3c425595761db512c44cd181ccb860d1c677f5576e014d39c1e9c95d6cdf60e3

Analysis

max time kernel
140s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aefe7fdaa1a85a6eb6cf0e2281acade5_JaffaCakes118.html
Size

132KB
MD5

aefe7fdaa1a85a6eb6cf0e2281acade5
SHA1

3d77307c3c1319f18019c4d9e35551b6017c26b1
SHA256

3c425595761db512c44cd181ccb860d1c677f5576e014d39c1e9c95d6cdf60e3
SHA512

3f435744d547d553ba40eaeb35dffe922605a417ccda82ebb33dd539a2537444a65a302d400b9deba0d5b7638aa6bb10d04ebe9c34152eb47e4480c87fae5cc6
SSDEEP

3072:Eklcyklckklc7uG/bI+3akcGklcPEijZeqhwEijZeqLxuBN3hI4LGVtPPUX:Eklcyklckklc7uG/bI+3akcGklcPEij9

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
53	sites.google.com
89	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
944	msedge.exe
944	msedge.exe
3592	identity_helper.exe
3592	identity_helper.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 864	944	msedge.exe	84
PID 944 wrote to memory of 864	944	msedge.exe	84
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 980	944	msedge.exe	85
PID 944 wrote to memory of 1124	944	msedge.exe	86
PID 944 wrote to memory of 1124	944	msedge.exe	86
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87
PID 944 wrote to memory of 2608	944	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aefe7fdaa1a85a6eb6cf0e2281acade5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff877946f8,0x7fff87794708,0x7fff87794718
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8959144665921912271,14476153466045813557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b77e815df4d8d3a2b03568426190008d

SHA1
b7cc80076054bc047ea0825258fd66c5cc26929c

SHA256
76628c4ad88dbc47cf1ba54bd9d82a25bff11d052c2b9e4537c7fa5a2465e4f9

SHA512
cc2ebc9836b2d05b4d34b6561f2853c776c19b9df7a518a3939dc0015535ae4fba7ecfcc283b4a220c37abab7d7a46b186f4b964c207634cbce28b93fbabc483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
30f071df1a6bf3f757b1bb6f3426f53a

SHA1
13be196996257ccdda4a528d66fc956523e8e6f0

SHA256
fada2a26113a010a60843beb03dc252095bad17a877fedc098755d0e17ee5681

SHA512
5ec1a2b1a53d2db9aaddc87d0ce79448b820b0dd61539aaa30185e65fe11a7aa803609169ea5c8ae3766fc9e3fb81acadabc68669e350de3b61292609981916c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e597e7f25f4e28843f9246bf446d80c

SHA1
284523596dca1de7dbc81960f8420af198a9ddda

SHA256
9843a0590e36736190373fb0bbf20679a60f6332c26dec4fe5b41e91c2068f5d

SHA512
66bb553d1701d10a779c51947ed5148b70d02203bcea10e295dc0b9d6a92c6fa3b611d47b43a1fe593c993068e6b22efaa4d8620e0c4ecf4dbed058dee7b4ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e870009c86fe1cda06d5893e3f0836b5

SHA1
0b61188e3b2c2962f251384c4ff5c46c08fedb66

SHA256
5efdc2a6539ddd7761e80ca5b1fe65702de56c16b28105f1e9c5fbbf502412b5

SHA512
58190f02d698b91f408aa9c257de0ed16098a83fb4eb4572abd9c8ea47c8e44e43e91f7adfccea35e8d39ae0c087a8b9fb2e4e7de15539f12fc50c94e4ec7d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e280dcd0b3b378a61e2757281d99c6d9

SHA1
638771d3f0a0a7043e5878e85bd9c6f227c1eedd

SHA256
fcff5d99799f9573aeafceaf475ff703f3991834b517707eadb4ef9397de9bb7

SHA512
272b695b098f77021eccdb384acda690b3680440f6e6c06c8eb286158be1305ee1df64521a08788a7a23a8dd6803081a73c7b07112f3b4a6c9dca2fb75d27f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6ad334680dcecaa30de5f86d4f7106f4

SHA1
dc28c888e10d568564e33b936234ee3b21e8ce9e

SHA256
ddcb1adb060c04985f957c28e2636eb679d692479892da3f683faf39a1f95d53

SHA512
5c768aef2d1a8dd4a50e40e06cfb540d263e9a97b7c53ef87d31a2e0a9c011f6ddc0a9bbf3e8025b3a3f1bd5dd20d89b798f7e1d524a4454193afa42c2fe1772

Download Submit