17f002f853e97d410e951e56ecc4e5c020bf57c8a94533a2ce950843f085a432

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fce04e738890fcb015e9ce1844dcc03d_JaffaCakes118.html
Size

201KB
MD5

fce04e738890fcb015e9ce1844dcc03d
SHA1

2cec460f6c01edc5306f368a327c94062ca1fec4
SHA256

17f002f853e97d410e951e56ecc4e5c020bf57c8a94533a2ce950843f085a432
SHA512

f35ddc9f11bcff68e90cffb5b47a3d60dae45aa164b91ad9f9397f33a334363934c500106ba3ac50baf43ef146dd8a319f1a00b96997127e46d9504a814eb9b1
SSDEEP

3072:bQGs7eApBtoaFDCWC+gVZ4TDYuwJubKwC:bEPpBYl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
800	msedge.exe
800	msedge.exe
4752	identity_helper.exe
4752	identity_helper.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 2756	800	msedge.exe	82
PID 800 wrote to memory of 2756	800	msedge.exe	82
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 4124	800	msedge.exe	83
PID 800 wrote to memory of 1504	800	msedge.exe	84
PID 800 wrote to memory of 1504	800	msedge.exe	84
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85
PID 800 wrote to memory of 2096	800	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fce04e738890fcb015e9ce1844dcc03d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd790346f8,0x7ffd79034708,0x7ffd79034718
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9397427898902473801,8979458282115068278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
  2⤵
  PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
699B

MD5
fee753a4b77ada6daa1ffa50dd891fec

SHA1
5eb299a19d89aa88a6c66cb84754cfdb2fa8d123

SHA256
7d5ad07b4f1c5c651f8c4b461bcf9b0028a7408f6b2fdcda83515af5230d6665

SHA512
0aed44fabb45fd476a23c86da5ca8b72747ace7459f858f2d767f7ea1603207fa1e62962da63c74752e9db947063347248cac4c7655ee7f3189f4ca896ba79d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
749ba4e233b81959c49a96d489cfa3b4

SHA1
e47d83b1ffd1ddff863bda6bea14a021128adfd2

SHA256
3a72892513dd53503e9a9d2de1f67bcdeec29a5bc403105962ad33c1a24ec241

SHA512
cc0434748e7d57e93a0a76e8dcc8d87f70a6d8db4e50c54e53672f99f77d038594bbd0a70ab6499c86f118149618184cc6a0f0bbc78add2453a442ed795d61dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d1d773457e6e9d7a8b0a6cf234e0a01

SHA1
ca8fcdebaf3778e88921e02d15ac7f181286daf3

SHA256
0ac35cef9bef9550f2c53a9020cc6bf6a9ba55e3d5f9af7ec41db6766e8bedf9

SHA512
210342a9f7c95a2f98d847c917671d9a1b6adde759c3f26f7c56fd37eae5da53fd3dc002bbc14e9bc686956e563e163b5be1005108a087cb1ced26153d99efa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5c958c0e142fab00df614cc2c2b15f1

SHA1
9a74d9a2a6eb6aed734c92ff0c12957e1bd58600

SHA256
90c8f01b72bd4ebe919514af0be15236d250b049439a40b5f5eae5ec064836d1

SHA512
e092995391359089d3de8edc8a6263c9dc450593ab25b8a04b59ef4fcf37151e46cedd073400faf0c1b131b939ee8e4906a74730d220ef0cb4d831f8a71fe65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2f11dae43108f069d3fe2805908bf660

SHA1
60ec1da94f3346eb88c0f85b9dd8e6d1dee0fef5

SHA256
d48544c29f9a6706ff8a494a3096376fecc3dd0c395952b664c747d6a535bfc7

SHA512
14ea2bcd5768f752c1cf150b6ab0fec64d349025d8e37687f4ed687a9feffecb003cbb49d049bd8171cf6b567e66cb43a0076c5d0835241c2780c9c8ef3e3bba

Download Submit