96211747e6e3e4d35774ea7204049e38c3a0317f7ac91c05686784caac21be30

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdfe3bc9981415a92f32471b2a0e8a14_JaffaCakes118.html
Size

77KB
MD5

fdfe3bc9981415a92f32471b2a0e8a14
SHA1

0513aafa4ed86de428acae3b9e26f9c2d87b9224
SHA256

96211747e6e3e4d35774ea7204049e38c3a0317f7ac91c05686784caac21be30
SHA512

3948af060b7d250e6ee91d4bebc0d8c945323ffda90b204211c9c2fa0206762633d74105979167072e74c5ec8efec96e7dd671e7419b85fb1d7adcbba7ee6263
SSDEEP

1536:CHvYoFU2880JqSGlZOGDgTFZqxUvC93IxgdR6TJGv8fxGlnpFZj:CHA6p8jTpFZqxUvC93IxgdR6TJrMlnpL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
1620	msedge.exe
1620	msedge.exe
740	identity_helper.exe
740	identity_helper.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 3552	1620	msedge.exe	82
PID 1620 wrote to memory of 3552	1620	msedge.exe	82
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 4968	1620	msedge.exe	83
PID 1620 wrote to memory of 3540	1620	msedge.exe	84
PID 1620 wrote to memory of 3540	1620	msedge.exe	84
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85
PID 1620 wrote to memory of 2904	1620	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fdfe3bc9981415a92f32471b2a0e8a14_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb397546f8,0x7ffb39754708,0x7ffb39754718
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8951042021462530073,6786638527566329548,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
aaf7ae4dd4ddeabb17c074d59e5c3892

SHA1
fd4e7fa9b2161f1d8a306dbe8d98404894bf738a

SHA256
6d873bab1faa01a7a6901e1b0073e2edcef03e572fa648076d341e15ada9d1c9

SHA512
b3ddc244e7f973a3d41ad535ab05ff968f94213690492c497bb51b1e31c89db69ec88f1c2d81256476b18f0f3f3771c0336031edca15dc5ffcf2ac2f7a21e234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
03ff87d52bee9630ef52995811bd4fb9

SHA1
c8a31b1d2634b9ec57d1eb9552c0df521ae454ac

SHA256
267c0daee4d9307b70fd155aadddf4bcf89be4c2a6a9f90f2b386ef0b7790fc4

SHA512
9260db02bcc09ef5d4e0f07327c12239efe2120cba55145d7b9752b87d037130120f184518dbdc0bb2f27e07b1f33ebcc1dd761521416a3536f6179db5615cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1225be978b9a187158fceb823363791b

SHA1
1e049954bfe795617a6a51087ce973a4deacb3cb

SHA256
c006ebf974741c68d834405a9714e1d33d2ef373cf2f60b3b4712f9e44334dee

SHA512
f5993b89ce80108eb320c57b3bb6cbd8d4d537e2d605c74353c75e9a8d40f80feea0eda1722111f0e98c31f7d2ecf783ddb31b9a60fb575b78c7c76cda9391d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c0ad507ae5ec8cd4a591b4237b7b9aad

SHA1
9b3c42d2041888a5e873b5fe36b9d6aedc52b43b

SHA256
aa628810797ac2d6dda76706995959321fd0b6500a7cb23f12ad8b92a2da53f5

SHA512
4e983393331bd095f32f9f3a41032c941cbc6f4c4f9350c1acce68a302ee973636c9d99273992d76e61a74565e02b44bd8a78cb6e19921a16b75f6baf6146e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c5f42b972fca44a676b47c1cf2d68e9

SHA1
18c875e14208b607092984bc628753bbfa45fd79

SHA256
d51272ff0b1c00030d85955bcf34d3c429105fda15a0d57395e665c0e9ee64dd

SHA512
8ee1c34fd2db80f7feff8b1f92b9e80dc70927ecee18314b8f1fd0bb4219ade28958298c7869a5bf839f0efc2f5cb17b5246bec0eb84d5ef747d66a300eb906d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
258d60c62e2036aba1dd520fd27c18f8

SHA1
e1eea6c5d5a259e6eba0388707c5c3e7ab50446d

SHA256
9752ea6d49546f610b5acf032b03cd1bf5957f12c6cc47417899fb035d23d2c4

SHA512
8fa533914424abfdb95f335469e7f08e4d9fd5d23e4b0d21d8e895c45438a757eda0e4f9144a2635263dac75b7446f5552daf6b92327d0eea6b27a1f35c4af5f

Download Submit