ca13de365fc795aac52ef26baf3178109d48137eb607b31d5ec83f7409115361

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f2eb5a091f47b6bc2cc0e2c12215f4ee.html
Size

175KB
MD5

f2eb5a091f47b6bc2cc0e2c12215f4ee
SHA1

5970e5e8c7e9ba7fed355c703f95c1ffd358334e
SHA256

ca13de365fc795aac52ef26baf3178109d48137eb607b31d5ec83f7409115361
SHA512

f01b1165dc6e9ab44fb38621cb11408e67c53edd1de65cded4cb12e3e79e24da089569f3a5bb0d8ced7d9a7152d1ca44c8b1337267f610c1b170d10c5d103848
SSDEEP

3072:z0xjt0G8qxAGXmNJUzi64WvP4yvRJ2TxZG8lDCv5C+zMhY0KFM:zCHXmNJxVn

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
53	drive.google.com
83	drive.google.com
84	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
3036	msedge.exe
3036	msedge.exe
1016	identity_helper.exe
1016	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1456	3036	msedge.exe	82
PID 3036 wrote to memory of 1456	3036	msedge.exe	82
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 3904	3036	msedge.exe	83
PID 3036 wrote to memory of 4712	3036	msedge.exe	84
PID 3036 wrote to memory of 4712	3036	msedge.exe	84
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85
PID 3036 wrote to memory of 1064	3036	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f2eb5a091f47b6bc2cc0e2c12215f4ee.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8236046f8,0x7ff823604708,0x7ff823604718
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,11599767408882361361,4922346303316808655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9d23f13e81fd0045e3fe644a1c33d00b

SHA1
c65b37be6a4f93e32a20a5b3da2f19ce7f3e631c

SHA256
bdfaf677885c20c936b862523c096ec5df107d2621ff1a4c6bf0ed8ea9594826

SHA512
f95781b66adbde31426e6c052ebd29cb0c7cf92aadda170b47f635e464e3d808ee55af696a25e9d92125dbf5e2be71940a0b9977234fcb1939e3ce13be19a0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
20a5d3c5249e0e6cfb5325b73d06cbe6

SHA1
8c7d360e4cfafee8c34432588a2ae2a20cb3580e

SHA256
f8b5f277de20b4bc4e979c5e85c64f29b709c58d9443238288c92e233db21564

SHA512
1056ded85f689f0e376ed3a3e904fd4f9e465ba8a284de5532f482ccd57c2b899aafe51e5ad65b9aaef06f0225465770b90f3f34b94540bba9d8a497f27927f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
667c0237c3dd0e39baed9acae5c1a810

SHA1
3f44b40fe01a91ee837754afaf0fd175f56c51ca

SHA256
2d5eaf6c83211d8331e93a0d6efa19aac31cceb9afb0c3654c0739187b2dfca3

SHA512
baf52fbe7b7938feb27d8fd71e3383ae35a9c32f1dc9bbc7faec5fd4879171b1399b55bb3f914d27c1e13f99fd7cbbe88a235fab553c4a0aaa5e4234f461cfe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bec772ec9c98c834b9b7679d83fc6e9

SHA1
d1b3ffd04dcbf900a8577cc94df3bb0970b03de1

SHA256
8fdba20ac29918a3fc30393c1e085e90fb8a6afdafc7bc493947510c9f6a295e

SHA512
60b333ecb3e2dd886432c4d547d6a91038603065364074e7793de0b77774c0b1cdf9f6028ae1318dc7dee9cadf7db98e31d550b74e2e9c82230d8c76a0bd6641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f395f0c8d1562f234becd35040f66a22

SHA1
0550a40b79542334ed487047c1ebeac1eb38cbe2

SHA256
5971c7086a081b71aab410a99f4e52d452ab753b1b5f6a076feb64d42336989a

SHA512
295f473475c28736e6781d70d3161e4c2a1cc7a3badfec74cbc6956e1c9851e080a99770740f144877e5d40bed3846d8d2069382462cbf650e31d1ffbc35d3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe08906ddd288f49c376b0e382161caf

SHA1
20402eff86656aa3c03d28d66dda3a90229ef095

SHA256
a74a6082f66fb539b7e0fb39af7dec89da9efe26169d4acc68be0caa8c14fa37

SHA512
e0d44decf6c88951f67b04f01ce531893e39be4ae5e0d01f3d7465afbe8805f03fa2f69f565e547d2a8d5dc8d2cb7b4992eb95b9b580674fedba1f5e5c1d0eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
31d8808f5a85d554ad5de5ea8855702d

SHA1
efccc73f1b558aad9a3289b117bf23500aeb475b

SHA256
fe416ded0316871a8b5f8fea203ee50c18968e056ccf7d2f8c96cdf63ec3b289

SHA512
b19418a4e9ee6375d80c2a16a3c3d2df348ab8e7c94c440eaa5b9c8f4010c8f59c3e9b06e0f92d30d3b5b8326bbeb1a26e7bb26b3023c13349004079c7702312

Download Submit