d314af2a8b91aa9fae8a41d5384cceac318a6920854cd677595b41d43ecaea7f

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69b980869de0dcbfcaff3591dbada923_JaffaCakes118.html
Size

15KB
MD5

69b980869de0dcbfcaff3591dbada923
SHA1

05cea33fc2856273bff76435d73223b9b251515b
SHA256

d314af2a8b91aa9fae8a41d5384cceac318a6920854cd677595b41d43ecaea7f
SHA512

6de9e73104623aab3afb18db534bafbaf2b633d4ee1bb8377a7f4738456734493d786a20100eb69bdf6adb356c479c7f44afc8127b2328f49f67c8c29bca177b
SSDEEP

384:rJKIcPWHIzvDJSCIa619QajkgteRwpPJgz2V:5ceozvDcCIa6HQ+YWsQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
1676	msedge.exe
1676	msedge.exe
4052	identity_helper.exe
4052	identity_helper.exe
6108	msedge.exe
6108	msedge.exe
6108	msedge.exe
6108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 4964	1676	msedge.exe	84
PID 1676 wrote to memory of 4964	1676	msedge.exe	84
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1684	1676	msedge.exe	85
PID 1676 wrote to memory of 1060	1676	msedge.exe	86
PID 1676 wrote to memory of 1060	1676	msedge.exe	86
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87
PID 1676 wrote to memory of 3528	1676	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69b980869de0dcbfcaff3591dbada923_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff952d746f8,0x7ff952d74708,0x7ff952d74718
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18183178380915501818,5514850267845281391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
312B

MD5
123a3f68e547f92f45969f4b70e494c2

SHA1
8c5ab2dbd3f1e285a9d6f0841d2cad737fe48845

SHA256
542fb39e8a73e9970d4d582a468df6a1ba1a74f9a75b21e75af7140001c622dd

SHA512
0e681463bdfebbf81aa8cd41c39391c463cc3bfb4287671eaec04eeae20b917c759984d5da2817abf399d38f21ddcd5666c60fa8bb9ca7d4a19cbdd8278b16a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71e1458a8436cc3c5d1543536647ae49

SHA1
9cda4f1213051b5159d7c63493a569ff289dda86

SHA256
d1a11a814ec03919e1a27199ed5a69013a70b6ddf039400e22364ecf61d2d913

SHA512
82de4e176b83d46bd0fb4716ecc01b21fc77926888665ecc9c0fdfae31cf0a8545c8da8cddf57f855d7439f4be13d9f26f319c6fb91e0ed8d9c39ab0201e3ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
34f57868a8ccfaeaddca26e4edc241b3

SHA1
14d225880d381e35d33cef822ac164fc11fc2eb0

SHA256
98b7c67f2b50a6846ab865f288f58e07f2bcc42708a18a436b44fc60d8e94aed

SHA512
33671121a22387331e8759f1d62fc98529bd081806f50abeedcba36bcf127b4572292c0e1a256a5736a835c5b4da5bc9feb526e4e0d5e40cece18b045b88f1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65156aabf17a260faf496c33d8fa3c0e

SHA1
b4841e33b29379b2125ae732c97846e994e55730

SHA256
174b91fca3a64ce5436d7be7b72645c7306c554cbeccc3103f8ee6d6890d17e9

SHA512
5d114894822c0c1bb9d3a708259b3f1d7b5505b8efa45969bad3569e1f64f049432d66bf403e07bf1a6460accfd4fae1b71c2a4386a02b6d49feddf9a2819c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a5b6f4f2def71f390d7e2227de2a61d

SHA1
dfd47968459be9d98c0685168fb62a5f976134b2

SHA256
64aa2a3e5527955c7bf9cc4f18e37f59a55c5d8ede3deec75d48737dc6c06825

SHA512
613d98e305aabfc74aadabb9265ebfe7e7845ab9dc466b84628087efb9f8a7b8c944ee8ab29005de48814592f2c626862d167ee200594a3e20c20d39b734e0b6

Download Submit