72673bc30af85b79317b9b435e4c472d479b9c234e20651a3794d1c91bab11b2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25d4fb9d4b4faa3a1cc277a723153d03_JaffaCakes118.html
Size

23KB
MD5

25d4fb9d4b4faa3a1cc277a723153d03
SHA1

16f9b3ec12341e7799b98a2abd000e44408054ae
SHA256

72673bc30af85b79317b9b435e4c472d479b9c234e20651a3794d1c91bab11b2
SHA512

41811b43255a2b631fea5f0b60fd54ea89bf706d9aa054aeb3a88045684a5115cfbe15bc911d9f89633f3878d078671bb8c665e6d086d0939e5727fceaa9dcaa
SSDEEP

384:vuuojyVdEtu36B3nfDUFIdf7DZA7SQbi6XdyoBr/+noJalkiOrsymoBr/+noJalA:vXojuytu36B3n7UuBDZA71eIv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
4872	msedge.exe
4872	msedge.exe
4352	identity_helper.exe
4352	identity_helper.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 1704	4872	msedge.exe	83
PID 4872 wrote to memory of 1704	4872	msedge.exe	83
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 4860	4872	msedge.exe	85
PID 4872 wrote to memory of 1200	4872	msedge.exe	86
PID 4872 wrote to memory of 1200	4872	msedge.exe	86
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87
PID 4872 wrote to memory of 932	4872	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\25d4fb9d4b4faa3a1cc277a723153d03_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc068446f8,0x7ffc06844708,0x7ffc06844718
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4723859935834739075,10347308999869100832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b153ce93367f5846a739fbe0c86dabc5

SHA1
8df3e73df53773e45af73a986b3399d2211f5ff1

SHA256
5896bb0f331646096842abefc4f6cb3ef710a03168c0dbe31bf06ac397d5aa17

SHA512
0fa34d104d5ef3e72b4b2e42eaeb9c93d0420881edb2b20533da0d2d4186b73316d6c49d2dc815fe69d17a1df179136a79dfa5cc3f638c3d743404dc427c4a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f6aaa752fa2ef7975ba7510a1b0ba90e

SHA1
8def2b1fbc1ee0637f5354e6af9ce4289871c8b4

SHA256
bbed5329b1d71c8822f44951fb29e2d92163a454c26d5b11a924697294364999

SHA512
93ae58f97bc938516eab7d5fa01a5361c63fffdbcc8767244b5ecbd074cee80e4ddbee6caae03819c3297a3f1b8eb904dfd7de7f3b2b762ffa79d6463c1b1d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f20aaf30212b6ef7651befea1b40dcd7

SHA1
35590f8495a91dc9355de706e48ae6a7bf1e2428

SHA256
d0df27ef88260bbfeb32021be414d4d77997a2af903b94c0f5bc055dd9c5704f

SHA512
1d004ccdb172174b0d8e8ca9f7ef3cd17f291df468ce40b5f025435a5874210950993af2c121cb1a69a89be828bcd0cde1551ae6a1ccab64d674b51f02bb5fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
134c7ed69868fe1936a4bc55d7c89430

SHA1
18983384617561074b1b557369cb7655c751a02a

SHA256
a8f72f690cdb800dba31ec2bab655267c731c29982e6f042ced8d7c9a1d2fe0a

SHA512
319f4dc095fcc8918f335a0e834ad700787f126e3d61755e4b20a949ee55e3cad06a0423c465bfc417b99a55c52ab44ac63512d67dd9ef885ad2e85338e44987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a850707577eb64585568aff10250103

SHA1
609ae27c005ebdd418f812e531d5119445e87f8f

SHA256
23ff0028418f4fe385ff75aa343e1685b2288a437df169513806e1ce1417c7ea

SHA512
683d6efc8a9246ba3b7130f9df002d4ec906e96e13baeb668f7d4b17f262a0ba28b0023cb03152ea88e142c7080bc53a15dbe7e5242b764c35695f947a7b39aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30eb31acf8681d0effd096b47168f950

SHA1
9a98cc9102439ae960ccce06eea21b1c82f60f1f

SHA256
3c1dab23db13fefb58d7aef40202c1d51f320fc9b14ebac3db763a615e261374

SHA512
7ffad7640cba1b5d1caa9887523745d8bcc1cda268e5b747983d43e48c7a28fb51b6e600a657f2b28079d3c5eccbf19b09a934fc49f912abf47202e44426dbdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b6b76242db7f6f3c6a01fe495a4998f

SHA1
b2157654145db9a6050c4c75cc2101a2beec473f

SHA256
ac0a40d407b49036740fdc51c2c537f2d67dbb3d4233292c76aacb342466844b

SHA512
2d84b326bbcc77a1a0e2e923315a1ede735d4fe8804fd87fe29eca1bbcfbac80aa4c4b5fb432a9e9d46f00d9612ecac8a0f7d887b6dddbb2f9f6dc18eb60c7f0

Download Submit