11be5224a1c5bd1f9a2579abb217dc95cc8f4efcec78ed08adbcb84b9a80ed4e

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01de4b26ef98b410822be7dd38c5a6b1_JaffaCakes118.html
Size

62KB
MD5

01de4b26ef98b410822be7dd38c5a6b1
SHA1

64addba553f4ebc4f3382d974ecababb7c2c00e1
SHA256

11be5224a1c5bd1f9a2579abb217dc95cc8f4efcec78ed08adbcb84b9a80ed4e
SHA512

c14c9da1347edf923d9f281d8bf2f4478fc4cf1a83e34a6d9ef30ad889d2221931fe893a3eac92b33eae0eb5ea1ae48a86eb9dbe6eb6d32de9844167cdbe9d75
SSDEEP

768:d3KwhHrA+OC2aWaWS+SCyWO6amGnGj2LfOKVt4NSPkKzhCeUS2EcJiDUYggK:RKw1rASDLXuScKFCeT2Ni1/K

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
836	msedge.exe
836	msedge.exe
4520	identity_helper.exe
4520	identity_helper.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 4012	836	msedge.exe	84
PID 836 wrote to memory of 4012	836	msedge.exe	84
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 3392	836	msedge.exe	85
PID 836 wrote to memory of 4824	836	msedge.exe	86
PID 836 wrote to memory of 4824	836	msedge.exe	86
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87
PID 836 wrote to memory of 3516	836	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\01de4b26ef98b410822be7dd38c5a6b1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfbb046f8,0x7ffdfbb04708,0x7ffdfbb04718
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10062013115208450904,14438926782584898004,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
e3809e425f096d9754b1d6c77dcaad24

SHA1
1f5abaf8a43bc3a0ea669bafc9dddc873514b2bb

SHA256
7f95c2b4ac83d9077f9cba1f3ae0c006b58fe4b3eb926b6e524a1d6fd02e1e07

SHA512
73d99a257919852c1deb32f91c3d5da544da1e858789371d622a3ee3dfa4f4462a1155e3c7ce8c1c17fe912d8ff1111f490deebc22a41eeef5cff62aaafb6703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
24980e2eb7c42fe7a5b73add5286f7c1

SHA1
a927832acf434e31b4a8e50b0e48b0acd9e801cd

SHA256
2eb162ab4b9c0bad0fb07d2c53c8489a96799c78941be96555464b96373c7866

SHA512
3879f3587ecc307fd8f7442fdced5612483a4974587914e992cb0d015384f3d7cbdd5c54fa87baa60167aeacd0b9866570b2c8dd182fcd549aacebeca52b9fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0c59b38b6c2d38c2b15f318ef7c9b219

SHA1
54f28f701c0a8496dcaba7e876b0dc0aa93088ca

SHA256
bb60ebc40fddf71ca221c081cf4b4faaecb868f07afff6aacac876d50d41df62

SHA512
66fcf3955479e46ee54281b9aefdce5eee743b082414f5a824db2cffc8366576ba69b1b223d1eb2e708f3ebbe9571942d0acd361ea9c6740442d344791bd37c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
655932712db79051cfb6571176338cae

SHA1
4209d88b54a7153314488940d8c74f771a2fb682

SHA256
4bb49af8f62c8ec4fa534146feecfc23185ffc49e687df665f1e4f29c104f354

SHA512
524e422fb2fdab04f7ed3c2dfe3f7eda2d7cebc5ba2e5c0558e5fe86cfbc5576d2cceaac5b4a35d377d88d094d8bc4ea1db933658779d79c6d281936795081cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef0fbb848addf97bf0762b2c49d6b5d7

SHA1
2fd0c2b7387d3a02da9133ee6ea5f098a485b77b

SHA256
d0c56079b55f3323b5302892d76cfde93d2c5c8f73a8942e88b3100af2cbd8f9

SHA512
1de9520f84e76d41a480abaaf681be9c34c0a4ba20c367f699e3abe9303f26240a7be034e15703c18c69d5614ec81857fc03d1b0a25481b3c6874d5ed25c6ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b06c4be413c81709398925b2eb9deb61

SHA1
627f155361a6340073064e9dafd23bace8fe7f3a

SHA256
72534d15e0895549a31a647521ec7316c1a018d041b998826133b073c97e52fd

SHA512
d1c4ebd3de2676b1d35c0622682ed19e0a4c2dd577f2a1bfba103147dff0195cdef8b99c8e853aadef2ba9b79baf3c74cdbd4fb2fd4a44aafeb25db162330cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f47893697effc0fbbf4ac76519d552b2

SHA1
884cb94880afbdbf612e864d891c3e20ae5683eb

SHA256
3254ac970f3afaed89e8c4156d5db863887f727b746faecde0d88405a41ded66

SHA512
0bcb618018fe43d0978b2c14025ea31ef2f524088eda700d97b2ea8c54a7a0312e1272006cd05fb85c8d7badfcb119861dc5e694fc4a038fb47999c9651897f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588f6a.TMP

Filesize
203B

MD5
8a2a297b61849aa4bee451551c8b8e53

SHA1
cc6b6ba4689b0577578bc575fd6f0e724533b5bd

SHA256
0263bf389f270f05e896163daca75daf5fa5e4347cd83b68741918f2c9497f17

SHA512
5c577769cb291e9d7db33f6d4ce373973a6b77f2ad6104bd6ef69e75a9de48f4488f8aee42c62526329cd00dd5c0f4fc4d016800e241db0de0316e55859121df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9692b675e4fad9f5a099b0cdac5747e7

SHA1
ba29cc5d5851f6c419160042dbf84d442ffd68bf

SHA256
41817ac64144907280a695882c22dc8b62ebd0e02b738e6585b8736c1ee8e0f9

SHA512
04ae27ddbf52b9795985594d2077697b60506e677afa63e91b30c9043373630b7e0c26e9ccce5401bfa4f2cb5040b78d026ac80ba1c92ca07837978156e12db8

Download Submit