02e7e903c56b623aa749369d94c14603add6dadb8bb5e1c754007a81b3d91661

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4545c02e9f437caceb50c94ef169aad6_JaffaCakes118.html
Size

125KB
MD5

4545c02e9f437caceb50c94ef169aad6
SHA1

45e887e8d254e49741b41f6254fe14d2ba7b5f45
SHA256

02e7e903c56b623aa749369d94c14603add6dadb8bb5e1c754007a81b3d91661
SHA512

a9bc1a6cc41a7e4e05198ce49762c00bdeb666110d37afbceccaaef40f2bc9432dfe23d78d873deef0c2b79a4278b2ffc5fa89e1889a9c79f3f1c49f776139d0
SSDEEP

3072:YUrmRCYtcPZtYwXWHXkX+xIO0wj3VVlkASJsOXYiiUWW7GQxV4CA4:2ch8XkXklo7GQxV4v4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4908	msedge.exe
4908	msedge.exe
3648	identity_helper.exe
3648	identity_helper.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4832	4908	msedge.exe	84
PID 4908 wrote to memory of 4832	4908	msedge.exe	84
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4028	4908	msedge.exe	85
PID 4908 wrote to memory of 4032	4908	msedge.exe	86
PID 4908 wrote to memory of 4032	4908	msedge.exe	86
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87
PID 4908 wrote to memory of 3028	4908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4545c02e9f437caceb50c94ef169aad6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02b446f8,0x7ffc02b44708,0x7ffc02b44718
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15151660067628941599,18089053941003878488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6b648e0254221e73a94a125c0af4cb5a

SHA1
d591d0c4c4fbddf20c89dd29369dba76de563824

SHA256
40d7ff44431aa5434fb335d54ed214665495e37cc7799e5793aa6c870d5e607c

SHA512
eff0eee9694991fdffcfd57b77b3d1231a142898baf17ac2e15a32ce0af217785d4eb05dffada5078373d7ab90b2602eb38c67ebd54c5b0bfff500943f799eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68a2e21064c1402e37ec0cfd49444136

SHA1
994637f003e2b3fd19ed91648eca81d736a41fcd

SHA256
a0c57188ac27293001129b5f0918797055628ba03d13058c731086fca29815b4

SHA512
839875cb6a6b57ebd2971ddde0eeb23bea2d66abee4e91ed618a753fa84c1daae866a68fcbbd657cabaeff033d267a5255792ebc41fd9242b6ee9141248eb60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1ee598bb8f7e6d4a53a12b13f193ce4

SHA1
9381ee6291a454e8294176969f24e166610b928e

SHA256
9078291334b4f9d0e0d5aa31dd95a12f247c3ae2b123267ab49e241d4733a6a1

SHA512
c2aa1b6ceb1f22c4ad6ed00d12ddbc68847203989542fca144802ad861296f4782f3024d3ddb4df9ae3b0f3dfa602140cbcea0b47c3ae0d2cc7c2f3d4640befd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
049bf5af7603e755396e6172928dcdc9

SHA1
0dd1a45328b6ebd4352cc8dfa562da8992cf5549

SHA256
bc1469e5fb7a7873b7d3f08ae075411cdd38f3a235a1045556cc0f72701a2bcc

SHA512
7ddfcd6f33d5aa2341893eebe62ae5350e2468751f95aa98ab37e6c149ee19ee4175eed8adf614319c22134fdef252bce6c6083e7a97048a061d500043b627e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
db2deb45d80a1a65cc0d1ede746ac856

SHA1
0643697d2a76bfff1e051a56344d77a5d5796397

SHA256
9c691ddd9ee471c646ff862d5d9aa287bf5d776d9bc4962998398e4eac132b26

SHA512
9bb9aae4fb6e61343171cdf60543add93554b8191fdd3ee119666bf529d09740d967aaa2f5da90f8c725fe3e9eefd891986b4747c910e98f86d2768f68bdb819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ac51bb7a63e589419e455ca01156afc

SHA1
e0a4c8a626441f166618ff9445bef16a72a3577c

SHA256
8f67802c190ddd5868d99b2a43cc88f414562e4bd5ff5da7064cf5ee1c7b575a

SHA512
5cd5e9d377b483ccf425870991771b8930f0282ef41e8c073340613bc1f29f88799e6b493eeb59643f4402b96d3f64ec69c26f4c560bf79684d768a1a283735e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e445.TMP

Filesize
538B

MD5
8ef519a20c995acebb08f1317ae3e260

SHA1
54135a2c2c452201cd88377b58e1d7014fbc4af4

SHA256
04dd1f8f8da8e8fc301834b074eef04b950462ab3e29dd8cc2d0e5f48e8a48a2

SHA512
7b73ab702e84af8693351d68b8d8387547e3cf81402e0ae6fbc1ca64c32712e0d4c44bef2fea22886a049cd5738c317ffb60267282f2d5be01d653ed72ff7c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca926874811328a54cf4a7d51a27b99e

SHA1
a26806a93c39976b380c2fbd1f537b8ae60f9ece

SHA256
1b6d8fc76e3b2bf7d76aef939036c8b7831a1b98f5fa4b1a0beb5a998671e911

SHA512
c2190fe5c51cb8132dafdf558f4ead60e3e7b7a4644a71ecbcffa02d3c34b846506612e078cc503f3dab53cc7ff1360f7a46358f1d2ad76976a121f7675ce43e

Download Submit