5a45e6b8f09db933bfb7304fd2b5aed92d0fd0c9cc998d7cd6e9b312fec24b64

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aed9d237a6f4ac21aa75cb5fe3efb52f_JaffaCakes118.html
Size

18KB
MD5

aed9d237a6f4ac21aa75cb5fe3efb52f
SHA1

856b41ebf49a4b4c710441ccd6380b4281a708e2
SHA256

5a45e6b8f09db933bfb7304fd2b5aed92d0fd0c9cc998d7cd6e9b312fec24b64
SHA512

50a0e8617768b9a6df3830faf3cf0a152d2614fa996543e27c583e9b74dd8a9d4afbb05bea55e4ac19e474ad81b899b7f30da1ccf5859d487d73fb7ca2154e80
SSDEEP

384:XBcAj2VsFQHzYENvyBT2FTQ+bn8a/JKdUzC1gTgcaJLUKsKGj2V:RcAj2VVHzPNvuCFTQOn8a/JKdQCqc1LZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
4908	msedge.exe
4908	msedge.exe
4904	identity_helper.exe
4904	identity_helper.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 3588	4908	msedge.exe	84
PID 4908 wrote to memory of 3588	4908	msedge.exe	84
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 1568	4908	msedge.exe	85
PID 4908 wrote to memory of 5116	4908	msedge.exe	86
PID 4908 wrote to memory of 5116	4908	msedge.exe	86
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87
PID 4908 wrote to memory of 404	4908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aed9d237a6f4ac21aa75cb5fe3efb52f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc66846f8,0x7ffdc6684708,0x7ffdc6684718
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17809453360892920072,12319128186647210301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
6813347f6530e2e835b1278e66a07766

SHA1
6241a2e2be18876f53e48c4ff7d0da2f3037080a

SHA256
76cdffe1917687c60cee9dde6b20da0a69959e799d9f15ad605142cc34d519a5

SHA512
4b542ae60b0e72b2d3ec6347e467c5806fa878781235971b220f760d4eddca2ee98aee9837531b06369b3276e9d5b3689d6afc5605c98bc00ad9e77e58e55907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e08d9f52507a8272bce57fb3ec24c37d

SHA1
51df3d47c50b1e3269e62c06bbe812f6d5607510

SHA256
dc966578b0fe82bf340094706fc55585c6636f29bd075e707586a3f5a46f5867

SHA512
cc88045d34965cb4a29759da09d0b3d364141715d88dacaf3a3a2284cf13a20406fb92c0ab7e18568d3a76b8bece6677ec305d0e940a5657beb7ccea0e36707f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5027ca599bedf15c4b7ef63da91ad026

SHA1
763d63a0de780ba7c1ccbddd2c6cd21fc9f69d98

SHA256
623d7fe861c871bc1390929e80277aa11df988d57a835932e12048f5f23a9dff

SHA512
e702c1d3514fafe55e2e34ca54d486b29017a13a6d036c92938e118c61f4cd395533da08594a860b349e81f9804fe003194a4507bad31a19de6e7fb7a0678fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2079537b6b37444f8b7f44c0a6e25eb9

SHA1
42e27baf8bfb0bb0c887c33be3eee50bfe0852e2

SHA256
bf97080f28c0317884fb8eaf8b65b224b68a21c481cfd50aded9fe33c10da485

SHA512
9190004a968cec36c8cdd12cc07fa072f53e7c26c8db48365f5a38e7886afefefe17ef614d9a5e103323cd5d813c507eb7c843f7f7189e9f74829f5e1fcc87c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b4a2cc9d04a4e026c37813f4626c8b6

SHA1
f7f1d7908fa2747957ac3ce377a0ef1831edd1cc

SHA256
01b4d618b5a25c0debb08f275d239612073aa6ce460e28f5943dc1e39fddefdd

SHA512
170852c35bb5ae16cc637bc2417c4264211d06beea68238095de48b4514671b5903bc78d7c5688f86d21f21107adfb1211a8467a5e699d9aec758f7ba142fc42

Download Submit