40e70abd669bfee4f6b76f806750cc38994e79a9770494640f2cc547c7327126

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c146e76e9b3ec2f5af1b233bcfd961c9_JaffaCakes118.html
Size

16KB
MD5

c146e76e9b3ec2f5af1b233bcfd961c9
SHA1

369e0447d40cb85ae27eb82f2a4f87e2e7449444
SHA256

40e70abd669bfee4f6b76f806750cc38994e79a9770494640f2cc547c7327126
SHA512

d1e411b341d2874f999e613d7deddcf3d418e7e281c5f318b230cd5793c1dc5eabad528ab17d337caed0ea1895e1bfaf6b17715fc8f14a6ba27748a98788a7b0
SSDEEP

384:SJnT3na6Edg7EPI9Q1QTcP4omNx3p7O/+6y1EJa56Hvuq:SJTLEdg7EPI9Q16cANx2Q56HvJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
2228	msedge.exe
2228	msedge.exe
4324	identity_helper.exe
4324	identity_helper.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 824	2228	msedge.exe	84
PID 2228 wrote to memory of 824	2228	msedge.exe	84
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 2980	2228	msedge.exe	85
PID 2228 wrote to memory of 1396	2228	msedge.exe	86
PID 2228 wrote to memory of 1396	2228	msedge.exe	86
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87
PID 2228 wrote to memory of 2848	2228	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c146e76e9b3ec2f5af1b233bcfd961c9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbda7c46f8,0x7ffbda7c4708,0x7ffbda7c4718
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6503320232847781929,5828640620792561968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2636a0e158255e9ca4f780c6661e4fe0

SHA1
84a88186d94838983f4b3f7fb0573be3b5c07f3e

SHA256
6a36fe5da1d2722444e8b398f035f8ff5805d159fb3c240d9bb32669ab888f36

SHA512
098d8ce7ba4af4da32050f92fe347bac76f0b75afa8b2d4a995c91291632555a6d020b763c411acf387b9683bb1d1ab246eed1ade44d84ccee4337912f4d794c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
5c1019a2fbbae64fc4028cb6454df74d

SHA1
d20fe68f9ce22bfa8c0b745a9766ece9609b58ea

SHA256
ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75

SHA512
9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
16baf478a9aa431998fa3e2ab8fb4a70

SHA1
02da51e0d76779fd5f541eb00c194ae78e826d7d

SHA256
e509fd8840690d849d35a8b95740d8410e35735796214fcf1e743b7bd10a1395

SHA512
1a50595137493ed3a30e1c5d15817982b895792b0f2c0ecdc46d48a2c5599eff85638c79bbce42a25cee1c111427bf578c59d885effd32082e2f080e114f8d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6ab3b586f6cd4e4ba977a60d3893b0f

SHA1
9b84776f3e97309be9dafa1ce2c91bc75fd6119b

SHA256
711c2bf3c9417b61b4ee232f502516ca5277e6771a5728106b6fc1018b1cc77a

SHA512
04bf45b06ba86973ae3b0fcb4a491bf450b204f0219ddae612150940a470caa3c885689183fc8429923833068dcfb2fd3b6749228dc6d258616af546e6ca2385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a244c6a540d87310d42e3b708404d961

SHA1
ecd7c73d51d5a95b8d6df8bd34c624c4ab6f914b

SHA256
86bb0f63d88e11043c97b47f62b98d8efd2bed973304ee28495b6a32278cde54

SHA512
5dfb03ac621f20d3661f87e56c7a0d4dfce723d4a6e01220312681d21c0f8d48ece3501ce9b6cafebc464f2a4530260fff4e10c7f4ac434c7150338cba0ac0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
977ff81a94327adeac367de56dc71132

SHA1
3747f91e7af1918b2592d435a40ea5ee303e0e70

SHA256
e0b2bc37c890799183051662a3061917f9efd423f7ad0f457d479eacbcd6ed09

SHA512
fbedf7ceb908df355006be3405168b4ccf96eeaf9abf18d908e262f0f4cf979f4981d048aa5cdea13027f7d1323fa72478edd47233f08f8c2d6788de2828dd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58050c.TMP

Filesize
537B

MD5
b932bbb83570ed9a2cc19cfd59da5fe9

SHA1
146eaf6934c3b86e983b19440c32487cf991f231

SHA256
202a3150d8178ce05384979ee20be055af5db2950e3b9af42e58b72f6c386d80

SHA512
d3efa852bcdd43571862ea4e4c70e48b16fa69668e123008249f6c8b6710ff3330a4a64942ce07242b987df05e112151c78e9b84ddc9444af46dc385deb079bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c61ee248ac43cc58754c0bc0bb99f83d

SHA1
f10679fa3d1dc2caf31c6ad2d1920da9d493f1c6

SHA256
eeb33d867d5a17ac8327fa1c9b115949f272467103efd7e22be1a73a600a7c49

SHA512
89aebdc61da0acdf9cdd4e41d01ba87715370ee9ca332cc3647c32d77b09635c5985dea20801adb4901ca6559c20fc45956e13a054bfa019deab3d4ddb5c28d1

Download Submit