10e07b31b4afb491db312b1097d141870196caf369e3c1cf81351792e3c850f3

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1013f9d01c93bbcb73bebe48fffb5afa_JaffaCakes118.html
Size

29KB
MD5

1013f9d01c93bbcb73bebe48fffb5afa
SHA1

c68069968262334475e8049969ba0f2b3167cc02
SHA256

10e07b31b4afb491db312b1097d141870196caf369e3c1cf81351792e3c850f3
SHA512

f0194f79d198e37ed3fdf73b5b29f5ee847b2f23dd496522a1423f2a8df2162141c962ad4554de90efa4047c01c7b3c2ffcbbadc6c70d70b19edcc512f39f35c
SSDEEP

384:FCmjyBZLMQY0gmfB7MHYotn0FWIqD1tjGMJd30VJPmcSpO+4kfm6Nnv:kmGBZg2K0zqD1tjGi0VJucSpAklN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2860750803-256193626-1801997576-1000\{AF6C3E00-2C6F-4199-9FB7-7B0C59C93F4C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
3872	msedge.exe
3872	msedge.exe
3344	msedge.exe
3344	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 2972	3872	msedge.exe	84
PID 3872 wrote to memory of 2972	3872	msedge.exe	84
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 5112	3872	msedge.exe	85
PID 3872 wrote to memory of 4608	3872	msedge.exe	86
PID 3872 wrote to memory of 4608	3872	msedge.exe	86
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87
PID 3872 wrote to memory of 4960	3872	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1013f9d01c93bbcb73bebe48fffb5afa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd837746f8,0x7ffd83774708,0x7ffd83774718
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18408682550689109104,5908130193501813672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
665B

MD5
5a265f2509179ab3d0b42f73d3051ca6

SHA1
c66d765c40a890c888838ba5a14b5c56f956378c

SHA256
1b6533f5fbe20b2a766ae4b366e97a4b100f197826cf8475da6f186a3c436d6d

SHA512
8973e46835d4b947209d6a588ccad961760178d73436be978ada35caeb0eb0610bbcae2b84fc08f67aad6d4c15a59e83e8a4a65696e40475e49da274d1e6149c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27ec03c0fc7268bb407a00db839aebbe

SHA1
3f0eb1f203a7f4532734f679ccc22420b812a592

SHA256
c672fc821d93db13c59ee67e84ca0eebdee09fd7fa8b529b82f64ca3fbdd46a5

SHA512
61c1557ba88c0507feac2cf8305dc36b5e191b6e31cde614900f2ce38bb79ef960372710e1b9f62423c4b210dcc163910d4edf3a638c5737be200465ad64aae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d03294f185d08fd79805a97d5eaa92e0

SHA1
ee5ec2323be163d85f76f6d66e21ae28984167e3

SHA256
555c34829cf9fb4b3256e57b83905f472f37d4f061c8830ff0174c06186085e9

SHA512
20d33d7854d33406b023ebfd96902e176d3977c4b2be435e11010fd71deee02867fe057890e53ec1f0a26b6efefd22ea457a074e911b06bcd2a18b82cf8074f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff9bb196e950a3d252b0771676cacd73

SHA1
63f349c55b716a13174164307a6f72558b5505e5

SHA256
aa6fbc1ed3ff15c3bbbed3838ab34e2449d95c66212c95b14559b27cdd7714ff

SHA512
7cec9e2844ff755b57a83a7697aaa2f5884d6894e953cac6c7afb59bd45bb2b36a1eeb97df5cee462c3752a928a95b190a492e5d75da2f744c3d09aeea6fb503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
596706486d0eef2f5d8add5104c20dcc

SHA1
c0d66cdc133d2d3cfa234028bcef8ec0c5cc32c9

SHA256
e6f4b9801b19e79352cebd64cfe14a586f42913698bd1865d28d0cd80670bfc9

SHA512
47f8252425aec2437346d84485cd69fec29aebf8bcc3c80aac6679963f13a5bf6fa2d5a946289e7f53d0bbdfcfafdcdb588b8a0f3faa739ccc8a941d63401c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
0aedca539b1e73f1375b5c28368540e5

SHA1
0b31e841b5178de8bfa61b0c716358eedcb6e75b

SHA256
322d1ee7d13c69a12fc5a504627ce7d5a5672fd0e80ee563705220b275db3783

SHA512
d6d36ca4ec30473b57a22920329967fe59eea8072963e947d92b91266f69c660a6078c07a70039ce158e83d4307beaf0bb628570d74a4e45a92f45286637858f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a393.TMP

Filesize
372B

MD5
4dacfc79e1878231c14dec7a526eebd4

SHA1
829aacfe9716cb5fc752ceaea116fa76d10ce232

SHA256
960789d93b59372500376be578c7328f85587f62b7a9f4f222b57d11a7e8e0be

SHA512
a65d94ac25a7aac482f96abeff8337b3887e6e311561cb892fd783f493f90d1ed3db7fd4ed49520ff4872cadf88c20cdba4d62c7766f246e77ce6def71357111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72994a4b163272f3dbe4c3b7f0bac7a5

SHA1
da0a6318982290949c1bfd8da03ad4b3c7efdfea

SHA256
1fe01d37d8b24926c0d9aadb8c0fd72ee37ed716c61002bcf3f74bcca61e2c57

SHA512
eb25fe0a06a39ce8fd54a23b2145b2c5e377770fc97a42849e74e3048076364d7f63f6001986305d7517426e1ec9fe374dcd27872b6d419fa87c9c86353f8140

Download Submit