1d94b715d99668cdc672bc07ceb735d15bf0b1d54f80c1db0603d0cf250a5aab

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3040d58714e7e174855b13557d1bcd1_JaffaCakes118.html
Size

241KB
MD5

a3040d58714e7e174855b13557d1bcd1
SHA1

7f13864202ee5627b2a69fa2ef2787e2029540fc
SHA256

1d94b715d99668cdc672bc07ceb735d15bf0b1d54f80c1db0603d0cf250a5aab
SHA512

96172ff126890da4802074369fc074f8256a51bbec40fd4d60504bd8e24b3b42348455f44643ee9405455ca93d0b2a1cdf5e8e8f9b7c418ec31cef1e58b023e1
SSDEEP

768:4WLwCFy2dPuPh4VBJX16f7DmrydKUvqr8JfUBq9uI4+PyT7CbMH9N5NK98kAavj/:VLw4PsMa9yEK25ImP140lZGPbA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
832	msedge.exe
832	msedge.exe
1812	identity_helper.exe
1812	identity_helper.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 624	832	msedge.exe	82
PID 832 wrote to memory of 624	832	msedge.exe	82
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 3604	832	msedge.exe	83
PID 832 wrote to memory of 1576	832	msedge.exe	84
PID 832 wrote to memory of 1576	832	msedge.exe	84
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85
PID 832 wrote to memory of 1632	832	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3040d58714e7e174855b13557d1bcd1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbab846f8,0x7ffcbab84708,0x7ffcbab84718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7025901303812584739,1929774412177436644,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eca0a9972df278a297f7ed441c656410

SHA1
87c7fcf862942d15c9d6a7189d5763e7418f1a8a

SHA256
8fe1f718c44a5b2f371f0f08542f46da29ea7608de74ffa5b7b6342cc52f69d0

SHA512
fcbf5163c38976b379011a74de9f99383a972fd7c1009cb2461c6109bfaa8de6bb180e31b18948b66ec5f06d89f2d4275318115cb184ffa24fd34d82bd567678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ea0f8409df04aec5f5c6560455a1639c

SHA1
f47a1bc92d5fe179bc737f77ae154624e1de08e7

SHA256
502eb28cc585d843660ee02d58e8f98a68e11b2cd8a660695322f09f1bb10ca0

SHA512
7e5f8aeaa75364b32c3ab16520cb91666fd816f5e2f478568e5a14fc7533095c240514f78a1f05b3854e8c98b372bbac7d343a81d3ced0ae4d8f8410fec32ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
660a29235858d1db486d251c644c183e

SHA1
39bd1673724943fe32f64e9c21e86f0fee3cc3f2

SHA256
d46533f2b3edf52e54260b4c9f43f69a5d98cfb9a45000ffd2da595946f1d729

SHA512
d472897dced5dece93cda4a9aeb4ccef0b7b497f4fc5328c231c8e202adea06f5be2f09045da4e24336ec0cf690298bdf498c77d27f294db869c0bbfa17e771a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba993e541227fbcdaceaa034d1654ac3

SHA1
9a85eb466d67607228ae20b1eb2295029d9e9964

SHA256
f6f3cca063107bdd61874eecd61c09bbe24c399fc20b731f046a3fbb24a6e06c

SHA512
b2bd57be75e983f5adc584c39b6a69b52cba129f6c36bffc07688b4eecfe65b0ba6ee042bea5f3434cb6cce6a7b3ecb1040b12dd7f3150e97648e9f4d2310b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e470b3ba4f157d2e284c63c0d340899

SHA1
e93f911a56c477fb00bb42836e8f6631bc16b73f

SHA256
31a906b29082b97d5a9dc0bf185880e1ff6df8eb97c01dc7776be53f074e8bdd

SHA512
6ad9fc10fdbfe3a062cd3bc6360d4a51aa49e681a0953696ddb46590db367da540a9c8f519331b7c9c8d8ed74c432ca3afb61494ac2f4968ce1e7d2bf0ade3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
228f2afa804913f138fe42d80f375756

SHA1
3f58b20fed9a5bf8d96246db436f7f1ecbb371a9

SHA256
de4bfa71404e5d897ecef3f12dc3d98c4265e590054136a3f23441ef7b39bbd4

SHA512
78a74af8ecc6550524a81c32f4412be31436878c3c150c5a7d50aae8590358c48c780731edb3c13c8731904dca718174e996792135605dbc7a411bbdefa75347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
744962acb7f43f7f784a4abd3725cd8f

SHA1
0b3ed2e7f2056d83c97364a7617207ae7bff83e7

SHA256
680be6c55f4a35764403cfa4dc778822b9d54a96ae8efa30b5429e8c4c2fe1dc

SHA512
bfc399f2743bb48f85f347f988cbfc482087ff412a2721c7ba1c83e3faf3038ebbaa1ee4fa2fe56ba9f4681e6c32c67d3d5f03383d31bbb2d84e3d1d6d0668bb

Download Submit