1e76a26ee37e56450c4d80a7fecdc0f6f17e49fdbfeaaff41b6ef52f29b2db5a

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48c9978a0e9ad03f5ae3abae0393ffc6_JaffaCakes118.html
Size

9KB
MD5

48c9978a0e9ad03f5ae3abae0393ffc6
SHA1

7a3f5e7e142b3f83c5145283d15f4aaa4f6238ef
SHA256

1e76a26ee37e56450c4d80a7fecdc0f6f17e49fdbfeaaff41b6ef52f29b2db5a
SHA512

c83e4a3b9f315710bc7ae689898f2e51ae3826ea53f3f3e6e704349a0a64087609ebc8438298935355cb56e2a52e01a82c0d1bd5fcb16166f31d5d08bbe00b2a
SSDEEP

192:vt3qlT9eSFIjbeKM4ps31pb0Y0czIU4LpoNxtVb+k+:F3cBFIjbeKpC3/5Ll4loNjVk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
848	msedge.exe
848	msedge.exe
3544	identity_helper.exe
3544	identity_helper.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe
848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1576	848	msedge.exe	82
PID 848 wrote to memory of 1576	848	msedge.exe	82
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 3512	848	msedge.exe	83
PID 848 wrote to memory of 8	848	msedge.exe	84
PID 848 wrote to memory of 8	848	msedge.exe	84
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85
PID 848 wrote to memory of 4484	848	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\48c9978a0e9ad03f5ae3abae0393ffc6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7c1346f8,0x7ffa7c134708,0x7ffa7c134718
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13597925830352905404,11629891925933286672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6bf006ac6d5c9d94535c8b11a2465946

SHA1
0c5bcef7b415d1895cb9bae62c029a7eb9138366

SHA256
dcfe78ee8f163b32172df2e02aa5d56c6a1069e1bccf53226ddda586a3a406b3

SHA512
972e36d2c149accb85c5c81e4b8fc4703a67ba3ff909156d63deaf63dd40ec358c6fc08f28e38642ec75f59a84cb89e1137eed8ae08af22409a0fd157e6538db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4e0ada818771d4b075d04dadd5ed8f9d

SHA1
d4e49e4ed37207c7cd0229c8a11c2ff1a911d3cc

SHA256
59c10237c170b14b31ccce2c4a552d3e616a3d02c6a8286ffc8b7661fabe211f

SHA512
b8dd013d3c19e49ba69a52919288366a9bc81febeb9af75f7e47eabb734c5eb940a217d73e17b0a4c838ce2d2d9818552e37b4b561b306ca42e00bdf7542cf4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
185fc80ad71ff9cce63830c15839b783

SHA1
3626f74c40f4cd660b2fd91baf762bb53670e46c

SHA256
662fcca73a208c0fbcdd38f740ef0e4e4f73e142a2094cbdffabcb4863d5d344

SHA512
001c4adb2499775f048ba826a66caa306c2ffca19823365ebb9591be35d97a3b1da32dd513e4510ef08aa682c64aff43e2d89f6945f02b5d3f0832c8336aa0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
736e1aad208be7c5aec1ce2977cc65b0

SHA1
e5ab0b040a7203042688310a6619ef3db49e2965

SHA256
42567fecc665e275546d3fd81b3c34951d4ad43d8efbed17bf23b8c11352bbc1

SHA512
f0c0969d357e221e4a62aeccb82ccc08d8c5d5c5503926a6ad9bef5e508fd3532f434b208e187ab94d7232bf0b6ac6779bb24ea4a79de9241c5368ef32afc2de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2171fd25ea3a11363a602fb253763c51

SHA1
badff7f6a8e7dbc860c6cccc214e0ebaab5ac970

SHA256
86b585c0ad6f7086cf79bfbd6f3a31edf1a6dde3617b7e3954139f23a1eec312

SHA512
8ea774d76c3fd46a5622889dc6acc7dadc62f4df7955cf3ce3d53c1f79b6028afe9748f4cc1638c26f0e7633a53acaca0429654381fed53c58a6016583981ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c3f9c896ff40b96db324d45732a989a

SHA1
15caca56eaffece77e0e969205f26a234554d366

SHA256
6dcd6058fb6f1a0b1492465c3c4243e08134b1b951313ee9eb9c486fd8d8497b

SHA512
5107074eff80f9745ab2b05b59b1af847a0a0e1ccd6e781bab039743412f7a2fde575ec443770556ae4e079a38cc6bbd582e5acb88dbd6591851b6274c086c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
72d7718e8769e44ab1c9e71fa5ff4783

SHA1
5fa2fc37b43277f775cd5834be9bd2ad57287184

SHA256
25a6567c4e337b044618e0be5afb3016b39bbd37be60459faf3ad426698161c4

SHA512
f9581a31e965ed9c9d5bf1d854e348f2fc5255ff2444b0e9c68dbe8900097b19ecf01b70c0704a21c534b5dc2bd90072fdc6a766bb874d2a504948ff8c9fc792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b41d.TMP

Filesize
371B

MD5
bfe4b62ad71ac687019112c73edbb6a3

SHA1
9aa6197c3ca2b144eead50206b3d7d08aa08624d

SHA256
b15e00d899e7432c3f0ffa0f4f38741d2157485ea34dfe49b4bf9942370ba800

SHA512
f0215c45f96cd8b901145d2c4f7d1ff39aadff73b7dfcd1abeec7d249696512cc7e4c4b4ca8211ffa4e10dcc254b3b0e979bf353a7fc6dedeea372609b6b817d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5c9e4fa3d51a0f57c1f10af93b97dcf1

SHA1
24092a41380d2ec8d14cb9657f08637a6261e32e

SHA256
f63ca9ef43c56617a5da0f456f0519bda19aea1dca57c0b7b44a840fff3feb12

SHA512
93d97dfbc2f43fc5e2bcb8043cdf87fac3c1b2a9df08ba3908cfada1c54c2bbc478134548455b9b1932729d4fd9be782cbc966c57cac2d74e942e99e9a50400c

Download Submit