0e55791b1151eb83b0843144e857110c613eba5c6588483bb0de93a2c15659dc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d51ef61a1c321dedd4469c21edd82422_JaffaCakes118.html
Size

175KB
MD5

d51ef61a1c321dedd4469c21edd82422
SHA1

7667439389e8afe9256ed031866fe29b4afba0f1
SHA256

0e55791b1151eb83b0843144e857110c613eba5c6588483bb0de93a2c15659dc
SHA512

bb3942d763a1d261d52c75539f3b77a7ba1bd6c407cd4f6d0020c813f1ffbbb7b1d2835715330c6a3ac35b4686cd316e36d3dcfdf8cf2e821a3796e62b80dd19
SSDEEP

1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3DGNkFvYfBCJiZM+aeTH+WK/Lf1/hpnVSV:S9CT3D/FOBCJibB

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
2528	msedge.exe
2528	msedge.exe
4692	identity_helper.exe
4692	identity_helper.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 5084	2528	msedge.exe	83
PID 2528 wrote to memory of 5084	2528	msedge.exe	83
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 3260	2528	msedge.exe	84
PID 2528 wrote to memory of 772	2528	msedge.exe	85
PID 2528 wrote to memory of 772	2528	msedge.exe	85
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86
PID 2528 wrote to memory of 3656	2528	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d51ef61a1c321dedd4469c21edd82422_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7b6546f8,0x7ffa7b654708,0x7ffa7b654718
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13637997149602423199,3622804393679700842,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
58e8779303b4384c22424948b0b1e97f

SHA1
03901bd673c0925b1435ceb196ac95d4f38c985e

SHA256
6c78904e35fc87ddbc351d87e3846a08713ab781c2affac530e2fb825b9ec69e

SHA512
76f72043934d02f0cb84c17270c57d2a4d34094e0ec565281f3247e2c36f2d32fa419eb3ff35223b6cac2c8fc49588cca61f89a0e453791afa7157694d7d4709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
646686c4ad1714bdd426dce42d8e2bb3

SHA1
27030165be483e919305f3b94f68a564190886b1

SHA256
154f9afd09117a289bb24efb27444d2a94a9f72c63c0dd490da93f75a47adc9b

SHA512
535ad2a7ce4634e76a453f49429eff65a47401b4fbc949b8522d50f565e21412403d7eab5a0b0a3e1f3e2f80794b2aa7cc2745b14bdd4d3366d56bf76b4b061d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0ce7d98b2de1f08a1d68b108cce5ec4a

SHA1
79250ed422c12020de1a64f22d44b8e6afcccefa

SHA256
c9f5ff4d11ec6946f408fe28b86a562dfa782c114d0df367d3bd46eb7e5c9162

SHA512
537412855ab56e28773c3e3f1c1ad0084ce46a20377d7370cea56581cc37f5fb861d5c26681f19222bae92142428d27ab9f523db4f8cb3d330253c1c6d200f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7cb8a2e73a5392064437a4d8da3fd6d

SHA1
90c8868329b4246c680118721c6f435777ed16aa

SHA256
04337949d9bf6f257bf59328f989709426663f6fc0d5ec47a3c7860eaf5c4e30

SHA512
442e09a04fb48f9052290021149e634fa3590ce9ea5308ba87fd82f39e7955467090821ca68490e99aa2731e77a00cdec4f7dcf6900ceff5820e4f209d308efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f36819a76631c6c1056be4f0a2f4078c

SHA1
a302e75e11ad757c23b9a0e96904d3554ddfc7f5

SHA256
599b7cf4323903128f5ab2ff254075147779b64b9863aebc753ee6eb79666c43

SHA512
8727aa69ce8726b5744e0925e956dd49526d38db4ae6a124a1b110df092da2844662e2fe72b7bea20932a8b109e62e5169d69bddedbddbb479b20bb7c95b7eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fdc6e2fbb3c2f79b8a43255563cd4726

SHA1
584af724896c128f204caee8ff3751a894fe6244

SHA256
6f0d7cf4654e13e275fbe0fbdc86671c6ddf53e4d761f3365f0aa0d28b54f246

SHA512
e8af1f4bcf7ebd3807f809108398a581fdc539826d2a94249419b8686c0e85d18e565389000cc58bcfb8a6d1db9d07413318ca3cb09a1dec64b98542a581a5f2

Download Submit