3e2d9aed4126ba2ab3cf0d6df4e37434f462cc5b5c399ade683d0586b60aa772

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 09:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2fbebaddacc8fd3e7d2ae4128f3a8c2a_JaffaCakes118.html
Size

93KB
MD5

2fbebaddacc8fd3e7d2ae4128f3a8c2a
SHA1

50d6f66d7abd93a03aba856849f42bb99709a31a
SHA256

3e2d9aed4126ba2ab3cf0d6df4e37434f462cc5b5c399ade683d0586b60aa772
SHA512

1a600928ed45500440b28ca6c4f7318b1cb3458a2cbb8913e31f5750ef00af0384763c53437738e0329603eda0b973f245bd0a23524f379ebfaeaecf95ef293e
SSDEEP

1536:ZhXl6eNGgqpSD0F2RSHlZGMV9rGZt0acP6pT/DtI9RhCgnvJ/eDEJLG91W3U+3aG:jLQ2RSFbVYZ+UT7mJLT3d3awKq

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
27	sites.google.com
37	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
3460	msedge.exe
3460	msedge.exe
4204	identity_helper.exe
4204	identity_helper.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 3136	3460	msedge.exe	82
PID 3460 wrote to memory of 3136	3460	msedge.exe	82
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 2496	3460	msedge.exe	83
PID 3460 wrote to memory of 4504	3460	msedge.exe	84
PID 3460 wrote to memory of 4504	3460	msedge.exe	84
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85
PID 3460 wrote to memory of 4368	3460	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fbebaddacc8fd3e7d2ae4128f3a8c2a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8d7e46f8,0x7ffe8d7e4708,0x7ffe8d7e4718
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6967116139985018229,3070577201814298702,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eae82b187e6afce5b392b0a4731e123c

SHA1
d152d6a143b3761857b907cb2fed9f4c5a933c5b

SHA256
ac2c6e481f881b053640fc96f8487eb9bc338e84e5ae0ab304d4f69b98ed36dd

SHA512
389c63a2685170452f2c8bd56167e2cbd2debb1ba4e4bc0fb5aaa6e843a5d67fc6bd726c39eed9b3c142cc5d667229e2ee02c6b21db822ea2ed14849630a8b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b16d903d22f8426b84de964b957bba90

SHA1
3f50ed739993ba4d146e5c96f95ec690d73501ac

SHA256
835956232d4f6f5f14eee67b7545d51cabc16d28fb75a2c1cfab4bf97c937233

SHA512
6fccac085c2cf98ce2e596535eb45c57e3e000a221c81e7a86e2b228d5bb6343bfadc7f978f213fce5d368624c6c671eb931bd30221ce16f505295166cecebca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7f963d17b71ca6d336d07af2d50f616

SHA1
cbce874f7c3badf6f622016dd740a6a8f2850e3e

SHA256
145db25b627a61f534658d17517ad4a108b30a7f01115df5cbe262b5599fb453

SHA512
8b7e1ea2ebe43c713fa27331350ebc7546597a7380539d7797ff844568f648e113ab7eed3b297b70e5d5942b040ed28ff0c257e291ad25251cb2ed5b103e9852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
015be6da21eb90b1a0f9ebb2b59c8aa5

SHA1
9fd1f610cb4f032131c7a6d80ce77b20f573a7e7

SHA256
68f74f60461a95c240c52fcbf430e7037770f365557ee40baa6943dac4f48f00

SHA512
aeb02e8cdadbb49fe2b43e21082de7aa1597fcf0e285e848812c531157954666c829fcd7c399a787bb1ecd17d0bd22c54f57d546b820e39764d1c5faaace48d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee6eb5572f2e48763a89de5676a4fd7f

SHA1
0687b86d62bfc34cc87a718e045822f5111ca201

SHA256
9d18b8dbc4a8a7882eaf5e757748f6cd1aa129d5e374aaf9d520e045edf9cb3d

SHA512
b6b365cd784ff6da73060ce950375af7fe9b175bb626d0512f749f6feb72f0ebe4260931b575fbfa5750ffcf2871987d85e0eb73b741cac44a9456a7f43ffa14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab73249bdc9eb2e1596df054bb635baf

SHA1
995d59b647a724725709150f907c79753868c709

SHA256
87e0970c0eec449c6012e88fa7359d673be8c9dbbaa56988aa83598922c2b2b3

SHA512
6af63435f4923d2bcbc0a34fd7d5b3a6e4661629e0192f48f117f436c10112dd80e2b13f4d495b91963636c75917a4ca36645facb8fbe1ff4b70227b72e76d27

Download Submit