5ad2ac15ce6ba9502e4056b292cb9144dd89d1f6ef24ca29cb97b7cd80762869

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ba6fcf2eb95654b2e22e790f6c767a8_JaffaCakes118.html
Size

25KB
MD5

0ba6fcf2eb95654b2e22e790f6c767a8
SHA1

32ede5cbb60059c4a7ac8b0d29ff7434df907d2d
SHA256

5ad2ac15ce6ba9502e4056b292cb9144dd89d1f6ef24ca29cb97b7cd80762869
SHA512

8e10b8b93117b50c7cb4cb83712f07d37e5e5422d2cf8bc6ff65ccd8484e00cea020802a18bf1102ad8b63e2f452ece6c13018e9d31827458405596928b9588a
SSDEEP

384:6KnpC5IgSnbmFe7Acaf/QevvSriyggFlM9Eus:dpC5I9nC4AKnggFlM9Eh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
3544	msedge.exe
3544	msedge.exe
3092	identity_helper.exe
3092	identity_helper.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 788	3544	msedge.exe	82
PID 3544 wrote to memory of 788	3544	msedge.exe	82
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 3320	3544	msedge.exe	83
PID 3544 wrote to memory of 1028	3544	msedge.exe	84
PID 3544 wrote to memory of 1028	3544	msedge.exe	84
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85
PID 3544 wrote to memory of 1300	3544	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0ba6fcf2eb95654b2e22e790f6c767a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb538f46f8,0x7ffb538f4708,0x7ffb538f4718
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,4795049448977688737,9976918818646652428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
a351603ddda1352d3486f08380959f6b

SHA1
4f5f21a03bb67bab4ab1293a7d4b2dcc7bdd6426

SHA256
61005e00f79a4bbb6261767e64874855a4586cf8bde89597b53f768d2bed018b

SHA512
23031e71609cb8b5cfaa1348d48e4b0d05e6fea9d18417463c4de8e637ec1193e7742f6882cf2fe4d52bc4d0d27cddefd8c131f1f0020cb1d9b62dfd7d17065d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
959cd3a92775ba4598aeca1b2c5b0e1f

SHA1
b5b95f4bc7b011b1adf43a3f342fc9b45d600180

SHA256
00fc974b885f98da638007e7c1cb591c3051990c587b0ae72a5992499b9e4d57

SHA512
ffd9c90b81119bc9757d191ac74acfbe8308e6087bb3a2c72f0b74f9e2e51ccda64c5e6cdb895a1f0eaaa6f48f7c2a43ca7d167cce55cdf385c6cca8176279ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
306ac6ab6f3704370e60e8b8d0e6296f

SHA1
d451fdad749f15b20dbe7c941ee633bcd20895ba

SHA256
f063f70d8fe2bd1b86c38818c673d1e731f764623fd80741e781e516c77466d3

SHA512
c388bfd7784aa45169fe0951531785a06654f5c17ae6c1750250b8fc543b2ac7ba7048bb494bea5f59e313b803b2d1a62062e5fa6e40488f65a54aa8ac18cb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b616386ea0791d1126211b1f12f24b5

SHA1
8b75a52988d5cacdcbdb7877fd64192d12a61af0

SHA256
2cd78841122793e82ad0dc79172513ee438d74075d0f8763f24b7f47fc470289

SHA512
1994072226e1911be11e8af1bf55783c97e71b157a4a58c6a5907b6f313fb7578f598f2c7b993c497b33cf6964520cb939111108ffa64c5a43bdf4e1cb728fde

Download Submit