698929e12b3c5c466985d38e3c94b7bce320bb9fda1e744fe6f72cbc904697c2

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2025 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5634c25020368ef2357e11a69056d4e7.html
Size

94KB
MD5

5634c25020368ef2357e11a69056d4e7
SHA1

b392ea957e3dd1e8c740c55f0452b43fdc8863cd
SHA256

698929e12b3c5c466985d38e3c94b7bce320bb9fda1e744fe6f72cbc904697c2
SHA512

51ea139e3c41f665656c55eeb9dd8a106e1134991b772b0b46d434371789c557b1ed9ddea00e157b9eebfff0a78bc469354b7dd9026051048e34b8a5aa528841
SSDEEP

1536:D9hAiwtLpRodRhMFP+F3J9+VO6nzXPn7hM4odRhe9EldfeCB:D9m1tlRodRhMFP+F3J9+VO6DodRhe9En

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2864	msedge.exe
2864	msedge.exe
3036	identity_helper.exe
3036	identity_helper.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1344	2864	msedge.exe	83
PID 2864 wrote to memory of 1344	2864	msedge.exe	83
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2460	2864	msedge.exe	84
PID 2864 wrote to memory of 2844	2864	msedge.exe	85
PID 2864 wrote to memory of 2844	2864	msedge.exe	85
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86
PID 2864 wrote to memory of 4840	2864	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5634c25020368ef2357e11a69056d4e7.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87d4646f8,0x7ff87d464708,0x7ff87d464718
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5613352106589962831,15194978421206442775,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c76f006e43097e0db95623fbea9c12b0

SHA1
31d1f246b9d34dfb86cd7a511ba6f844913e4b63

SHA256
2436a2c1012c09d9778b247fe6c9056e65f482263e34067aff7fe2800808853a

SHA512
92871f1354db0ff52614253fc1d84529e01393e65575b16df60ef9b2cdf3e9e88866470d27a9214c85351bdce377871481be5223924ee3348634acc419ea21b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8cad6d6f719cf2818c31a3c5c6679915

SHA1
c45e8a575ed86b79a0e6bb9acfb13f533e2a1441

SHA256
cf01a7dd8ccb09721b8c902f23c2725e491a5f33fe19b2e223852fb8bac395d1

SHA512
92e528dae521b72bf5727dc532770bd8e70d3efe22b612b476165afae1eade5053f71d013f0e0bb5a59d7d1d5493a81011f3bcea6fcb76ea2a3e97afb6e1f7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dda4e2e8a18976ba894fc181be57dc24

SHA1
f704e2ede67a9df3ec8349ee22945ce824abadd8

SHA256
f52d82f8a13c501a0cc87abac06a9351d7fefe00c835973a24dabca797f96f93

SHA512
d8b257ced60387d2d38c79ddb8ac313833a83c965ac7a331b942d60cac8d1804d0f0c394ac7a771e08af41a0ba77c16ab177ad4753ed7f8a4282dedfc833857f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
922bded7c09275443a0c4571bd6ccca4

SHA1
aa2ca723dd0355c37e9040fe52a9d449cb404d5f

SHA256
d4d41dcd35febf532fb77f4c6e29cf6f196f230a379d36e0fc1f3dfb3adfda24

SHA512
3324099f86557c230d194442330e4c180a92afacf8d092c78ddd5b4dad629298a7ce2ed9e1880a09d853c294181e58f7759bb56574a82b61840cd84fcfababf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
41c71c4b1ee22625135c324d4df45d72

SHA1
0b7a4cb77e876c4e3b3aa7af8cf18afc5e4849fc

SHA256
87ad59d405310e252e3e0a2d8bec45ab036e4ea7da142dbef9d7ebd5c2d7f66e

SHA512
ac713828df54a20bb8c1835e45d54e5647688a33d2836ca800ae7fc899c6b22410b02114348351e18e5ac664e675e090edc2427ee842f5b03c1fc1f346550db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b6ff4ee66e40f87be9279b7d4bd292b2

SHA1
f5020d7ca05893c14a94b7e00ad0f3ca06ffba1c

SHA256
a0dfd518d6885e96ed73a22a96a4cbf8c2019b4017e93b5fdd3ff04c17a38c66

SHA512
a5a613ac3c62df86ea2fe80321c8928969b898266325329391941a5fc9f882b77673f6080b4441f81a53f92a033456aee060479582991d17ea584c40f6bc4ae3

Download Submit