6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

max time kernel
95s
max time network
145s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25/02/2025, 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Size

25KB
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
3160	msedge.exe
3160	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 4376	3160	msedge.exe	84
PID 3160 wrote to memory of 4376	3160	msedge.exe	84
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 724	3160	msedge.exe	85
PID 3160 wrote to memory of 1044	3160	msedge.exe	86
PID 3160 wrote to memory of 1044	3160	msedge.exe	86
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87
PID 3160 wrote to memory of 1368	3160	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb6cbe46f8,0x7ffb6cbe4708,0x7ffb6cbe4718
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12111432319148853699,6525690647409289166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56b88c052c247ffe0b476ec079b68d26

SHA1
f5c0ecc4db1d6d83c9b1211103923b5dcb422a00

SHA256
1a03ef362174c9a3f5863436aadb8f8430dd6639bfb6c3bbf57a9d8a502e12ed

SHA512
29f4f422a90dbf625d1b31a9f4a13fcc116fb489bc42d5cc2e504df89bc2d2ab4f9e63812232a30342b36d1bcde009605ff2f44521654c7e9d1e496bfb00efcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
1ba807dff113f64ceb3a4b8eb06b430b

SHA1
d3b5191e37fb2662eca40cd87f4e9caeb3893993

SHA256
5c758fedd51f8e100571438f0d21511c95488aa8bc5ac4b751ed5f349f86e047

SHA512
dcdaa5e579874521d82820fe236fd25c8916738534335f7fba02a426199a756e1b2b9e5274af7809ce48adc3f86793544bf9ef8e175270274c884823404d1f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ee44a191346673d34232ee3632627fa

SHA1
323d7b8f84b2a2e775accc4311ba6fd5d2b4764e

SHA256
138dd16cdef79f6d233635fe1a28f3b529c548feb99a4be3400a1416ff1a12e5

SHA512
8cf37ba62711b72efa0d3fb02ef588aa042544d2668f5a5c2b847149bf2c20c1a6bc47975866d5844edaa7278720b4278942cdbe025ae0f30326c3e9e02adc69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
435e3d3eb20ce902bb629ce596750632

SHA1
10d3135ae87ebf15ea9814c2644dc58c91411385

SHA256
5e10cda21a8fe7d17d272e6f5ebd2f8bb9557805f0e74c7319fb825cdbc9d3f2

SHA512
4941b4c895e0aeb68a770623435d88e71bcc46b829292873ebf4efcd92c28a639215567d4e9edb9def0fcd5dfbfbd7ad0925691489343bdf2a5cabe500991f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b539ebbe574ce800e48edc7863ee005

SHA1
467d41179eaa68b025d7b9eaff76e9bae1924c51

SHA256
9870cc729952337c6ba4976404ce8f267e772ed54b5f4a78a158e1f15f53aa14

SHA512
b1b19cc2ad2d1e67c4ff01b8ff2672d52ea9576023e8534408de83b717cca73be95f469971809d18d8a91a00fe11aa698019b576a72cb647684a28c732f7cdd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
191ac8527de0f8ec3304363ce89c9e63

SHA1
938619a696b653d1816665a3014c1990015748bd

SHA256
41765e42debb2b94b2e0118ead8dd77e98cf6e5eb802e3bbe848c4cfe44508c7

SHA512
a341c8b4947be354852b2503b1626aa97fba619958fbe85c904dc630ba4904a6a5ee383d0be4e5e72c76c9de3fc8c048a6b0034e25725ee0894835a768b13636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
541c38e9fa026415e23998f4b6b90522

SHA1
8d8f98f6768a195dca0117117ea0292eb7d35857

SHA256
24f1d1211d7fc76c6ac8550fc63035e59cc7a5bb6c1d5768f4c520337e62a7aa

SHA512
fddc2cef41defd0102bdc3a5ddbd58819d34684034788f2b5e7c9b26db5f8b787359d5a38490baf734f7181c2e517b7243d54eef5130bb06593e3875abd3aad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e3eacf849d93a954a96ea7da4b40e7fe

SHA1
22226bce2c320631b4b31e45eca6f5bc23f96e77

SHA256
d86da3fdf698c0ac4686d555abca80753dfd1422eb2ccc4d3e8217f8bb6c58ac

SHA512
e3634acb725aa5e57e39af0f6812df617aaff3dfbcfc8c762b2ea8eaa1e74f53ace17336eaf109a51b8ade087bf871ab48e7f4f21815ba294b0e9e4cc2feff45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e9a8a9f6d76b34d4140054b3a129f57

SHA1
c265b8cdd45b468da549f182b94f8ca314e5dae6

SHA256
bc4ccd727c59116691ce413a1b70d71caed226b0c882d9de7aa7580cd6e52803

SHA512
e11870d89093c4d434afca8d9f781c4045fab5152aedca25aa6be8319f5f411367c11b725382ee1061b83f45acc6bb63c0c3949b04fa8040d25f5d126fdb43d0

Download Submit