cfe73195ceb510e984254d8b1e7c20dcc9840b5ba29c5592c6407f187e217af7

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94fa3510ff8ace1432783952b0cec6cd_JaffaCakes118.html
Size

148KB
MD5

94fa3510ff8ace1432783952b0cec6cd
SHA1

141eb3c53838e97367e59cbb8d73629b05b05f01
SHA256

cfe73195ceb510e984254d8b1e7c20dcc9840b5ba29c5592c6407f187e217af7
SHA512

63a8c096faed60829458c618f9e68f2a9b29d146d5e9588d3f450facb644126ccf968dbfcd8d9f6c3b292a903fe98eff845bae53549a84b3e8e574cab2ed1204
SSDEEP

3072:7V7pDpODg/qNc8YwUnVZ4JJFNqt369nhKImSfOAxanBMCifNRj:7V7pDZ1AJFNqJMhKI7fr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
552	msedge.exe
552	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 4884	552	msedge.exe	82
PID 552 wrote to memory of 4884	552	msedge.exe	82
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4308	552	msedge.exe	83
PID 552 wrote to memory of 4544	552	msedge.exe	84
PID 552 wrote to memory of 4544	552	msedge.exe	84
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85
PID 552 wrote to memory of 4820	552	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\94fa3510ff8ace1432783952b0cec6cd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff927b146f8,0x7ff927b14708,0x7ff927b14718
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11046846808909404980,14897846124861061731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
3d1ea4703ad9a2bf2f10c5cc7672fbc9

SHA1
101c43f7d2b9a6ac89e53db0bfbeb073b6c18b2d

SHA256
17e4dd87dde67556338d1174fc0f540a00d7d752a951d64e8f3142a7d12625df

SHA512
91b3bf90e39839d88ead2c87c2b730ec0ad1eb5574f5a1e11cb972c3e4a5831b0bff11d5d019c7c4b31aecd1e063e19d91dcb5fb5bfefe2ff258b296e99aaf8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
32f4f06356b53df3cc9054fb0b70495f

SHA1
b78b1ab647cccde20b232cef50a94fd0687a67d5

SHA256
b0c7ce5d7a268268eb805a91a204ebda3ffa31318c3e6b716bde23551266d399

SHA512
01b232aab11fb4d3ab3bf8cbc9e9a07c6d7ba678373f74f9d15bc10b928a2e85e15f9896a05ae5b4214b1df4b230e2867acdab539926f25b12fdb2d1279af4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b36d5adef5b0e992668b57fc5aa6ae50

SHA1
4ecb32c9574162c943d4274c2c93a27b7122cfda

SHA256
ca78591bed20faabeea482458329c5b78ddfd668e879d5bbf7b16ba5d225d64a

SHA512
20312a85f5c0eb6295dcb84bc0eec94fc5abf993eacd789276d88f4beac789dd8afcf86fa21e6e579ac1fc3102c2542ff91badadc6ee6a90923de297b4bc5ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21b2b24e9b6a5830c76466579bfd440f

SHA1
6d8808c67c3f06e03f41c93acdc38ff7570d41c2

SHA256
5899e36f9ad32d15ad179d2fd390be3c5c0538a91e0ca33a809f20f37d22eeda

SHA512
9e57a09251b35f0097bc37776d0d5246c1dac4d8a4f3810bee32dc5daf61266841b657f86f8a22292792f58df8092b67594c7903ad34d76292dc78964832a3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
385e201e7fdfaa3257fc28b885044bbb

SHA1
205ab6ba6e98d3c6cd0e5b7a61e10574c134e5b9

SHA256
89fd338d95e300d5ce99a08b97f3ad191ba11c8394b67a5e2cde4ae15be32779

SHA512
e17ec3362223a45603792fade8cae0ab99c2a4087dd6ea66bb7b523b9b4d7f18c1fe6afbce0c39c2351982d3b4fdde9ecd846da4f5be5a45c14c33bed5cdc954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d2bc3eba5645aa5637cfc436bceab9b

SHA1
818501d348833b5ecc97e0b36614e81e9f6a1fc6

SHA256
053f1d8e33fc6ba124a1302e2f6fc1a8eb606003dccf5e965e6d736664ace2d6

SHA512
64ccaba9d2dae9f6b869b863e073ec93ce85d1954d3c050f9136cc67fb3c19252c19f86321b7cb99dbdfe70abddede1bf3af8e5747a6cadda44ab8ad17a61676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7c9b56b7f58c2195a20e4b2c8a6af81

SHA1
e5e63f8c181451917717912675f905b134d0e85a

SHA256
a2460d97519395d235c17126416df2772ba6404d8316409738996df916719282

SHA512
34cf3b00016206c6898e702c4b1f9209352edd17cdd65ca9b83f62adccaf8978963750cbb129a294041b8ebc66e73bb9d719b0d21642ed2cb63f39f132b79a20

Download Submit