e9e130d00c848ac2ff9bab8d066b04eb6cd17e6a57e9043c3db84ec7032ba42d

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 23:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

31a6f9c638229da5531292cdb91c7a16_JaffaCakes118.html
Size

71KB
MD5

31a6f9c638229da5531292cdb91c7a16
SHA1

67949b92bdbfc49df350cedf1663a4077854f78c
SHA256

e9e130d00c848ac2ff9bab8d066b04eb6cd17e6a57e9043c3db84ec7032ba42d
SHA512

0e0e8bb7225188ab2fc50540003309f51cded5209a9e34bc746f74413508b3a6061e0325868ea14bb25d315ac5e0ed2c57a8d371fc54556b0c7065dc5886ad02
SSDEEP

768:N6rYrph2YM/OaRK4IbHe2g0Ub1pBAuSGv2AuYuUW5+uUIrIBIqIK6KtiWv/MKkhT:Nh7c2opBZ1ekWrMtWbLLzooI12

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
4048	msedge.exe
4048	msedge.exe
1956	identity_helper.exe
1956	identity_helper.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 1640	4048	msedge.exe	82
PID 4048 wrote to memory of 1640	4048	msedge.exe	82
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 852	4048	msedge.exe	84
PID 4048 wrote to memory of 3832	4048	msedge.exe	85
PID 4048 wrote to memory of 3832	4048	msedge.exe	85
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86
PID 4048 wrote to memory of 1520	4048	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\31a6f9c638229da5531292cdb91c7a16_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12114360959797789672,12589221814450186990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
d9b8ef9aae25858b6229408c399e56e4

SHA1
bf02d26e84d24c4544d46bdbbcdc4abdc394e9fd

SHA256
4e7e243ee78105121c3a4bf4a4fe16fb7e2b8290f05cb491ead240cdf005241d

SHA512
caf377a32dc8a30c9dd4ef9b615e81dee3483bf0a9e32754ad4f906bc8746fd0ce612871ebf01eab9520473d73947210121c2fb4893481823af1caeee2f151da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e5c34bc98498f6e7d6a929a7254abcc6

SHA1
980b0388bc4b7ceae743b8ff8ad59321d0a844f5

SHA256
7377f853dc00be048c368707f70819f9bdd35d9a1b540f5de912209895cc33e3

SHA512
38c145ef66dd5fd3fba88dd3906ca322321ac48431b32971299e1e56924cb8bf6f4dc91997dba62460fb6875528f8d39c9e7506b50e8c0dbc868c192dd317e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf0c64660ca68af954c4efcd37f15952

SHA1
d8223070b9d39ad0aa7ad6566fbe2082d4a087ee

SHA256
abb9c41bac0387eb1f9cf48a5c50c53ee8549895161bd0db74346498b37b0e15

SHA512
7da189de72fcb601f5404a9f50c6ed8bdb48a79aefa83c481fa7829d8ab17b1546e04370cd0ca2d36f5efebe2cc5f8c8e6705110ea24d0ab0d6c451ee33b0acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
793003355a73e0d79a3134fe6b9006cd

SHA1
52898ea35ef96f2a34ae06be448ba0a7884f0661

SHA256
41c91848ce00061cb59a5ef2e21bbe0eca44afe6556745965217f6b4faa15e35

SHA512
d4ddb9b0498a60b2946e126617b275c4aa996015fc20aaf85d9da8ac203f29163aa266915e18cbcdacbb17a06186c36ece8ea7f6013cfe8a4a67643bed6d9d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b6a037d9b4cd1a30811d8572608ee83

SHA1
6bde0c23313dad6cc58e63c53353ac39c6186333

SHA256
beea7d28306929106ff058f60be755fb318acf0bfabaf5f5f8c9b48324ebe9f3

SHA512
31a70eec402ad509e3dc3c1fe5268f5c37ab93f0b2488751865061177a23f9b07e948f8f59b50f4bd3f63dccf89dc192f13ca321b375d6060c286342ea5a237d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dad65905539a749bc1459f7ae0d532c3

SHA1
cb1b2409ba68d0fd31a57f6e3071aac0316e941b

SHA256
36a4f251d717861541fc6c80bc7b8799d0d1c91ce3e511ececc1df7c6e61035b

SHA512
d81470fe0ecd213a1481bf281f6890de62af3d2ba2f2c91ec41b843ab0949b7c45ab5fe74471233456baaae0f67d9be353e1a47b0881b6db1582e86597cf563d

Download Submit