e55175719de42fb7a7213b99566551577c5afcec062538dc3cc80675bfa28b37

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cf5ec2e32acfe0ab87e1f598da432ff_JaffaCakes118.html
Size

49KB
MD5

4cf5ec2e32acfe0ab87e1f598da432ff
SHA1

9ee72c5298203426d812f18881d509db111c291a
SHA256

e55175719de42fb7a7213b99566551577c5afcec062538dc3cc80675bfa28b37
SHA512

8a8b9948fced6c1a754588e4b7a7b919bd9fefb1c60c165b1d056f58ad101f999b882e886456825dec297f3415e2f94f1a5395baae9149d6f7f11f828db23b5a
SSDEEP

1536:pS2lS2weO8DZaMkvww26rSuxak3QifuumXaV2HoNO:pS24gD02EdgiqaV2Hj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{E5EDC566-0158-4337-954C-DFBC5883F74B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
252	msedge.exe
252	msedge.exe
1680	msedge.exe
1680	msedge.exe
1340	msedge.exe
1340	msedge.exe
5048	identity_helper.exe
5048	identity_helper.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2924	1680	msedge.exe	82
PID 1680 wrote to memory of 2924	1680	msedge.exe	82
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 1408	1680	msedge.exe	83
PID 1680 wrote to memory of 252	1680	msedge.exe	84
PID 1680 wrote to memory of 252	1680	msedge.exe	84
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85
PID 1680 wrote to memory of 2636	1680	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4cf5ec2e32acfe0ab87e1f598da432ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15765735094757008702,3273325900657884094,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
262B

MD5
6b26f9a064caa1600e47aebfa8881e3b

SHA1
3a2fee5f930331127c860eafa5f28f63f90e73aa

SHA256
5a26ff89080d1e50436a077aaffe7a6b8c125d3af80e03e366a6e8852a9b7cd3

SHA512
1f32b3d14aa35192b18309fc72d225106dbf9f99034500f310114fbce5179710a3779e7c5dc79eefa52af4ef4e2a24fc8c981acd19300266c1fac2643e11446b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf2007cace2e15b01e03d92958ce4822

SHA1
6540f6909357abd71e3b0e95d90f07215c2e60c7

SHA256
e20fe76ad25c13fe62ad375d266ad57fe65a3dce6aa6ffd108cea795f095fbd0

SHA512
669c19d940578606f79c44166d5ee84069bba2581d9f0033c5f274011eb4a2cc5bbcb11cd67c5151b1914102963cc75b3fa2cba70e9f436f5d3617991e7b990d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ad14e8da7be164dbdad04195797892e

SHA1
8b01b845ce2fb92987a12d7baaedbf143b2e7d2d

SHA256
a0422bb70d2687e0cc52f5068c59aeed0fa3b7b8a0d08f542df79e3771028d27

SHA512
7eb3f85f9901593858e997316de667c075f70cfbe5506b1cae661afc2bd25b5a9cea1ccf058e0bdc01dfde27452caa9e6ca98720bf5ce8891c19478f32ee1292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ce3fa2daa53c8af6e1a26a358fff5e4

SHA1
adf9de47fe7f5791b779e0d4adf150ff2b3ceea9

SHA256
f592990435687cabf1d129ae1ef4307287e242c1924818307cd3a71bd528ea08

SHA512
50465d0be963e8b31542e13df6fe29817de57df642501a7f7d395db6bfa7ea09afc738e018482f4651dbe5beb3e8d6c43140fc060fea2d3da0a18be8203d5e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
37fcf5d8c6583593ca775d2b1cf7afa1

SHA1
db2bb931b681e8c6b8017d7c4654f07ed3ea47cd

SHA256
fa36195eeb3235dc86509f0ab83c5962945da4affd9bf2edd6a54306988344f3

SHA512
19ac8122e9714c6ed364ccef72b51208aaf90f249ab3627a0c760214cb24bb35f05e925e959b1cbc4e40a882656f3444076ca4e335c702cc04cd41637861be13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
249fbe8cc2c472b8d5a018a3dbd5ba0b

SHA1
65f555f774ee0298bf685a0f1973ae44fd8b8503

SHA256
fdc39f8c41c1d5544ecdafce284ccb8a150a7362e02c3b036b0b6ff4ce5e773c

SHA512
bc3d7f59e01ddd5540ffa5dd8e6cc0498adfcfc883f78f4c2a8553cec444cf461737edada1dff45049f1faa832ce974703192ee8777f3cc313712d3d41442fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cd8c.TMP

Filesize
372B

MD5
9531ff047ed93768ee90d1648e3d2707

SHA1
86e689c4dd488420fd64dce66540ebed25d83bf3

SHA256
f6be5373d2061da973e2b70c6d5341a37419b5497e73252cd1a69018e2807104

SHA512
cd1436a45e7103394aad7ab180a980def7325916c6fe7ec5933d3a467a2fa718da13706ea4ee524e2824c19200445ec4618271b3f20a4285a7b0d38875338ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a671b16ba93621bd2a3ef2ed675f39e1

SHA1
00e470500e4d35047e7b4ad57d37e744b860a2df

SHA256
fe5931e301c36c9e648d34be03c4e5da163bee156b7bfb574451838bd058a71f

SHA512
bcadab2b50e385e9e8561538f16217d4f927ad60add03d766dc5975313bbf944fd9605e2ad0e6d0c406f085302781d8b1a0488f991f1adb8f21ee1936643c987

Download Submit