965f9b630b0f2e98b0bffeb0330033eee8110f70932ad5d04f25bc897796e4c2

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 05:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fde85b47c266bbb1a46925cc90ec0122_JaffaCakes118.html
Size

57KB
MD5

fde85b47c266bbb1a46925cc90ec0122
SHA1

a0e133bdc071ce06999aa1a2bf404d17391f3d29
SHA256

965f9b630b0f2e98b0bffeb0330033eee8110f70932ad5d04f25bc897796e4c2
SHA512

588e4e42a4e5c637ac9ec445af0c9c72f485fc1d14a7c4461e9b403d3b3dddb597451f193cb9616b224bd92e8bbef4b6063ad2d11b09b31efcdb58e1bc23104e
SSDEEP

1536:gQZBCCOdG0IxCSFQZfffFf8fDfqfBflfffdfhfUfpf2fyfIfIfIfofOfEfgfdfKG:gk2Q0IxsXN07CpNHlJ8heqwwQA2MIFSG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
2696	msedge.exe
2696	msedge.exe
4196	identity_helper.exe
4196	identity_helper.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 5024	2696	msedge.exe	82
PID 2696 wrote to memory of 5024	2696	msedge.exe	82
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 2356	2696	msedge.exe	83
PID 2696 wrote to memory of 764	2696	msedge.exe	84
PID 2696 wrote to memory of 764	2696	msedge.exe	84
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85
PID 2696 wrote to memory of 2980	2696	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fde85b47c266bbb1a46925cc90ec0122_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce49a46f8,0x7ffce49a4708,0x7ffce49a4718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14733654985922653645,10768891395722982538,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
1badb14122759c30942268bf9d330273

SHA1
93d63e38a505608ac81a351a055dcfbc050783df

SHA256
03bf2096d128b282af320fe59f4e69d25dd17496f12c9c4e13372aafce7edc84

SHA512
6cb7bf7a407a4cd4d314049961a6b42c727371a639471b324ffc4df501f4c454ca08042bafff4ff9ff5e2febba11036ec87d1398663dc139956462c54a779d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c73c1b5358b0da0a5678ad6d8bf3a42c

SHA1
ea0be8e31d139d84b424f41cb3c6733f32bb36ed

SHA256
24dd6893531ecb22645622d25bc8ff44f8c10e023d5f71f64b0fcdfd434c1c9f

SHA512
2faeff484a26aef6de642da59c459bb5acb858313fd8529ea2b270546364127f9eade6ca9eaf21bdf41d5146581d9c18e93c71c486143e6acc6c8e322f84d3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
755adbdd1841b9c26fed6b3968f8daf1

SHA1
b244f8190ac7d5df8772b6a1e80c4bdff01594a1

SHA256
67b0eccdef049a2bd9f280e9a8a84b28d18568b475171953b919246289e0e252

SHA512
c3b1bbd433adabe73dc0764e1495f4b30c874abf53f5b309f5b0ca24a86a010b9c0208d83d6c5aaca81a240aa7bc4b792301f704b567644d8122b03e78fd4a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93c7cbd67411730f3a4e02dbf3840163

SHA1
56d372bb5c79803220897f77b45c528b3e672031

SHA256
48dfc66a406532939a5db1ebcf96647200c9fc73528ab3f7b1280acedd3c7f88

SHA512
fa20325ab445acba02bc8dff84479bdc76fd6cb42ba804c5be1db5f72b31d9f29e36b0b9e2ac92d7d264a3d68170df3683c4599cdaeec9fe93223962aca757e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f63b375fa14236b5e732b7673fdd0a7

SHA1
db9b33782568c9f524d38f38b428ce9c8ccbf97c

SHA256
aa373dd7999b05d82e41497b67507258fde246b6380ae4e25e6dada16095c96a

SHA512
3312d96c422f78e5e91d190c10f09aff01996f02cd3bddf2f3f0337fdbf33b7d679a935404c9e3e5dd490f8a6c87560776763042cb938fa1c3b4c599539127c4

Download Submit