69c1b9f8086f720170b0e1c7295f9e450f03df088aee6c0b5941df1118be4980

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e285059ce9f4aeda0df1a94e9622c614.html
Size

32KB
MD5

e285059ce9f4aeda0df1a94e9622c614
SHA1

6f84129996fb8cabed9c2af435a6a1f473004f26
SHA256

69c1b9f8086f720170b0e1c7295f9e450f03df088aee6c0b5941df1118be4980
SHA512

0842c2e00bc8167176642441bd5d20225f8220128cee6055936ef9891175e1c2d14fed797ebc6f380e8dc4c7cc12f242d458d2543ccf9aa8a385b0b5edd7def1
SSDEEP

768:Zcd9QZBC7mOdM0qpC5I9nC46G9E+vF5Z9SaufyPd:gQZBCCOdi0IxC1G++vF5Z9S9fyPd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
3400	msedge.exe
3400	msedge.exe
1400	identity_helper.exe
1400	identity_helper.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 1840	3400	msedge.exe	83
PID 3400 wrote to memory of 1840	3400	msedge.exe	83
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 3988	3400	msedge.exe	84
PID 3400 wrote to memory of 4780	3400	msedge.exe	85
PID 3400 wrote to memory of 4780	3400	msedge.exe	85
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86
PID 3400 wrote to memory of 1484	3400	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e285059ce9f4aeda0df1a94e9622c614.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeffe546f8,0x7ffeffe54708,0x7ffeffe54718
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15915576077986443631,8602138348371717001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
4a7fd0c24a6876cfe759f9e8d9555d94

SHA1
2c19e9a4a1c7cb42d73ce687fac055dae29302fb

SHA256
463f02e58d8a9abbf676245dec15496280b89412848b9aa0d5b3c1685ff8842d

SHA512
e1eedcb3bc7420b172a65a5c11a6f9530827a3d3c54ccfe89f610f1d405d988a9ff13f26ae33408658c577d388d4505abebd7d917bd0aec58cd8849f2f81b222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4d060650519d0c4b2db4984a1cdbd973

SHA1
c8929b0bb77b9c869213d816336276feca6d085f

SHA256
fd861dd4fcfd0555513cc889e49715e23f4da7daa5216a1337a21fbb698b51a8

SHA512
0ea6dabffcdf568314fa7ca4bef6c3cb0e9aa6bc7e7cdc6a52af1dc5bd23c501614977dd1eff3036867fae5ac7a69f24e920e7d5f5f963deb8a56eb67ae9bc8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e1eebe1e9653ad79d7b0d8edca30320

SHA1
945565546187725ef64a4c46472511aa250da913

SHA256
10fce0c15c506d868f8f9f6bc7b7ef05e215700a66dd1d72a5d82e0aae6cc70c

SHA512
536f8fdf8fb95d053e8ba36b3987e395c7d74e5f0fc7438bb8ae8c42e85911fc654f07b43b487777d59bb62eaa0bca5f83330539cba44a37c6fd191dff630cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c24a8f9760153c95e486170072a0ca1e

SHA1
35fac743eceee9663c8d2557e818130ee1c281f2

SHA256
e5ccd1454ec801a7070bad00edaff94b0968772c56b9c4a43bb8e919cb8934c9

SHA512
34e295dc20c897b788bb54f13df9408adc5b49781bc184980927d5eba08ca833d4e6785d2b3adbe82c4a925f4d098b0ea1366ff40c33a27a646a25bdf6123e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93a480b13a2aa2f6f6192785d1fabb5b

SHA1
a23a20378c7dd2787df83bab96ecd731b7fbb928

SHA256
0d9631f2d56ca436668bf5af0f34b90741b769020fc433e9ea4dfca693c5534b

SHA512
b18c50b3058d17022407fc56d58220566f5213aa5d9bda0976dae61c194d1ed676bb9aa003e9584ab29ad5e57789b67dc7adebe22e3b58c272ed9d23d6709a49

Download Submit