9863accce5be8c1423f7e16e9f484fb8f77ac944f58236c3cbc644363e7aa23c

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 13:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af5aa3834f3c47bb6f9855e72932de10_JaffaCakes118.html
Size

62KB
MD5

af5aa3834f3c47bb6f9855e72932de10
SHA1

7f18bea434ac7a32e03e0e7a1f6f8db1e617ce87
SHA256

9863accce5be8c1423f7e16e9f484fb8f77ac944f58236c3cbc644363e7aa23c
SHA512

6369156d4ca3b36bd667896a9f7d49166ff001e907f86a000440c90aaaf567fa0ef17c6b8989fe530cb298a8aa6529b54a3cad108096bafb4b7a2df6be6d3a87
SSDEEP

1536:SDEH3IB3Fw7io9n6OZXEpv6jRPZbhnXqf:SDgIpoI

Score

6^/10

discovery motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
80	https://jira.ops.aol.com/secure/attachment/688199/failwhale.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
728	msedge.exe
728	msedge.exe
380	identity_helper.exe
380	identity_helper.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 3424	728	msedge.exe	84
PID 728 wrote to memory of 3424	728	msedge.exe	84
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1420	728	msedge.exe	85
PID 728 wrote to memory of 1580	728	msedge.exe	86
PID 728 wrote to memory of 1580	728	msedge.exe	86
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87
PID 728 wrote to memory of 3308	728	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\af5aa3834f3c47bb6f9855e72932de10_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb70f746f8,0x7ffb70f74708,0x7ffb70f74718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,853835627516519605,14757368535931789951,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
721451154a1b4330a65d3ec3a49c72a7

SHA1
2523db45d53a9aa69daf1dc49ad86b15d213acd5

SHA256
3b2bac2a6a6a410916bc96286bf781651dea043f7a5740afa9f6314c9c883e07

SHA512
ac977c2b0c34a89d8680c1d32884f069f6cb947c8fc5a49a9cb3cdec194b72d58c28f702736f918238d433f785147b29f0a8ad29e2a17d652eb186e451d7709e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5d9fbd533a447c7306ded9da2ba72108

SHA1
3ef08d0a62d81f5ead4e2f2a77568e969b38f025

SHA256
c859008150bb95bf3876d0deab32f62a9baf92f6cc19bbfffbff3535b90ee77c

SHA512
fe69301cc67c0a7dd5fbbbdc9ec8138840f9e991ae9991fea70cbad48629bb0e1bec19d5364a90c0c49d3edb76dfd0d2d52991ebbd8388777943de7fec8da43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
12212fb92a55c45302eedab38d5486a0

SHA1
e3a0d26555eb49d4a597446571ddd1b1a12cd614

SHA256
82df28435dde2afa2443f476bd95f98a46f145a3c0b1a0b883172c57d8bbf5c0

SHA512
70fc1db1722a1f20012e2b7b2bce5eed9c24ef3673c968bdf2a2c6fdde9addb11f0e5d25f9c443a84aefa580593215a73bf6780c726cdcd75973e5fd54c792cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5206b3f8121aa78d2f93ec57c690aaeb

SHA1
70d13c28cb81e4f661f62ef0e19fe78df870a863

SHA256
42cc18acf641d7168b6ff99dfa565dbaf33975351d1ea367ba2bbe40d17928e5

SHA512
e63e817cd23c5b1db00e4c3489d58dff3a1b9f54ade4bac3575c702fd9fb2fd2094b2f7a648ba58430bc2a8b4a4043a758afe81faa515f9e552da3ab32098bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
31620dd17052e9fc983a504d589da827

SHA1
503764c57fcf3fbcdeca320c4e163e392c4c80b1

SHA256
597704214618b1f85bf09ff31afac6a43ccc41b04a4293f51b0ce1027349613d

SHA512
4751ba3e3bf4884b9dc3d593cc5c436d5894db14cda591d79fbae824c6a1146d53386c7673da86544395287b289d6c9a572523ea0425ea19c3ab20aa789232c6

Download Submit