d07ac21a9f796b15a301805af6c4fdea2af36cb54417e282fc3b4518f924bb63

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cc275d62ae2c7e559cce0642b3df1fe_JaffaCakes118.html
Size

69KB
MD5

7cc275d62ae2c7e559cce0642b3df1fe
SHA1

cf687f1f4c2d3c0073722c2d3a49b3c5af44b912
SHA256

d07ac21a9f796b15a301805af6c4fdea2af36cb54417e282fc3b4518f924bb63
SHA512

f87b72462975d6662b09b7a7bd1e3cb86f4d910315f5fc498676c1b097878f0baa617b6758edccfd3a9c0c8c13cc3bced111ea0e323727d36e34551d2ff99f9b
SSDEEP

1536:Se1gDUjmED4sPvsSdGPnQcd9t9cqRAILFnmoxKXnS:Se1gDUjmED4sPvsSdynQcsq3moxKXnS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
1128	msedge.exe
1128	msedge.exe
3840	identity_helper.exe
3840	identity_helper.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 4484	1128	msedge.exe	83
PID 1128 wrote to memory of 4484	1128	msedge.exe	83
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 3116	1128	msedge.exe	84
PID 1128 wrote to memory of 1160	1128	msedge.exe	85
PID 1128 wrote to memory of 1160	1128	msedge.exe	85
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86
PID 1128 wrote to memory of 2148	1128	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7cc275d62ae2c7e559cce0642b3df1fe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8451f46f8,0x7ff8451f4708,0x7ff8451f4718
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4950138312284445075,173936819531284418,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\848c979b-5cca-4bb9-99bf-64d3ed5ecfff.tmp

Filesize
5KB

MD5
5d0a599677cfbd8d9c16c3f589652925

SHA1
72f0c39f7d6ef42c958d9fa12efbf16fbe4425dc

SHA256
fba031c1d0433b9f77d09c4d6965e5f48d0737659215ff58a7049506a0e329f0

SHA512
4aeb33f1c2ea75c2f0c3c3b913bee06cf13bb550287cb051d5bb7574ef3983eb1cc46fc89dff0fe3a081c3729821935853720f44fde54f2471c74ed0b723ed67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
253B

MD5
de2c14cc968828867b3a20a03cc92ad5

SHA1
464328e6fe51840cfdeb1e0951458dda162d180e

SHA256
a70713dc5f12026c066fb5141410986fe590a55c9845665b4d685cbd77f69f7e

SHA512
a8fcaf189ebf6c0cd51585fa2cb7536783ccc91053f22dbe33b807abe897a0107d9221a964b519d0b24bbf31c6e1a189aaf8ecfffd47f32cd2e9ac080ac3b80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f89280cd5139e07b4a78ac39b5028a4c

SHA1
aa7b38b641fb8bef4e52ef39965d8fc3a25d7e41

SHA256
28a80b2d3019ec373890d9d02110a8d5fcbe2d56831de15937be24e9b2a8b5d9

SHA512
acc5364ccf6a0ed50dd7c34a61371a664311f63d020b76236cbcef73533ab4ffc5a26223d382f5c3412f2d3bf1e73419e7cf2e182c067db365b1954930b9e200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd960ba04e9eebcd28ff97d61c9a8bf7

SHA1
88e04b06a7feb6a83e719dbcb7297bafdde41ce4

SHA256
5c4d5cd7c27a8ba1fccdd07fe614cdd482bcb1e4e7a2b2c0a4f10e69f4e556c9

SHA512
2e306f8f6bace4ede2cfe17cdbdae32b3be7cdd2aee1d79292e038eaa2720027a4b1746d7dabdd5372b8a3bcf183f010ea26cab93561efc1e12eefeff91a3593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a869b51ac067950bdd4eacd14520b042

SHA1
23aa695e14a7126a34064d231b48041c067f640d

SHA256
a5d779db7ee736b6d102e0c7854824c89b751cf7d8aa865eb28b435a2e8c9215

SHA512
13c7bbeaefa5955b0080a33ecb1f3746ff2fc78f7c873026f160945a4cb0251dc2a4f7817c0224cbfed60def2be23b80951b103038c229e3b5c59357ca78f44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d0940253c52e5e0e2d7a041cfb5ba851

SHA1
190539f3656a0a459631414fd53b9a6e3a198aec

SHA256
8d437c0771c500edf2e0477302e227db8fb578be8c6dd9333ed5d4df3edf3654

SHA512
8386da648d10c9ba28239ef50a26c0cebab082c2cc52859cff32d08020c69a9be7bd23cb21daa1909e519b09d463da65d29ced7bed79945bb165341cf02dfccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
320093fc121c6156ae64ad1bb6b2f5ae

SHA1
a28e2835019b5377681957df587e5a0abb888647

SHA256
acadae3fd20fde11aae8b3146bdccda5dc868808ba0fecc9c90e0525429bf21f

SHA512
6fc2419a1ff2be02556093a1f9821ba58edb75ab0a83ac07441e97046612752d24abf293e71968bcf077bd368011b22d2572c3e4772c2bc4f7381670d9422b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a9a.TMP

Filesize
201B

MD5
ae02e114dc5a2a0d765cbf835c2e800d

SHA1
f808a2aef51041b2b11eceae892b81fcb74d1729

SHA256
17efd498be708fd0f4b9111869a01084eaf2d38fa5b3bb19dae204eccf84982d

SHA512
5b9a4be4fef09f2aa569e2462eff704e367adef0351e67e2b7f1492a4d546c2b5dbc75bf3ce2fe0a790f4fa9a3e1385b37703e22501be202c9e394918f598232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f46e6381d0240920a64f9d91a2949af5

SHA1
67ce09ef4d025e29918b5bfa6f21f12eaa3332c3

SHA256
8d064d73d3935f98009b13857adf0c92163b75331f2c7a738129e42da08bf47a

SHA512
5c3512dd2b615efc880c0ef1c2355f313c2d2e833c73fdda1228c1d61e409f3fba0a862b7993df28a11f955e27aa4676bef93d46119816bc5d889dfae8889c77

Download Submit