61bb9b20ec7c8c5246833013a09742102eeb9189ebe7303971265f5988807a3e

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ab3410bfad9d2be1bf7d4003868ae57_JaffaCakes118.html
Size

52KB
MD5

7ab3410bfad9d2be1bf7d4003868ae57
SHA1

a8e4efce271e064f030d335902ed15dc64af5684
SHA256

61bb9b20ec7c8c5246833013a09742102eeb9189ebe7303971265f5988807a3e
SHA512

35108f2f069cccb9c40675a462f2ff2553f524daff44b0ca2d23dc5d6aeb7802ffa9d0f0b459abd4a0ffbfb82e60c79a28817967db6ac48820c8443bf8c64d67
SSDEEP

1536:S9SPJ6Q6Q8gObPt/hVrXFjduzPTUivK1di/Hw3kiL53:SSNN85iv+di/0kA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
672	msedge.exe
672	msedge.exe
1836	msedge.exe
1836	msedge.exe
1064	identity_helper.exe
1064	identity_helper.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2552	1836	msedge.exe	82
PID 1836 wrote to memory of 2552	1836	msedge.exe	82
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 320	1836	msedge.exe	83
PID 1836 wrote to memory of 672	1836	msedge.exe	84
PID 1836 wrote to memory of 672	1836	msedge.exe	84
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85
PID 1836 wrote to memory of 2960	1836	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ab3410bfad9d2be1bf7d4003868ae57_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff9954718
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15984942433511380275,17267684102634525954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
144B

MD5
a4d461f0d15c0eaac0d1fa88cca35c1b

SHA1
2975bdded0d1dc130d077f6b6fc7a00589abb25e

SHA256
05778f29f71a5a214e465c1aeb1b1cdb1287a9ebbf5e5d35d19dea965435003a

SHA512
a9917999ca850f8ff0db8aad38b8723d898defaddf7a1456aa9fa86d857e297cd19eea27e1300215a652c6b4a171af320033c2dcd507d556420983b26e440758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c495c37a20b4b4922c140be54bfb9c03

SHA1
94476546e56e4c9042e77515bab0e129d2f8c998

SHA256
df6c9a1315268b70cc37ece7dc1755e88ce280ad19893eb506de75d6ce470655

SHA512
a9c52a0d3861ada7e0edab909856334684d7b5cb52eeab584f094a5acc56f73a28bb16ffbd64e2aaf4f9a2c593bbefb4e948cc2761c628e71df8c9725c9ad906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
929357e5e484fa5b22bc6e44c3b893e6

SHA1
5c35e920084fe08e35e007d39d61cc2de519793a

SHA256
e23cb3f5353c8d10fe298263866f982958cbde7cefb1fdd523023e10c76e0d4e

SHA512
32ba4aac32c85e6701604b8aacaa4fc7a7f230d617257d0d193c4214a71084e7909f577aed1b05e8a1223ccde71316a6cf55ec8aa9744b03162d8afad2d0676e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74ad130ece5c6ac0190f57f645d3ec86

SHA1
e64b71811bf6d82ca6e7ae0e5996c24f6bdd1691

SHA256
1bd7af8582e69508aa2fb57171059c059a008920f9dc37b9de1f3faa001d20fb

SHA512
97c2567635f4c6a0b04c272a37bb0cb25dc830d05f11646bf64823eacd82913019bb68cd0525e11ded11ee0baf9f78b916e37fbcc67be778b3569b1899ab78b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8daf89a12261ff3bb0186f1e10dceb5

SHA1
bb82f588fc634a4b128f71b39135ee79747db973

SHA256
d36e72678d81e7c07253d5ffed337406ee5016d894292a0d6917457440155647

SHA512
df6ac5a0dd335f6cf8e3125e378a8042093ffd85b25812a7e4cddbb4bdf963504829cbaaeb3346a08dda3a8e20eec45e6600eb31416d3da0dc6ac8166d74be57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
988458668f119eeb08cc85c3eebdccdc

SHA1
e0f730991e03f9ee8e98ea6a38fe34f4dea39c1f

SHA256
2ad94d5204397274ede5f2da1ca099c10c05510207d8963d8678fa50a66bd1f5

SHA512
9d1ddbda5091103194343c118f46302e8a579f7075098023aeabaa0f7516fe1f62cb32aa2a66886c9984b04ed2f64ef31849f7e6e587e9726cf50783aead58a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c10889fbbc3e95ed2d86d0071c5ed4ea

SHA1
663f45357238fda5b8bfb463d2775df12ce38e73

SHA256
4a3fb447d45e5ae66ce04aeddf7728930f2afa321bcfa53be2b86bc5384fb315

SHA512
a49b6eb2df518936b5c12f7c7696a45dc0b2b6fb179caaefb08330e891fed325ccf47c0f187eae4502b5773de266cebd61b9205f0a7896407089af12a3021320

Download Submit