90f516eab4da6a6186d8b47ab482bfeba7bcd6de64e1e86b1eab81c8d9d95d28

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc8260d67156bca7daf41059137abb38_JaffaCakes118.html
Size

79KB
MD5

fc8260d67156bca7daf41059137abb38
SHA1

de968cfe49f6dca877935044176716640000181c
SHA256

90f516eab4da6a6186d8b47ab482bfeba7bcd6de64e1e86b1eab81c8d9d95d28
SHA512

2a15f8c7a3e88386c7639a26fac311f1d22075ecde2fab22a2f3f747c33c84e704eb86b02f6386e4643c7a2360dfcc8fc68a19779ca35b97fe96a234223aee51
SSDEEP

1536:fPOrm46BTzESXJLcoOeWQZLPccaw6E6dDk+Uevc1sVIWlonFnZspee2u6fq9kHXp:CgXOeWCptyyOs5jQ9jWNuI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
3352	msedge.exe
3352	msedge.exe
4588	identity_helper.exe
4588	identity_helper.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 1148	3352	msedge.exe	82
PID 3352 wrote to memory of 1148	3352	msedge.exe	82
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1232	3352	msedge.exe	83
PID 3352 wrote to memory of 1920	3352	msedge.exe	84
PID 3352 wrote to memory of 1920	3352	msedge.exe	84
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85
PID 3352 wrote to memory of 640	3352	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc8260d67156bca7daf41059137abb38_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb70f746f8,0x7ffb70f74708,0x7ffb70f74718
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18215744123431050322,17674526771405448524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a70f0c2a40214cb863229ab701ec32aa

SHA1
40b50b7a7dc6085d667d8d16196e4d559296fcb2

SHA256
78c0abb929b7359e0249945dbedd1e3bd93a18e63c1ae55421b66869e599191d

SHA512
808fa99c2131bdc0b31a39a1ce20c86476f37545849c057d0d842d1582a422cc498dcb9310d0de1228e6b8c53252f6a885617b1b8a5db47524812b9bed1ec0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8b2ab10d7ade14fad96d0497dff46f8a

SHA1
75ce8f55f6a0020e0eab593fc2033244343dead1

SHA256
ab17cd01d9ddcfa9b6a20d3b79cb4235f5eb430305a61c99b3a2b5f59e97d0b4

SHA512
135e164f3df5baf9296b1ce3e3dcede679bd9b67ea9a53ed900a69983494852b3ebcb454bf5d178c36ca92e88cd1e59f37c0b9eb212304459e87ccd5e2f809dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
07a8a66bcc0847fd465d918a810a8bfe

SHA1
f5e1161d646b88b449827eeffd8a25902fca2037

SHA256
94b27cbf4e8facfa595a8c655235c0578dfb09c211b2f43803242866ed5c9235

SHA512
760714503915bc933a51c635ccb84646ddaae607685d2d343eb5f96be579ff03be0bf7f95b155086c8093e2bdeccf0a4897354ee65aebb6b2ac14f99d9522d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a1e9863d3d5a5025eb3ca6d42e7cc869

SHA1
b3156967cb376d36b0b78f063ceb3bd4dc56b21f

SHA256
7e506ada58ea249f498cb92c2b8a2f5062543534ac1da0d6639379217c64c264

SHA512
bc80e85b3fb4289ffdf1df16099de1bd86a830d97406562eb65fd76e34396967ab220161de087d329866c06d3d7c4e5bb950d573cdc262d3bb43b185365db11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38eff1df35a57cc27ff09740fd1cd533

SHA1
14b97ffaef95e19ec8f301c9dc24e6bd4bc72cf0

SHA256
a15401b8f89277e036488498ced76d32af8dd740c443d81da8e4fae9ebc30476

SHA512
288024ec58d2fc8ad6fcad877dae24ef88a08856536066c699277d355166b67c1296cf45e6576d9e8c5fcc6f165f19e97d9069f44636c060f69824c2955e8c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df114c0d2f27f73276d78b18eeb88ead

SHA1
afbd65e0043a3aea9d0db4887d156b53b036bde1

SHA256
ba499b014fc7c9eb50ef148f7e405eb691a0d8d5b108a3a238bd3709e63032c9

SHA512
27bd25c5402daabd413f0f7602505542b5f3c9a3025e8d9ce386b5c9e0f5893fb233d18ca368a27c7a6d869e5f756992e74f3245966140b3f58ed78cbf84313f

Download Submit