88c0b4efde7c7f3536ee5d158e3624881333fae9613d08c18383ab3124601dc1

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 21:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3cacd7b0b902c037583166e91064ea4b_JaffaCakes118.html
Size

34KB
MD5

3cacd7b0b902c037583166e91064ea4b
SHA1

35e9b194f884291d663d3cd5ea4793d18cd38425
SHA256

88c0b4efde7c7f3536ee5d158e3624881333fae9613d08c18383ab3124601dc1
SHA512

cfb7bce94cb3c4fc8271e95376b312c22804ff23b178bda3e4bd9394ea06cf08da239df712e035b09543c91f9e024b0eb2d191533b2d158f798c92cd3c00e09f
SSDEEP

768:d1l9c98dk7HtM1oU5WJJhMjbH5dY0kwSrR24AcuVkuguC8hyuFflWFy1Z7V7:dC98dk7NM1oU5WJJhMjbH5dY0kX24Acm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
2396	msedge.exe
2396	msedge.exe
4840	identity_helper.exe
4840	identity_helper.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1832	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 3088	2396	msedge.exe	82
PID 2396 wrote to memory of 3088	2396	msedge.exe	82
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 1468	2396	msedge.exe	83
PID 2396 wrote to memory of 3408	2396	msedge.exe	84
PID 2396 wrote to memory of 3408	2396	msedge.exe	84
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85
PID 2396 wrote to memory of 5048	2396	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3cacd7b0b902c037583166e91064ea4b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6dc846f8,0x7fff6dc84708,0x7fff6dc84718
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,12301177192203123805,4341930050106589218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1bb8e08ec337467a5e5c1f5b247912b3

SHA1
65079e983177667ac9cce54b78141294b1c71761

SHA256
80701e93d05c0a3b25c7bf94fb0c1a90e20c4af01c91792da040c11defd03fea

SHA512
183f231cefdff87f3dcc382fd0e6bb161e67b3e2fc9c15dab9bf9415954661f8e4b6167b867efcc80854d1257d21214f7d24bf679173e96a31db349d731406d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7165f8dbe6948b24c2e2d42d7cba4889

SHA1
ac01406c475afe5dd81207e72dbe3c005c6f6935

SHA256
6403dbcef87d0b00e2f34606eecb728af3e55aef23b3dad8bc6dc7657911243d

SHA512
a7af289b8eeb8de11cdde20c1a851b8b503b77deca993d2f8e08f1b3e6880dfd69d7ee2ed4da3a03268b5a8ad817a4e3a3373b81b53e539d28b3de8873e716c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3ab70b0a8ea053c4213bb97a49ed3c28

SHA1
1b142c6ef1102c097eb6ffd9dc010f8823ebabfd

SHA256
25a14f700b43cc884bab64a4b086f7077b33cf7ecd9694f8460fcb687f6e30c8

SHA512
9692d5755f58471574198b2018ab93fbc6ff3295373b04e740e97419ac237bd898d9cb8db980cd609b494066543a35c4d6ff4e2737d1b7672764fcb6efa7e7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f548d1b3c885f5fc8ca7adde7e9370fc

SHA1
1092dc90bbbe4b8823e5c917773792b9d1c28be2

SHA256
be0287a2c4533fcc76b08ebdcda3ebddfb8d166d839c5fb431c8ad7e65319b17

SHA512
c6dd69d58a57bc1839a4e660998ba7bbc4e496857f632f1799b9c8e538cec631277bb73845ab3cfa593b437ba30283a997ef74b6fc2db43a2364aac544acae3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc94c83055c7964a40927a830ba4fc15

SHA1
a7f174cf77c3e53641e9707c947498e2f34a86dd

SHA256
0ebdaaa9df6f1fd4f9e2af488c14b17fc80cd719854bac4a5bca28ec35de1a4d

SHA512
e708bbcb7703447e58c25cd032e89007463aa47d2f81015c13c706468621b68ae8add0324795f030d8fe23e67dbc11d4ae2454b941949fe4c77a2ae3a3190083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d91d3f73540e3039d834018f6cee9c8

SHA1
3b05b72e970ba4de3bd41b04b7d2d374bbaae185

SHA256
86b6dc094f29154e550f929d86c0cd5ecfa4199779d0cef407039c1d636d737c

SHA512
bce936062845a1f10ce1f9c0d37edf00e1a211d3fe3ede4b926cf061d3b351a348b19afc1d3b7eb40b3091bd3942b8b77b007965eed32b13c9d2d7f1d10c9c8c

Download Submit