
fa5e3db8f44e64abce13104a5b54fb02e6369c6626c4218e63ad5774ade079075e2bd9c23899565a16cefdc69a123fd1d0467906bca93e00676a449a3a4effc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbbc7947b0759020391fe214654f5602

SHA1
345deb68469c4649b6743a0324ca4736b5eb930a

SHA256
b3502296bec86df16264d63ae6506d23bda4a6ad823d930b2dbf8c4275b5a1d2

SHA512
539051714ef7e08845909df495f63bb5e16f0f7fd1cfddcd4e4ee367f6eb5af44513739376e6bd782f0d548437ae805e4be81500c0231f3b3035a36d504fbd91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2f5b3bb6732ab9e56949c174e641380b

SHA1
dab13b857cb5d15ae7f3f9a326f16545d13e42d0

SHA256
86f0da2fbb3d5b28a7773ecb402c705088cb381dc14c5b79e8b348c51b153172

SHA512
88b173cfb3d66809775e5ba95f5c6e1f60e10939f57ee0028862371234fdb05d3f56bd408b6ac877e5ddcd8ee19f48ecae5d14efc8f91ced16c06856bd1ce383

Download Submit