1e4a495aa4632f79e1a4068ee254894afb2f1def1d91c1e5f504041a8c96f91b

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f36c083c181602ef773c86addd4ea81_JaffaCakes118.html
Size

64KB
MD5

3f36c083c181602ef773c86addd4ea81
SHA1

ba111f3ca7abc3e1c5e74611f8dc4c336d7c97d0
SHA256

1e4a495aa4632f79e1a4068ee254894afb2f1def1d91c1e5f504041a8c96f91b
SHA512

8a1541f92f4ee19e1b5aca25a6992bce8497a585c69369d080a7a4fe02957ec915541658cfb0ae044d8a3d35dce0b13cc7ff6ebc7d9efcee90537f7f47533390
SSDEEP

1536:oRj/DUEu/IMIP2qwQ9hiH2w227ftiHPOGO/OChIx96tbtZM8WjBFElcXJsijJ6h+:ox/DUESRIjwQ9hiH2w22hiHgphwPlSB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
4900	msedge.exe
4900	msedge.exe
1632	identity_helper.exe
1632	identity_helper.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 1064	4900	msedge.exe	83
PID 4900 wrote to memory of 1064	4900	msedge.exe	83
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3104	4900	msedge.exe	84
PID 4900 wrote to memory of 3056	4900	msedge.exe	85
PID 4900 wrote to memory of 3056	4900	msedge.exe	85
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86
PID 4900 wrote to memory of 2316	4900	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f36c083c181602ef773c86addd4ea81_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdcb646f8,0x7ffbdcb64708,0x7ffbdcb64718
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15815454540341479239,11682795309124101890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5472 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
b77795f11b81be0ada7ce7092baa1611

SHA1
70c659f76cc1889d839f2efb0666bcec5ab60992

SHA256
e568e60f3426e7e1d73c13a1f87c83c5244a61b83d4a72fe95156371af056125

SHA512
38a40343594150fe3283cec1fb0d7dfa240762b8f1b6bb06a163c86076d32d10f13a17c5bc6a96f746fd2fc699cfa0c04e9356037bd5e4a291f9b1c46c9dc654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
554B

MD5
e1a1184ed208cb51815e17d1fa38d2db

SHA1
4e7149939e725b950bb22191346b1f764934d735

SHA256
dd40a92a4f252c9dc2d4167863329d69edf1ff2d0e593ff7d11c14d54c4e6427

SHA512
8bf8b58b66ec4f9085dc537574c5358daa5ce3b69088796ce427c9ef1e786f55d1e7689d33b4d770308c9838942144d98eca46e1c5b9462a08b2dc12a9f259a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7619c62b28051094315ec22afbe22db5

SHA1
1aed784df08dcea18e6b7db0021056d2cbabc0d3

SHA256
e338d1f6cf208f7465fca39cdef4a2491d263915a6ad2556acf5e7de8bd0aebe

SHA512
5c8292a0916e434ac8b26e4138a39b2926041be429cabc400f38cbaf316df1babb06df20ec2f0380994ea3f2a4d3997be355abcd0b63666964f89a906c115ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69993976d66c11d6fb45d00c444fe7ab

SHA1
e7fffec55e2241bf09ac53360a179594e8dc2d28

SHA256
d9286312416dca250d84eadfdb77dd2c334bb0ad14f24a5ad83f89228725de80

SHA512
4dc04a3b7e4df09859893242b4a7da339d9366474408f03cd161459b1270b956a03f3542afcc0cdc38fa655e8782888148e90c91408c55fb87403416af8a96a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57f3508084d0887e91fa494cfb152d9b

SHA1
d360c62cc6c1f18d8b679aa07593c08b9a3c34df

SHA256
3302b466e8e532dd90b24267d05022c194cffaa4b67326e6ff183a296828f5ef

SHA512
0fc66b4bef1d48580f7ea88d4eb2d8be366c931cb27df113a8ddada2ba6f7ff5538cd78fc18ec867a7dd7904cc99476208d1f8f73490674e2936fbb05e008934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
a490a9d4311eb7fb4eea401917e4982f

SHA1
a681dbc3e771da55ef422483d7b126e23d454c63

SHA256
92cdab3995ce0db979b9ed0afd174c6ebc70f69542c74d6e5e352f460d550b30

SHA512
39bd6d4ae0a0fdd686ce6eb4626de4b2d93417473972ea34a8c4713e615ba02253678a8e998b58893db2e35c4ff3d100e28a99b52f4d9b4f2aa567c9e40ef0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c07c.TMP

Filesize
371B

MD5
24cd7a3b637c3c7dc51c63c7f0bbae95

SHA1
f87cfa9caea60241967c555986edb479bf5c10de

SHA256
97deee12358f92a0687e88f7b0aa87ff6921b32e031ce23fb029d0a943379328

SHA512
21bb25368dbe3c7e0d941000fd5d3331bf6358e31609345f21d7712fa061986c685620d6b0d8fe5dc028c4520bc007309327f56581d11c5482e84d175d4ef436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ec11d2521332b0086f5c526eccc9f99

SHA1
c613023e0455418a3356cfce39467bc7ff628287

SHA256
97cac1808dc9fb719b622e0c00adb5b251a2ae46baed3dbcb0126f227b4fedc3

SHA512
62402d7f5bd8dc10667acbbfee29861615d56f8a1707cad34abe8d6971000bb05cc348b429969c8d27712af0f07ef4ab4e220b0150203ac4d44c130cdf0f241c

Download Submit