095bc05702b611f92dad7870e4b9ab7d0a2cdeaec9150cb4f3ad9f3675b1c5f0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6218c7931d86ceaf3673ad3261630ca7_JaffaCakes118.html
Size

64KB
MD5

6218c7931d86ceaf3673ad3261630ca7
SHA1

637c56b65a2112f2f5053a6ad71972353c621f18
SHA256

095bc05702b611f92dad7870e4b9ab7d0a2cdeaec9150cb4f3ad9f3675b1c5f0
SHA512

f713c9bfaee9fe0929627e835e27508ffff2e97b03c4c85d85d601fdcb2225d767dc80661d58276374ff3863950eb02965e3d5daf34d77bf0d1a19f31b52251a
SSDEEP

1536:oRU/DePu/0MIP2qwQ9qw2wOGO/OVhIx96tbtmM8CjmFElcXJsijJ6hwCfwlSB58r:oy/DePS9IjwQ9qw2mzhwdlSB58fl3zu8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
2452	msedge.exe
2452	msedge.exe
3492	identity_helper.exe
3492	identity_helper.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 5032	2452	msedge.exe	83
PID 2452 wrote to memory of 5032	2452	msedge.exe	83
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 3192	2452	msedge.exe	84
PID 2452 wrote to memory of 928	2452	msedge.exe	85
PID 2452 wrote to memory of 928	2452	msedge.exe	85
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86
PID 2452 wrote to memory of 3464	2452	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6218c7931d86ceaf3673ad3261630ca7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa7cf46f8,0x7fffa7cf4708,0x7fffa7cf4718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1384 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12325771091666180244,15751117423517199002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
41595224328720bea7de29578b1adc09

SHA1
0424562b17398bfb389f8dc67d74567433ec0611

SHA256
47ef64701f4eae381118ecb1e96eaa8a776f03f8864602c6823f7417a5a1e85d

SHA512
4f6f8fac9bddae89e533ba1a934bbb47c81ba88ec2191e896737e6b3cf1b7a48f48339c114e595d124825f2124dcec2d1f1a186f51f87ff4ed5cfeb3b1d4fc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
484B

MD5
0e5e3bdb8bac505a9b635586da80d188

SHA1
89c0ceacbf854649fcf159de934a1bc56cae0854

SHA256
a589a8f7a3d7dd3887e364767bb798ca1e98874b43da0774fdb2a1bb0bf9ad98

SHA512
3959256505148eb9b2eef5b0e05d28048d44122f5728bd66fc2dc058f88349c12fb1214bdaa2d7e8659196539bc426a054b025e896ef2ed4594a3777fcdd39c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cddeb531ce3dafe957cfa09eebbb839a

SHA1
4ab293981d1b1ff2490b4367fbef131b570aaf56

SHA256
45382d4b64010f80095fbe753124f57161049daa9743c5694a8dc05aa87bfd16

SHA512
24ca1e8c3885bd6a125d3717eacf1e623952c8bf252c0acff67583b1155e1188fd735a65cd6906270f9ed0168f6a3014cbfb5afe3b2f761f00447f3d9d85089a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6cd64b6fc2d8399f16c92978c1d2bae7

SHA1
7552c2f2fe80bea977aa54c15ec6e9593d437ed9

SHA256
4ed34bf481213710c90e0a4215b712cb1455d098d5676b6d30a9597ad7bd5e18

SHA512
2d6c9cd3572d74f492d1c47436a0a5b2b66b67c9ed5b6a078983cac644558120c7a14bb03dea3fc2f69969aa782b4a4bf01d74750b4165f03ad19c377ea66c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e535a080f86e4d03a236b65dd10090c

SHA1
7cc68753dba0bf522f335cd39a0ad67d0a054c2f

SHA256
030d9257c105aab2104b3a8b02fb65ab7c0f5e8d457ea238a05a95bebfc894a7

SHA512
28a92959747b6260bdbb6e82f8220c63131543f4441c1303c59558bfb5a33b89746108753e86838ba7605f830bde8b192203d08d95d4d37fc510590ab2d1dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
e828cf981c0d0d07efcd7787a7b78fa4

SHA1
ad6a348ba59c4a5ad0086aa821ec61248fbaf666

SHA256
7c5a8582ea8b6cfd76df58e709ecfd395ad2365d0d0f3bf15f199111361f588f

SHA512
4c5024388d2c975be694088fe46d88707f2c938d76992bafedcfcd796818fb11fd52a8a99c5280a9dbcd3509e01377d186469b89aad1b767aa05effb9e142366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58db38.TMP

Filesize
204B

MD5
91449c497254b9643a9ae05f4d5b9ffe

SHA1
7a065c84a23293a3e1dfb19f2266611fa8aeba96

SHA256
24699f6d51b7069f3f34f874235cc11979d3bf57fb205c60096b2ec79dfc7d0b

SHA512
b6aac085b6d852300e6d3b209fb71a2fb82f5fa75a24c1cf85b43e72d91ab3d0b5ec850fef595389c1a1e83118070b47c5ceddbe53fdcf6be49e5cb35cd18c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3f3131e9c85c17a2f39980227b116afd

SHA1
aa31067ebb4c131b661fb1937b77cb1056c89e45

SHA256
940b5acd649efb7e20205ad770cbf447b2c22d409d9bb5a47d43ddd9f0cfccc9

SHA512
2ef53b2e17446125bdc6f9bf6d7af8ca119a1239343c71595e3ff8bb8b93630aae61957a2280e20b13bd0e720145ee0d6b503a63a954a44633498af9e20a1c90

Download Submit