435e012044cebf47d154a9988ab0257c3d22e479f3356c3c2f23389c13adbfa4

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe18332b9098a779808ff45a6016af83_JaffaCakes118.html
Size

46KB
MD5

fe18332b9098a779808ff45a6016af83
SHA1

399196920300749eed56a3988ac6deecdc61d6e7
SHA256

435e012044cebf47d154a9988ab0257c3d22e479f3356c3c2f23389c13adbfa4
SHA512

938d1a7f3870568bd133bb7dff1623551e425683bb3dc7c3c575941c74d2fe2a0b7c3317cb5b66dae0da32f2f7a8b7faa1c3ab9d9f43c40a9f1bc40dd71fe50d
SSDEEP

768:/p7kEIa185p9CgGfxSIloYyPmU47kQFm6Wm5hVFaxOcH012Szfb:/p73A5p9CRxSZPm7F7Q1H0P

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
3252	msedge.exe
3252	msedge.exe
1848	identity_helper.exe
1848	identity_helper.exe
5676	msedge.exe
5676	msedge.exe
5676	msedge.exe
5676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 2168	3252	msedge.exe	87
PID 3252 wrote to memory of 2168	3252	msedge.exe	87
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 3384	3252	msedge.exe	88
PID 3252 wrote to memory of 4632	3252	msedge.exe	89
PID 3252 wrote to memory of 4632	3252	msedge.exe	89
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90
PID 3252 wrote to memory of 1144	3252	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe18332b9098a779808ff45a6016af83_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffd034846f8,0x7ffd03484708,0x7ffd03484718
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,4911606292335011941,9975194562939762238,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
0c537a82da568b1528a5b4c5db95f169

SHA1
cbce4bdcd79433b66466b9fe3c0fec730b1a5bb4

SHA256
73279553e1043b5a1f12766aadf552ffdaeb0a22bff842e68a299dbb7af01ec8

SHA512
76ed9ad0826f246c6a3b1b00215625e38437d477e1df4c57c2a56071a4c2d80465a62062b44e33de2ba58f90e664f0c9bdedc2b274ab54706209b812c0d95485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
44KB

MD5
57ae46a87a9955c7c61ce5cfebde0bf6

SHA1
2a9297a0e2ee5f4e0a9b1de88ffd2121d5d2ca77

SHA256
891dc8b9999ba1b2d25c1a044b49330b66b86f986478282f4e5950b726e9878f

SHA512
34e51215e347df35ae4cf8420e2148420780f78123a37450682ed92841c6e1dd1635317cae1ef925a001bda733228db0f5de87faa0a10c36cb967e9b70691689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c75f59baf409a6faa01ce4951f6406ae

SHA1
ae8597cbefdaa9191d3ca6f31d5930b749875ce5

SHA256
a11abe61b37016d45d0e848e0d6bffd6ec721f5b2e67e75817aa3783b83a164a

SHA512
4a918ca5ded7ac3938037422c1200ece9c70ea0ac137c40ad2bcbee3c4b5dbd30ed4097f71b026b3c85db0534bb56e2193da10f9cd71890b9ab5b57fcc559d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5323669709bd61ae07a88f47d3c55ce3

SHA1
ee7fe5f7a51e738f342160a407e0dd0191016b89

SHA256
64272d45ae216eb5ae16510a0f59aecf81dbfa09387febba959099091532870b

SHA512
0fcfb42ca72736b532ca419cb12e51e141a245fd4f957a55d104c040263a3e99d4e7b452b451b01e594703b800807c816c56bb33e67575256756a597130659a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
33967e437921a9c9c9061578ee94585f

SHA1
869661fd7bc51ac6c739051fe205a3ee3b8427e9

SHA256
fa3adbde5a93ba3072e949621e6f7110ea20198cb71cceb56b80bad4c30e7370

SHA512
a13e6481fbc461c6ac2716254657d2732003ce56b0cb9509cf7bf90570cf2aa59f8668703b248e994f1444159f4eca6d19f6154aa6d9673447e8cdcc72ce8856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
692af15f171d4ee5e3aca0fe9d0041c3

SHA1
34033e69401b5341020ede271cf8b3e905775c80

SHA256
c8d191b0445ef42115e609f6401aba4b307ceea1da12ceb64a5e86ba608aee59

SHA512
92d0cd1989f2aad725a73c4311056d57996b058346ec4e89d0b73b09c8b0882e98671c1705619f9797d3f04e39777a51a35406fe67b0bde1a0c928c1af1fa707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aa05e5731428c598060f0bd18c11cbe7

SHA1
9a5748d908d383bb3e39133c37955fc074533a53

SHA256
2b73fb6ee474a5e66fedc0a1c0e92ef7c9474894cf55a765901e021458e2fb8f

SHA512
1ca4eefdf89accb49e425b79820781b9b4b67bdad4e98193df8a4acbda1a5394400bd099306be454ec2c0635b61859a11537d60e34d0301d13491269974ea0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4444c80f40bfda15658c7783e1371ff7

SHA1
cffce496ca3eaffe7c9184e50f51294b463553e3

SHA256
e4502f6c527523db965ca702d610cdd54e30b894db279c40ea9412c1ba375115

SHA512
bbf326bf65ccde4827861274d6ccc51acb497a845c3836427b407d15e2cd1d17250b85eefa5c94bae5fb05505f2959684e6d602cc7fd2e2e758699663a9caa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb547ae9f9879e86f9a17ca52ee3a0d1

SHA1
8835e66eb75e1ab27bee069d7703ee09a72086ea

SHA256
e95904fb281c435b0cd71bd98c1d9c6f53c2523de21c3a57f9247422edafb2a0

SHA512
b47708415db0a4c0ff4943480175e351921af7a9a126949fb7a5a24bf3fe73245fb302bce89659adc5a546d4d8ae5b04c9ab24ef1303d982c320006db1c183b2

Download Submit