e347f1b29e75a735450a0010a897c8f524fc621960121ae892c53ed7a9e02225

Analysis

max time kernel
145s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

384c3cf5363740b8641cb64cc7aed9db_JaffaCakes118.html
Size

21KB
MD5

384c3cf5363740b8641cb64cc7aed9db
SHA1

6ecb0e458d832bd2d2dc352a57b0983ef7be911f
SHA256

e347f1b29e75a735450a0010a897c8f524fc621960121ae892c53ed7a9e02225
SHA512

3c8ff88a348f3da012147d4ca31424d83d47ff1e4b000ac68cc9a72340180a7c0c335917b54b17e0018ed2305e5e3fd1471e317da459c0203b7178b711ec9f30
SSDEEP

384:1+rKS511SgLuyDW4EYRwKQDuS2VHF2rI7svQuQnQgQDFQ3QkLCvV6AnfZU1fBSp1:1++S511SgLuyDeYRwDuS2V6ItLCvV6Aj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{02964A09-B8A2-4834-A6C6-2772C4754153}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
4472	msedge.exe
4472	msedge.exe
2584	msedge.exe
2584	msedge.exe
2656	identity_helper.exe
2656	identity_helper.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 1460	4472	msedge.exe	82
PID 4472 wrote to memory of 1460	4472	msedge.exe	82
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3692	4472	msedge.exe	83
PID 4472 wrote to memory of 3364	4472	msedge.exe	84
PID 4472 wrote to memory of 3364	4472	msedge.exe	84
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85
PID 4472 wrote to memory of 5008	4472	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\384c3cf5363740b8641cb64cc7aed9db_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9303d46f8,0x7ff9303d4708,0x7ff9303d4718
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8294699742896817660,1467300079976877074,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
96f829f5779ba9ec87a0ed15fe4b9652

SHA1
4fae6cfd8c2bbb490ab3fb9d358f42b1cc86fe58

SHA256
75ba598a11e2c2e0bb1c6fec9ebf81d79e2d6bd493a7aa08fe585ce44a543bef

SHA512
71c8827880aed4420b8c2d044297c86736485a901d89c53f0ab081dc894fe637f679177b8559c796f696730b40dadf03f9fe14be4e7de8bc1c1990b780b68ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2968f88ac48e87344ca0d437e7707eb2

SHA1
7c1312e1d9fc495b70c559939cdc236984bca6d4

SHA256
871a48ec9617f86f3296726a6e951de10878a432ed59c78c1c9e24619615c0c7

SHA512
9000d301e64bccdb07c3b4b14b438f71d83ce148ef37c23688469a8b0691ce694bb337d1c88bee6364b51e1c6c111edb6f6768de4ed61b440607951b19cf6677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27a215dd5a1c34ffc5c5836f1855f36d

SHA1
ff0c9ba8d3d59a77caefdf50395ea9d9d2e212c9

SHA256
2cc45af5756e7dd4753b6ad0e10988f2a64a492303f7dd123f5796c1245a9d46

SHA512
1748cb7e2bf7d312df51e5c1607224b4ce39326444ba16bc6815e8acdd27d9eb93aecf475635a27b9855ed3c422682ec9fb008f86c79afc9636d2397dcbb9306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96862f4923eff50f1ef39caa9a3c03f2

SHA1
d5f0c9f41d9b0db51b869f27a7208480bdc63229

SHA256
a081c1e813c733c14780fa6262a38e584617b19908f3463509f99416ac9f15d4

SHA512
d66f989d3e9f0b6e02b73840d0da0194cfa7b1fc1723eb9592a28a43d8946aff019afc23016a5f806a65522f325d1736369ef360e678613821ef322ea32b5615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a343f7b0382295a852754b936f4e9a2

SHA1
f53a8999e65064feec3f7f99c637921441f09461

SHA256
8862ef8b7dd57b4a016b6f435d67e86e27e8f7ad042359bb681d6257163e2704

SHA512
3ad43df10b46b8d6d774da0741794e588c9be2e2a9b545ac9ece2af6d2f5aa0d9b5ade5f6732f0d4e8715596cda9461a6d919f044c98272e231ba7f7285284e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
9f6cfdaef89ed57d66fe622bc1c22c1f

SHA1
019c5d15e4ab7f7511ca1e8c240c85cdef689df8

SHA256
f99e0497aec190981e19bfed205579c43fb809bf59913377b4616248467bd3f3

SHA512
6bdfa0355f16e1d56a2df04621231ab95e9cd9d89a5e9a27c49b463d44f7896e823c43bfd25538efc6c80636694c1b44723beb46665f0089c8b2bc83b75d51b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f155.TMP

Filesize
372B

MD5
803d05a781041e5daff86cccca1234bf

SHA1
14612593cc80f2ec6565288f63c8872247ed3945

SHA256
b51b3bfee9382f301b091f96bf7a7db26f494608d57c88ce69b511d962310aaa

SHA512
9abfff3680042a7a1de3abf11af2b8aeed998332c48a0eeed99d079a58829b9b1eb95e3d7da151baaad550807f199bd36ea865ff99904280599c1adb4a9d0955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93dd129c7f4edb1b7654f739a10af530

SHA1
c5f49f98fac4f0c92f8e20302e3b7e99313ec858

SHA256
e4ce5f42075b7bfd21b2fe5e97ae31044a77b7039077b4f7bcbb04ac91630473

SHA512
f6b5edd3b725a45cfb571e60308abe062868891ae0321276cc06c55e84ae964b97fb68f82e6fd08cd1e21aa325589dcd29ddd9e7e8cf4fb30911c167e12b94b9

Download Submit