97663a14fc026ab30ec7b6f8b3d7006420581ab1c169db92b425aed6cc838ed8

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa082ba5b3a90f41625c28c29a24d78_JaffaCakes118.html
Size

57KB
MD5

eaa082ba5b3a90f41625c28c29a24d78
SHA1

ef583d60e02dfe9783d5b0e2c0e3a04528980696
SHA256

97663a14fc026ab30ec7b6f8b3d7006420581ab1c169db92b425aed6cc838ed8
SHA512

e586b7e038650227f5a3732ddd423a4a3d2c68faa7b579cc58e794ea4e35674e48a621495268e564eb082328c88268bafb0ed08ad3357e6ce52c7aaa5dddc736
SSDEEP

1536:ijEQvK8OPHdFgMo2vgyHJv0owbd6zKD6CDK2RVroTqwpDK2RVy:ijnOPHdFG2vgyHJutDK2RVroTqwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
4788	msedge.exe
4788	msedge.exe
4092	identity_helper.exe
4092	identity_helper.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 3104	4788	msedge.exe	82
PID 4788 wrote to memory of 3104	4788	msedge.exe	82
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 4648	4788	msedge.exe	83
PID 4788 wrote to memory of 3488	4788	msedge.exe	84
PID 4788 wrote to memory of 3488	4788	msedge.exe	84
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85
PID 4788 wrote to memory of 3496	4788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaa082ba5b3a90f41625c28c29a24d78_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,9032858902738503367,13310130708631466356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
d923debc46fb848bb4292629a8741594

SHA1
724038c0d043d0ca90e27ec6cd94902acba76b41

SHA256
9abc5a598d13882b0e1bf723df4689dfe57445993780aef821cbf1c9acc02eb8

SHA512
697e0ac6ed894b0ba56f3d23fa3813c347752b09a617857b3090c1aa885446e5258e50e5a9e1bff9650ba3289557fcf4a72f7c3b0ef10c3825cbc682db44b1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
78869303c7cade966e0786bbe4729b4b

SHA1
c599ff026936f6f7c949c78ffbb6d86ca06ac3b6

SHA256
ccc33e37a7d8d17b758afd280bac122e5982afe036f2c48a3baf9e912443021a

SHA512
5d0c3b6eb797fec48c5a733201072893d7fa092b5b7a58e1141640bc38083fdba63241a69399687efba308f04b649f80b11c9a0fb2bff99eefed08a523e8c97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6ca46cb2367a13a4916381e6e09cda05

SHA1
5d7106d5fd0dea2fcfa39eb278b2421192925757

SHA256
f49ee2cf74199d52747ae2ae346855be632f15b3d6a6dc315a4a3d541bc6c7bf

SHA512
694462741870f22922d0326ab7a0ce45649713f483871604e66e48614ad43791f05aa8604d3991155ff0a0e277632eb438e6e57e1c0a86b8c1130498305a54e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a35a41109ce56739f04828039c5c8be7

SHA1
c77efd1286908fd79a3b267919fb806418461688

SHA256
5bc4bcdf2851cc313aab367e14d6ed9cafb648ce81c842dff1e664d56418d141

SHA512
0284c465471df090687f9696b59652327e70b8b85070bfe829ca3ef4d57d7eba682afb355cd4a6315a158ca2e771e7c0454de0a128950cd31e0294fa73a4f65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd34dd799d01eace3ccf684c59185692

SHA1
51ed64bc0b188f62bed5c223a554ab32af8e1394

SHA256
d458e12d5d650a2505fac210145f5d9cd35cb62eea9bbdfe4a85f4333972f8ed

SHA512
cd4040f31e9df2d0d5402b2e487edb7f8a4347363cfb8d43e41771b38d46e4a0cbb9d2fe91a88541d14217ca67f1a942c812288fc72056f8252a0f73a9834e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c13ac1cd4bf059d573196745493d6e15

SHA1
f676db0b4400b5812cbb7fb86fae4dac50bb89e6

SHA256
b1066423ae5d8d9cff9c949048c72370d182f60def42fe8ad82730b0e57f2816

SHA512
6ae6a28b2e26c308123a8b24129aebb1e191c533cc98fe7225846559fec73b35eeb5f7263068dfc100f94bc8d726038a5fd7ca84f8113be9cfcc228192c78786

Download Submit