aa58551a891b4c4176da7d0466a5c873e08fd30e6e7ebfd7430aa774339aba13

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c5355d5f832a055cc0f9a3aa18c8573_JaffaCakes118.html
Size

50KB
MD5

3c5355d5f832a055cc0f9a3aa18c8573
SHA1

3f9240f862a1dc7fa73c5a3a2fedfad0f596f1da
SHA256

aa58551a891b4c4176da7d0466a5c873e08fd30e6e7ebfd7430aa774339aba13
SHA512

61525f0285ef1f01fb8f57d45d385004f0f82250b61d7506d22f76094b86934094da9596631d3d5f94e37cbc85d6f5ef30753ff9ec89848cc91aa6e20dcf2585
SSDEEP

1536:SlGX07kd67F0ZlgkSMTHhZawUwpX2Ye4q/4XfT:SlG7hZ1UwpX2Ye4q/4XfT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2500	msedge.exe
2500	msedge.exe
2284	identity_helper.exe
2284	identity_helper.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 1084	2500	msedge.exe	84
PID 2500 wrote to memory of 1084	2500	msedge.exe	84
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 1948	2500	msedge.exe	85
PID 2500 wrote to memory of 2512	2500	msedge.exe	86
PID 2500 wrote to memory of 2512	2500	msedge.exe	86
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87
PID 2500 wrote to memory of 1624	2500	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c5355d5f832a055cc0f9a3aa18c8573_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeff8b46f8,0x7ffeff8b4708,0x7ffeff8b4718
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15450886821373278936,15276547078197589665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f7abae20938f5f6803ee4d4f0521d403

SHA1
03dcfc38a774c88c1032ed69ab3ad0aaaefb2567

SHA256
20d5f967ec146e6da4640750b824aeaf13fb52b61ee8537320fae4c7f7f57223

SHA512
16861b1ac1a9250f1363d18985890569b54de2796db14f42b976dd97767c3337fb8f6e360ba85a12ce6f458a4a331028b1f2ad2f7f0a478ae178d924ec1e86ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ec40c0fc1609d17c1211e27608b8fc94

SHA1
9be393bc6615c2cfe747674065bdb2f51f710e31

SHA256
f7ba9259af2113a12c53697fc32808fe147f91b5b849f85925d0f96b3fde37bf

SHA512
a69a64e5b8216c694a133a42eb1f19085a0a406b5ff04250f7f6d7ceb36b2d30abd12fc68f84add53be606fc06cc5a1425695f7f88e89c78d35496b7bbbd77d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
beca94c71b3cfdec59bbc82749690a14

SHA1
bf4741c56d455f5ee0f9720c3b6de84507696c15

SHA256
99fccdf68660e3a05d7ebd07a59a2f6f2c15ab24587721e87b56efb1cdd9d519

SHA512
b1a32fe63881fda675797273b7a422720db0ef9aa5034075e1ba1aedde12a2bd6962205410e858230dd9fa8eff2427cb39c2eb49d7eeb6477c8fd5c17cfaa54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c572e1902c72b5bf3b10a8cf575f9922

SHA1
6deac1a7dc7a985d23170c215a1bb15308215857

SHA256
c6766ec3c00f57d5d780b77c9ee5aa1eeb75f3bc87c2d5ec5fa92e248319c6e6

SHA512
93ae40c69d554f2a05ba783563f59c50bcae21132ea1f4b141863d794d3ac2af707f49c10776d3c9400c94a790caff5855a5001dcbad46aff240191cdac78f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e0c39abf493337c3cb7b907aa9140b69

SHA1
0ee278a1e4047c6cc1421d02ac486dd5f1658f8b

SHA256
6d2ce0f8e28214bdd3dcfd8163cef3075b35788d8750906a3b2d861123b42003

SHA512
b50093c8314a086f47098e1dee479389409e381fb69072f05b26a45a743028da7bf981d1b44d20577ac04bb47204b9fcd46856f1beb682700a1bad0ecec20d0e

Download Submit