f1ce6d8faca4f1ca97d9dbea19660e6237f796406a25e5ab7817f219f28c201e

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6145a5c9e2dc1669450d3554f20498f7_JaffaCakes118.html
Size

175KB
MD5

6145a5c9e2dc1669450d3554f20498f7
SHA1

bf980f7221f9b7e17e547a9a739ef1d0b8b9ade0
SHA256

f1ce6d8faca4f1ca97d9dbea19660e6237f796406a25e5ab7817f219f28c201e
SHA512

4fc11e642b8a81d3f00e6fa2fe5290267a3cd56342a8a4e3664dd5d46231efc5cbd102bc1d5d6d4ffa6cc1948f12c8f4ae30065a514208d2e6f19dd34312d5a8
SSDEEP

1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3IGNkFYYfBCJiZN+aeTH+WK/Lf1/hpnVSV:S9CT3I/F9BCJiAB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
2856	msedge.exe
2856	msedge.exe
3220	identity_helper.exe
3220	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2112	2856	msedge.exe	83
PID 2856 wrote to memory of 2112	2856	msedge.exe	83
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3460	2856	msedge.exe	84
PID 2856 wrote to memory of 3408	2856	msedge.exe	85
PID 2856 wrote to memory of 3408	2856	msedge.exe	85
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86
PID 2856 wrote to memory of 4012	2856	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6145a5c9e2dc1669450d3554f20498f7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14288271156328694503,9663383443038735355,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
06b5bdf76e6b925407dac9110d4c7dd2

SHA1
4ab34c3a512a30c6135778bf15793787c340c1b5

SHA256
6509b8ece237ab5f9e87dc9aff4bafa65dc71bc39b0f55457b942bb7cac63b91

SHA512
770bf5b495b9373c8ca916c5979a7fb77d8d4de65868ab9da7c71890196f007c31ce7d923d12c8d2d1c67b1f507743fb4664c99d37329e3e5c24e128f9e36e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5015655a92c95054d8ef48fe7f860d35

SHA1
43dfdb8c2d11ad6dec889928b6b3a31f0d7b7523

SHA256
f6139cb329f2a21596e64e6752c629c8fe1ed699391e7cc7d82b791519864554

SHA512
beb2c27fc4dcba411f825697f6c7493aecc1f37a9cbeb404d3cfa08287ae6381148c57976ac0e267ff50f51a542cc5658c69224d87dc85fd0e0245abf884f617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ada6bf7bf276263842a0fa19775f2d75

SHA1
3b88573ca06a66f1afb2b76f5c8eddac8f3da3ab

SHA256
a275c2e4f6d13d2f2107228dc4cddf60945e43e2a3516858297468e01fbb3e82

SHA512
63c188aa9027a3549589d88d8917725f1f927bf2b1470951003ceed77137a4d1eddaff057a0dc3de14594c3485b0d341d691631d2a268a1ccaf83d5a695e12cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0524dd40b23528ce7248ea25cf19896

SHA1
9ffb95835a98ba4d63a082e6c1f5bc9e1f9effb6

SHA256
d73b2ee568895b212f2ddb4be8dcb7f8fb2ebfd3f1a8d45c811093ce3a04651c

SHA512
fd3d232619a78f7513990c2b4de58376480fe71a06c0efbc68b4a0920fdc27a5b2836c8ac26dfc8be537370f81498836147d2d4acc067bd1ff9c8c11f75e8e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14d9c15f8af5e3de3109544de2eaf9a2

SHA1
7d345d35e1752f53bb8fbf3a49b1d20d54a0799f

SHA256
a44e3117ab67707b4761c4c149f27a558791253d82d50dff41ff363ab2adacde

SHA512
ea69f4f66b2ab21ee19d3970d0570b5b70a2df2210dfe89c5cf34929176019732208a10d78606dd384828db3a52202da599c312d0cad7b077b85b384b96cf24f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4459933f07d1daaee2cf9421cc4a5243

SHA1
256f8fe01326e49141421c3ec20f52eedcb9f5dd

SHA256
d6507794173fcb4114a95454078a530ac3c65722f62bd26f3ced7514ca1afadc

SHA512
412c31f8ff69ccffe905afac2cea8158678c07e75701627fffa8ee7c420883c9f744e9dbf5b870c72f3a500c532bb225d502b3d38d8047806ade54512d0bae7d

Download Submit