41f42d89c566d45c53f1b734bc7dc3ce905f0e90be5e1c8bc94f68022019a847

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25f466db85d1d39a19f60b29862d183b_JaffaCakes118.html
Size

70KB
MD5

25f466db85d1d39a19f60b29862d183b
SHA1

3b10e020a90247a98e5aa146de4f3188533bb2fb
SHA256

41f42d89c566d45c53f1b734bc7dc3ce905f0e90be5e1c8bc94f68022019a847
SHA512

0e0f1b6b1af31d1d02d7fb2aeda3553ba828bebce1628a4ed123a75d3ce478354866b3d7ff66d18025758c9c3f3883603a95d908212ca556d88cb8ded09b0d45
SSDEEP

1536:+BAVvRCT7TgvOp7+ibI79U4OsZS6teKNqi4YaB94N0iq8ECaOVzC7bm2F7oD4:+B1jp7+ibI79U4OsZS6teKNqi4YaB94o

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
4408	msedge.exe
4408	msedge.exe
2772	identity_helper.exe
2772	identity_helper.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 3240	4408	msedge.exe	83
PID 4408 wrote to memory of 3240	4408	msedge.exe	83
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 1880	4408	msedge.exe	84
PID 4408 wrote to memory of 372	4408	msedge.exe	85
PID 4408 wrote to memory of 372	4408	msedge.exe	85
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86
PID 4408 wrote to memory of 3732	4408	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\25f466db85d1d39a19f60b29862d183b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c9ad46f8,0x7ff8c9ad4708,0x7ff8c9ad4718
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4333097441453699035,13757240485878525229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
61c838a62e87c3bd4ff0fff7793600e7

SHA1
58da496f3cddec630b488338c4dd291e2384b9f7

SHA256
a6f921c3cb02cc9c93ea3c73f474094a82674bcddd2c5594780f3ff0d4ed5d06

SHA512
23e84827a685939990bbf3c86203a6c71c1363269edc9bb75ca3e69996944e56fbe75c83b24eed8423c6f13057437c0ef6a50589497026d40095b5127cb0877a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35841c675134d18e5bb96c75a4da85b8

SHA1
0a7edae7cd284ed654d7a8f7948aabd7337daa6b

SHA256
8615d3c4c7e58f695cf3eb05303937c1453e358e3067070632406935d8c0185b

SHA512
0e98609da6e716a222e33748b3ed9d36a7a232a2f9b5f4ee659eac236ce5f76dc7b85abc4e77bd9b227a747ff4a4a45c27b613d39610f95a0155fa422c7275f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b620e4459ac8e1ad0e9c783c318eb777

SHA1
95048ad050f646815d8c873f5b75951a439fc1b2

SHA256
089aa48fc38e1dfed6fae37b2fbce84d2ec68e98a07b78e9567271adecbb9e64

SHA512
9348217ea28273d5ad6cccf62b38a930aa2bde680a0dae25ca42a262a864bbd71678635f97b6278e80dae27b35ac175d4e767be38658f6ffd81c01d6bb1f2a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65831ce31a3ec8c0e40f36a73d2aa8dd

SHA1
5058bda147fdff959af5f224bc4d9a1b2b3ea77b

SHA256
08307d4c24fc95598f89207f15f3d6ba2ef10add8f57c71d6e7bf0a413c431b0

SHA512
360aa3e8765b4bbcea08ba8f8846c196976ef54d4d71627dab6a1457838b662c8538f3c85cd453766ee9026d320af45cf7d0902e5471c5308187553b1e9ad613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1b92e87495dbe9d790762366fd776819

SHA1
223d51e00d3f4635b370757de6df20972796e902

SHA256
33754c40f93175404a43c86c9b8fd7ac5090e3317559e1ce049afd5154df1fbc

SHA512
4f55c61f9144f43e579215f45d5e2c1ccd09a57efaecdf32b0262dbc6bc224ba21210cb57ee3cc5bb8d5fe2cba4a1ab76fc79a9746d350c1c158954aeaef98f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
611d1239d0ed1aab2634372b77f75642

SHA1
b03fd8d7369add589bc0aff16e773aae104b6017

SHA256
5486ac3316768b340ffc508b97d7a94181dbae80ea8c878896354a5a489eceec

SHA512
ba7ada32cc1f51577c5da52e6ba1f228debe1c7eb274e668bd1c12d50a72731bd075022d77cbb2f05cb3816676f0eb7354d950f35615baa6e47855eb9043a9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
4c991c9a307be2568209141452b9593f

SHA1
4052ba870845b330b1656b165f802ca2529c90ea

SHA256
3bb1477c68ccdaf00c8925d2c0d6c2be2ef5a9c3a6e3a0b5aff03cbd0957a612

SHA512
3d4723f25172f1931ccb773adb6a7f989d93610bdaa805c60472684b49f32f617dc7885e4521cd75bf8beddc06965eda1fc0cbe4df2035a76e3e16305ab1dfec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5822c5.TMP

Filesize
204B

MD5
a80da4a9926ee603b8c6c54bab99d7bd

SHA1
fc91edb27210350a4144c232d9ec3ff40d58dd91

SHA256
f488793767d7699fa95bccb40e58aede2ec3e482788c13881d3862b63a3caf9e

SHA512
0167b5efb72b20bda490de7683e1683dc908603ef7806490f0e5e8dcddcc2477d891faaff435054b6632872bb90ea8af7990c94b8d3fbb81ea89fdf5f55ce9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32a6c50b41be56733d6668f3e772a16f

SHA1
c096aebe538ca1052dba083f7ee446b1b45eaaad

SHA256
5e93d5d455ca76d5e8a1fa89af47278999be13a6880cb1524cb923deff7aa425

SHA512
9a9bcd3f4a732d2677c2196613a9791d1239954552e29f5e1ff8db901a476edcec1ebeb518b8f08c28bf031ccdd75207859bfd0e049dd9115d7935a37fb94e1d

Download Submit