552e3f5727d3092fef7f7761149fb400e4c0ead6ce3df020dc09b8ff9e7f414d

Analysis

max time kernel
140s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_63959c756b1440c68873e67f32f0e85f.html
Size

148KB
MD5

63959c756b1440c68873e67f32f0e85f
SHA1

2c1ce6abd7dbec3502bb1720ab95e26335e37aba
SHA256

552e3f5727d3092fef7f7761149fb400e4c0ead6ce3df020dc09b8ff9e7f414d
SHA512

e8d969dd8b78bf9162525074681ea470c4730265955159e3289b899e4518f4324cb05ac28181cc83db846a723962003e9530d64d4ee97c45241d9b36734029f3
SSDEEP

1536:HVEEfAafAGAQw/0A6u4wiWkrrF+dpkLy/srmT+88XolRrdYlk:H+EfAoAGAQw/0A6u4gkLX9zXoLrdKk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
3900	msedge.exe
3900	msedge.exe
3140	identity_helper.exe
3140	identity_helper.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 3468	3900	msedge.exe	82
PID 3900 wrote to memory of 3468	3900	msedge.exe	82
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 2176	3900	msedge.exe	83
PID 3900 wrote to memory of 5016	3900	msedge.exe	84
PID 3900 wrote to memory of 5016	3900	msedge.exe	84
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85
PID 3900 wrote to memory of 4792	3900	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63959c756b1440c68873e67f32f0e85f.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a8146f8,0x7ffa1a814708,0x7ffa1a814718
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11680731935465377044,7490366263337518719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
d1144c8b71ef42810a1d0f1222d118af

SHA1
2486633accd616d984fd5a1215ea2540cf27d077

SHA256
ef69d0921f79921d9ffca06583b7c1ee5527c47e505126a341b402f3411d3cf4

SHA512
d3015f58da88a8d6190ac20fc00de84f6858022b2e13bb9de6c4fb7f9f21e01164eda491d5a9a0ddfcdd7d1e75e2ac5627e087be98f05c40445e92306f696709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8abf5eb611526117ebb8bb0710ba3b36

SHA1
717d1a963072ed6179ccce61ef5d5d66408005e2

SHA256
01d09fb2fadedbd997b350e4659cf4408ddbc806ee208d4b410aea6f69aa9bee

SHA512
9e1fcfd89b3825308590312595e9c0ce90185683526dbee9af0d4a7898d11711a1dfab5f661674cdf39deb5bbd6f4b4bbbb6151f06ca17e19f2f234d0b9779ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fa291161b90cdbb9796b1fb3a2e6ed6

SHA1
b1b68ec877f96c6376d7d06617b649e9b75dc8e9

SHA256
a4e94ef5ac7a86aa43933d73f8528fc3cffb982b3b7d23a07a1d0153f05097fc

SHA512
1e07e68a8a69378f5437b0441c809d3b9fef55c55e3f96d435743940cabbb130e26e7152f4cc154bff4b428832c9a8637456280a0b3f4e38073cb5951c9a4985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e646ad38cd26bd7da2dc225202593c2

SHA1
47665c129609531bbade2809fd7298df7052ae93

SHA256
caacfd602649c1920ad0b2b17ea5b13a637013cf64cc640fbbca7ed98aad1856

SHA512
06fa14718c385d87dc1114989b0e9c5b2bd10208f43ac635dfcb957646709f907470d622e5827499f605dfe2ee1810d0023e26a0a38545e36ad5b483a3a2d470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5615759eab9c1642498320a47ea0152c

SHA1
ff6f81a7884821c02c3e76866a3962fa9d32d8a7

SHA256
e2d89b73d480bb6036a8e0f85c94dd47300505e119b273fb019d410b307a6871

SHA512
e35c4764d9d5bd8ec329b9839939fe1fa0cf7b1f71e00bacac14b1e9e9e0bfeaeed42f5470000c9f5e3e826d61e76f679875a81d2772643a9639b076f458944b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
865B

MD5
539be7dc32baf8370020be4228a74944

SHA1
30bf4a8651d964ff3c84ed6f21e6c0e8b913730b

SHA256
95fac61ce2a3218da429941e8f8bd5361c848ddc11e02e66bd94518282dd7b4a

SHA512
01dae7ecf96eb640aea7c9ae4cc4e0a45bf7c1b5b973284c1fee92ddcacf6f1607fce91f5f0fb119bc88fd9e7b8ffb2451a5b2547fe8c6cb4606c04c12b46e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593e86.TMP

Filesize
698B

MD5
41bb5c0f9305e0aa27e5825d18546284

SHA1
419d76de5190adeb8315109e9cc6ce7524bcf4b0

SHA256
e3cc5f4e5168dc347fcb9ead425a8ae4477eca1f0d96b48c56bf1e4de07c724a

SHA512
98481e24d4e3478ba4b08b74639380e69009e23f4e4af6a7b476131a9d3c08e6c0cb187a5f2f36b282786f0c46ceaa27272173b98ed3537becbf6e15034c5780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22c5824eedefe59c8982b08dd1c30603

SHA1
34538b51bc3603e26bed50d1a2b071707f06ed72

SHA256
159678a7931b88b978e1ddd4e8bf2718e1748f81a50ca850f9809831a24ef6a4

SHA512
b06d8abba21702ecdc8223725280e80296db7dcc8b8536c8562e0b70c25f1700081d4a0e16e0472bf3bfa7ee76eb0570a3d21bbb4fc7a4e6b3b31b44e83918d2

Download Submit