dd69d5fc732ff79dadaf12266af7529d5d203670f33829e4b3b1b22c58084401

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 15:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ab5d2c58cd0d1b098f003e038563436_JaffaCakes118.html
Size

332KB
MD5

3ab5d2c58cd0d1b098f003e038563436
SHA1

9449f39a1806398b8a285853d3f6019240532f6e
SHA256

dd69d5fc732ff79dadaf12266af7529d5d203670f33829e4b3b1b22c58084401
SHA512

1d49051c7c9d0d7486ecca5f52bf51a4551bbbf4ee1e4e5f92e0b4d05dd3d4fca2e4a04165bd5390dab7cc3c1b5ffa4d9209c3b1f26af5569b6d6924694bc8b9
SSDEEP

3072:Zz6k/qU1kJO3I04fc9hRy/ovvbBYQvCnxv6HxG42tPsQK7k7QUDwYa4bYbQcZMm0:0k/q+3p4fCh4/oFhhIRNe/GDXae

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
2896	msedge.exe
2896	msedge.exe
2848	identity_helper.exe
2848	identity_helper.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1020	2896	msedge.exe	83
PID 2896 wrote to memory of 1020	2896	msedge.exe	83
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 760	2896	msedge.exe	85
PID 2896 wrote to memory of 1052	2896	msedge.exe	86
PID 2896 wrote to memory of 1052	2896	msedge.exe	86
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87
PID 2896 wrote to memory of 4856	2896	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ab5d2c58cd0d1b098f003e038563436_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a2d746f8,0x7ff9a2d74708,0x7ff9a2d74718
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,23931846056347469,14403017337047464852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6c7e553cedfe645f08df062e9097c6ae

SHA1
eb58b0d554eb5eb0a21e83da19686ffb2beab5be

SHA256
7b0e796fe70fdc17259cb96d898ee5c11dfe78ba318f987bdc86b9007956e53b

SHA512
7795013478ed0f7c31d6349b171910d97ede265e8c3048f274f933c2b9e1da964bdf0ad0d67ca5491ec2d73ec746abe4f854b4d244566a196b7cd9dc159cce1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2a5f862ef4c894996166c14e93104791

SHA1
697bacd2a0a3c435ee562a20aeb98f56f4abae59

SHA256
ccdc150cc3874ea56c5d3907b001853cdbad7e7ae5d444d333aaf373268e7b09

SHA512
255bb7004eb2bb447023e9d8176e4e880d5f2765652f707a64963015a21bf2c4c0529ed0d2962fdb5c19b679f029c08f3b3a6e5707192fb52f4e16815c606222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
43d05501c7b0b4020d09900a2409b686

SHA1
0369e312447ba0446c121506438fa39e37831e9f

SHA256
0b068dbf87319465ae90916c8f3a09a7712bbb6a427be46a8cdf043fafc21c34

SHA512
b5c61b9808f05acfa81c350e027a49a66928c08e064c994a2492b2cee5001fb016604b61c0c8d399fc7a0075034005302528cf4d0b3721c0ea295ec3ec4c0ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3208295ccc828e52c574188d6ef07637

SHA1
9bf28284355d043fb9dc59407ffd9add11170fdc

SHA256
3f95b37ba251a2a8562c47d97556a98e3b2a0bba3a7157d374238b1721d2974b

SHA512
f6c2ab07dadf88743d4b2a8dc365bb72957cade129f457d5b3d23bcaa37063172f83b36f114b5250bd9de42d9f08d9ba3a64aae174e17dded52f310a5780b39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7232d85e76791e2fe3e45fffb6781c06

SHA1
8c0a7ff319ce7833e2c0261157ebbe8ed3d5c87d

SHA256
1c04a3da40770cdd112c511129b0bda86c72e899761a00be4f493577488b0a9f

SHA512
5a7080c4612fc3a5f814f7a820156fc21815a923cc9b8519b78eeeff7380fe341833cc1a4a7fcce4b2bf63834fa07fdbb9cdf66b7654bc8ee7b5707cbcb25ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
020b0a3c0fb10ce24eab652ef7582bad

SHA1
e1cc72f538778a09902c11fcffd0c7da33d66afb

SHA256
de6374f708450a74f3cbb94488d23c77d923c40a1763479e84fbd16cdc110afa

SHA512
418aca86d562e8411443264d2d5ff3e9736231343bd30c1e605cca6602cadc8ccca55322fe4f82e1839c3802475fecfd71734f5220339cb7545c78262a3a992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08c3125db4dade8301534900b3906090

SHA1
9fc01f9e5ff88cc83f5fadf473f96d4f215d67f6

SHA256
ffb04ccf6de326b40e5156ffae1b1eda579c6ad94f479c326ae0afd8326eb29f

SHA512
93fb1c9ed88a5a84c3db2481d08aa4a76698e6cefd435990073593624a8c49ab1aa9f8e177505d16fcbba69836dce54bcf3e1a6ecc6f50403b0f566b0d1f9ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d3273167c4ed9ba560f52302f64ded0

SHA1
2af0e73f19c35e0be21d4ffeafe8358210f9d6c6

SHA256
437f3a13d04601a9a7ef6bade08cbea73437880ada55ab55fbea4321163db8bb

SHA512
0e8b90e4387eebd399dc40fd8b1fbe5e8660af42af0a9b2130ffdd66d1fde670068ba53f12793fd75db782115dc443d71b037cda5d1b85492b27d21526e1cac9

Download Submit