24a0145a21944ea90af1699b303ec928ee240e1169cbcbf37e62bfde1c917f8a

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cf75c44db6e3e9c6f3c229f0e15a289_JaffaCakes118.html
Size

652KB
MD5

7cf75c44db6e3e9c6f3c229f0e15a289
SHA1

e21a40dda8be3c866845f3cb29d0160958d14b68
SHA256

24a0145a21944ea90af1699b303ec928ee240e1169cbcbf37e62bfde1c917f8a
SHA512

ecca8b47debe56408e9811a2ee396c7335834fa9b05b9245745cdd81083a1442fef7f0574ac5b35b0e776a9663d5ce7e747ab3e34178093724c752ae4c97af1f
SSDEEP

6144:Pto6sq98d5AqZp4NW34iyUWjYTR5MsroB8Ob7H5vNz7lAGDIaVsQ/PewvpRBzU0V:Pyf4NWbWjYyppNqGbvDph

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
471	sites.google.com
472	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
2248	msedge.exe
2248	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 4744	2248	msedge.exe	83
PID 2248 wrote to memory of 4744	2248	msedge.exe	83
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4152	2248	msedge.exe	86
PID 2248 wrote to memory of 4156	2248	msedge.exe	87
PID 2248 wrote to memory of 4156	2248	msedge.exe	87
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88
PID 2248 wrote to memory of 2408	2248	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7cf75c44db6e3e9c6f3c229f0e15a289_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa439e46f8,0x7ffa439e4708,0x7ffa439e4718
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14856174857109930080,13510075314748994304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
5113d795eddbcc0061e6ad8897246899

SHA1
1a49fa8e7c2d43a389efc6be9b339455af6b4479

SHA256
c6c0bab1f042f0f0b190c02e6785452f39b0bc6a2c068a91ae69a53056b7521f

SHA512
2b63429cfaf10f179c164f96ed5c58d33052f7efb55a3a68c97f585b334ab2431d828ab0bb328089ce498068974cfae8230c8913822092b69e11b2fddc2e49de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
327df7a9034401f3c086e2c89fc0c66b

SHA1
dd28a7044be9925a085e364595ca5bbd4daee709

SHA256
3968e8a7123b65b1264f79b51dfd36abc77f9681ec5dc8b72f98c8775e4d7649

SHA512
d72342465a4e0ad62adf50907f64524c1ffa16dd2e31475b532f924b377bf59796b9f11aa004811cb8410541de1130889f4e6dc181b7fc289d056a88309a6358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
92cc9ba25aa41f0ef04977d825e4a92d

SHA1
be9c6880d444fcdc5e9e8f3ac34d4ea83eead98e

SHA256
ba38da6376adf05eb878d1d6276074a0a5f35c6ee59d9628335d6d55016661fe

SHA512
36ace975a3579b27395e2955abada7e6d1f366cf729d6d7e0287190392e0c946211bfbc8c4442efa143ebd4af8252162669b6513b4abdb9b5563f63c3a59d21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d813555254379a46ad565f2066df0e0

SHA1
378ed749d5ba8478819ca20d7f4a3ab65d063c9d

SHA256
0a7f492f495431517011f653181313d51a120252b93d4988ac1b915e12d573f1

SHA512
d8b1c04232a61d69cfbc63f8c84d5dec1405e92df89bf4c1f945e0f4d02ae9d1434e4903111d49cdf475724577367c907fadb59072f85870f7cf80eb933701f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
681b8beeb825f62b6e84bffee8fd33ba

SHA1
d06feef01cb31311243bf2e7eed687f8068fb3cd

SHA256
8fce3134b9c0b8042f301d13b102616faebb518ba34b30126db87836aa4d71b8

SHA512
c728fc479fc38cc4e2339bd240bb898fd6c4b46e8841bf58ca2bdbcd67abf792fe863600cc607774986dd2d14e77dbe9b07a0d6b762b2ae2334a5df042a5930f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
599c9d115fb167abeed360b0cfa8c6f8

SHA1
59014f29d35d4e9a8053c92e570edbd6185823d5

SHA256
a0ff80594f17481aa13c237cf0d65968991f90f2599499e5e4e3a952eec67627

SHA512
de79a6190548c0cda2cc9de8c15362818b5ca84173f63267a7dfad25c553fdfacfea2d96d2e65c8e42822d012de4a36eac3ebea006044180bb56176e07c1c9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
07c87c88c044ab5ad1a944bca0eaa507

SHA1
ae49b0ac2ab9eb3fe9cd015514401447b0e736f7

SHA256
cce2f415edc30c4ec66942a1a99799a88eb318dbd53750d8f6bc3d6c5d022289

SHA512
bbfd10a0141e71ea987a768cac0f107cdc2e4b092c08ed4864f9072a9071914059298d2bad1d25513805490d4ae8f6353e94a9af5e1ae9db6caadba76f21ce3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579182.TMP

Filesize
1KB

MD5
efabdb8c3d576ae9591e3f0659025534

SHA1
c04d6581d885dee65ca21c4440e576713dbeb817

SHA256
303d6541fee018b204dd646fb558c416aa7e5c62c24d82b63d9fce3dc8ebe09c

SHA512
5a7754ed058dedd4673e68815ca2b1c9f602a909473c0e198d59b259e2aa5ea7efe02c34b7326d920cab095642e98b00a8a98f608949c4ed837fd152fe489bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a9b9b2ad5df65ddf4f04e627d88bba6

SHA1
1eedcda59772e0a35cc4f71d3c0cdc9a544606d9

SHA256
ae4be2bd02e0b008fc78b61c6015037811e27c881ca90808ea996e3bd528b39c

SHA512
28455f051db3247bab64c439408e9f666e6a928ff84929bd13900333d64912145e4c69f17daf5fa2033cfb30481db0b9ba99bae963ffd68bb5dc396f314e424b

Download Submit