b00526a50fed6aa5b532ab3f54edfe489d2eb7c25b3a7a857d49a9b351f0e2b2

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45993ea84b62dafd441f2930cf354513_JaffaCakes118.html
Size

31KB
MD5

45993ea84b62dafd441f2930cf354513
SHA1

0f98164b9d02a3942c196ad8ca5588ccbcdb717b
SHA256

b00526a50fed6aa5b532ab3f54edfe489d2eb7c25b3a7a857d49a9b351f0e2b2
SHA512

c00d37a66d6b16e58f0019fd503909f17e582b08dddde10eb6c43422402b261e9f9ccb5bcaef791d4bd070c79bcc56c24a3cc0afdaea373072b3980ac80a7f46
SSDEEP

768:GJ6hq891Kzcljw4jGikKeQauY3VEsermNjIVw26ZladbhjKMt5zD+vB:iKqYw4jGceQAVEVKMt5k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
4644	msedge.exe
4644	msedge.exe
1048	identity_helper.exe
1048	identity_helper.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 3256	4644	msedge.exe	84
PID 4644 wrote to memory of 3256	4644	msedge.exe	84
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 1668	4644	msedge.exe	85
PID 4644 wrote to memory of 2276	4644	msedge.exe	86
PID 4644 wrote to memory of 2276	4644	msedge.exe	86
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87
PID 4644 wrote to memory of 6092	4644	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\45993ea84b62dafd441f2930cf354513_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a06c46f8,0x7ff9a06c4708,0x7ff9a06c4718
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8863697603086938967,5623268249637772562,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7548b1227dbac79576efdfc10605a29f

SHA1
79ec366b8549860256702610167a51a01b0e2b9e

SHA256
1bca8c5d2dffb8331a5631d54a0e6e351964b1085504d47b4298504269723a8f

SHA512
e14a9746e193569e577d10d5276d55db1e6bb1db4c01565f1689d4d306589617817c2209964545b7875432050cd616852a046e9c408aa4aae1d4aa23367f7370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
19c6c0c046104afeb1eff8ef49f33a4a

SHA1
9d208b7b714701ab04539518139e1f63e79c8329

SHA256
0957c1de33e910d90a2b1eac036c6ab086a28130c6f0a6e799e13cc5ec1a7f96

SHA512
deb40bd08c628b0c2ac555360382266e0eebbe78155de56a2848c69254ced9ebe3afa9c484d6be42a3ced590736a8ad78bed7effe5b470e0a10575e75e44dd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
92f4665d9b25b0a6745591e55221f197

SHA1
8b8e76d216124ab203c6c3fd55efe97952d96a46

SHA256
5cbec17d833e84ec11dd9a7432adbb22fbf0320e7090f11cd0da50b5e32c319d

SHA512
0ddbdda14a184ea08498c57838730f0f82e98b1e35902d8a85b3f369672845b3b3eaeb6ffd76841f774c50c8d45ed87ec491d6ed1f95d3bf77833e220a3acef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b31f679dffda88a12bf955a51accaf1c

SHA1
48ed768f2f4c385f61cb47c75f61fe40fab55f1f

SHA256
08f05ed5891929e7c205517bf55a3a3e7358070cb496d7aa52b2fb01b1788630

SHA512
baee6e4eef4825f714375f1f5f9743561f283776eb7432384a0f5ad0a2434c9bba2e9225c17332bdbfd4147813866f3caf191cded1e32826c9dc57d9873868b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5da18954f1b104c7f522d3b979fb7aa4

SHA1
99bd6fec0c4a863c76c65d77aa5b601c983109f0

SHA256
ff1ae61eab626a167a4bf9bd9e92a0d9807ff6c90741abaa26f063ddf7e8584c

SHA512
741f5768b583eadfcbc497007e54349085d8ec57958e0afbf53c4159ef652a2d49f05cb0e8d3cc3db153ff5a7dfaabacd25952808d58810ae5469e22fa51d1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ccc.TMP

Filesize
538B

MD5
0cb24c9185e4b035f56132a136220708

SHA1
52047c60a1c8a16ef2d6271411e3235635911e7b

SHA256
81c89fd6823ffb4c21eddff341c05793b3ab633da1cfd589b708ef6d08b1f65e

SHA512
1d4a2086552432740607b42e9ccaa03cba57bcd9267b9ca8aa7b24b31e06de988c493e741484c5bc5d9f78ae9fab257e9502fcbfef492de02129a630fa055f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef8ed8e66e834c19585a629a4cc9a96f

SHA1
cd5327e0bcf480a1dad32033f65dc9b96d6426cf

SHA256
75ab00548926c30469b2e010928d56a215f48a5443ea637dcb37ed60ecec79c8

SHA512
bc09efd017dc66fadeaa120c59a3fab164082fa8f8173862429f85ac673f3240916116358323f9c8333e26b50938a0253867f2216d95b1df23e6ffc42a61a6b4

Download Submit