0e62f2787b40662dc4a4c33117c915ce99f9c946c7e33496b3143eee6f07872d

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

433bac504a456c47abb1d1ad848abe06_JaffaCakes118.html
Size

1.0MB
MD5

433bac504a456c47abb1d1ad848abe06
SHA1

65196360ae61e48cf09f414525824add68dddcee
SHA256

0e62f2787b40662dc4a4c33117c915ce99f9c946c7e33496b3143eee6f07872d
SHA512

1c3301731f185ea58a1bcf5566d5c2eb82895ce16c06bfbb7ae3d116c003599e9b6f40afcdf738d7877fe24ef6c75f8e41460599f90b09504c329ae2607959bb
SSDEEP

6144:Tkcl/6of6dhNE+0Qq2yP17rBMj3zeH0yWe5nEzDnxUOaElwdyMuLVWL:Tkcly26ZE+0Qq24rAO1jQLC

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5056	msedge.exe
5056	msedge.exe
564	identity_helper.exe
564	identity_helper.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 1336	5056	msedge.exe	86
PID 5056 wrote to memory of 1336	5056	msedge.exe	86
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 3984	5056	msedge.exe	87
PID 5056 wrote to memory of 5028	5056	msedge.exe	88
PID 5056 wrote to memory of 5028	5056	msedge.exe	88
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89
PID 5056 wrote to memory of 2352	5056	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\433bac504a456c47abb1d1ad848abe06_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa997746f8,0x7ffa99774708,0x7ffa99774718
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,18138710448007924814,9634720683786450839,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1264 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
e109c61d255c6618de1469f92f3bd422

SHA1
c0dd34931bc16de219f7f64b02ffbf3cd8dbc2f6

SHA256
8eb84816e042b93ec6a170dc0eed2b6db1f926485e49b530a1aff21b363be777

SHA512
856225fa3fc87da6895383ca4c0c1ca7ca842ac8c457848fc72de5274070329a37ee5878deb545afcb5d75bdc9311b3a3acc807457911aa56ebe249f28ca635c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4ab76e242ccaed8debe8fd86e22b9a0b

SHA1
f98345f0ed4053589ccacd441f5fd7d96aee083f

SHA256
6114f920534afa693e2d67a0403e0d17453f0b622cda5eeba2a3834e4604a1d6

SHA512
89278948bd180487ffe9c56cc43d2a373cab0549c13dfc380fe56b7fbffcea57eb57ae64f75c1a6dce6251b1dc5a512e7921a875dfc7e7c74b21b7ccaa43ed2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59af6153792a4be7d06902e7f56a26ca

SHA1
3870c121d31145d83ef98894aec56b73caab00b4

SHA256
b8e8a77514acd5c70bd4086e5faf19fa1d69eabf83e017650ee721316460692a

SHA512
17ae228a4baf253ede1db876a89555a6d94ed30b2169d92b33d45ccf9569b0f7b439500c32e4c34b0227d7ab9a064e0dc0176eb3dbb2f2c5551cbe6c11aa7c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b550bb56493a8bcbdac1d203289c61d1

SHA1
5cd3f32c972f5f775a2e7eab2a2784b9d7badc09

SHA256
56845a11810db5419791df73f4ee4f808ae5824972e0f81643acd6d7c9c028de

SHA512
41b95f651e9a7ec0cd1d29e6176190eb5f4b2b45e5b8a473e5b79654d0e4f85a4f05ba9a61bb352c59d14dfefe42194f354d30fb250099d421e003ca8b82698d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b35fc4d77ec6ba6afcc7a4793592216

SHA1
004be74dc458bc65f81a928132f58eb3f6669a8b

SHA256
590f4a55c5eaa0c8f8f8b5483cf620cd982a4661becf0ac83095e88d40d97a2f

SHA512
fe4c812493857e26dcbaedb457b0d782873d3ac075ca4da16927fe25cbd6fb37d842a712efacb6eb70b5eed4b756bec89c8a19da0ca4f6ce05dacec9fa01acbb

Download Submit