a983c793bae0d64ee6f88b4410dcb31cd157ec29103a76cab3e2ee4b9f4c1301

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43e41a2f41e39e25b5721a273b629589_JaffaCakes118.html
Size

470B
MD5

43e41a2f41e39e25b5721a273b629589
SHA1

81fae5b270cf35525f0e0d314bb489f687ec8c1e
SHA256

a983c793bae0d64ee6f88b4410dcb31cd157ec29103a76cab3e2ee4b9f4c1301
SHA512

e400f1e9a10a8fdc3189d1ad219c5cf3711c3926b3c2c9ff3cf2a5f23816dfc5a57ca93d0a6382afba7911617e49d3c80a92df8899416f7e7cf2150ff4a9a7a1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
5072	msedge.exe
5072	msedge.exe
4696	identity_helper.exe
4696	identity_helper.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 436	5072	msedge.exe	84
PID 5072 wrote to memory of 436	5072	msedge.exe	84
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3660	5072	msedge.exe	88
PID 5072 wrote to memory of 3952	5072	msedge.exe	89
PID 5072 wrote to memory of 3952	5072	msedge.exe	89
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90
PID 5072 wrote to memory of 4268	5072	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43e41a2f41e39e25b5721a273b629589_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe6c446f8,0x7ffbe6c44708,0x7ffbe6c44718
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3698891517244776974,12178343972818610478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
f0285a60927bf7e5e4787bf59441fa06

SHA1
f61b4df6a5bea5fb10b8119038db2c26dc41cf18

SHA256
73c4905cc32bf55ea9431d814c78f9cae4529adebec8a41aeee4ec9d02c0df50

SHA512
60c375920011184976ba418abc4554f8a39323c82661c8a06b462854c0d0e6d803f00eed4d8c2123bea19f1536fa4c67dd9823797732ec3b1ff71d2bfbeca225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
890B

MD5
c0b92be52396ab6e455f7af16a8e3600

SHA1
01b9df37ab08cbdda3e19c4e460f9b2f76f6f3fe

SHA256
1028d00e396c8666acdb9210cc2affe9a062c0632cfc979e3d012aab7bd008d2

SHA512
0106b679847eba7b6f39dbc9f3a481ceae08ba25b5d11973f0d5bacbc50abf08c29d298a8826c00d3b39141d3ad318cd1990830f4230b30a1bf1643d62a734dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96632e652b78c4776f6f71fe509bf6d9

SHA1
16faaa940e3dc90b3bb1a0589a1f3a451c7945ca

SHA256
4533ea6b25c363d02f8fcfb5384bde7a03e1ce3aa345a70bc4dfa74bba2d705a

SHA512
b89f0a0c2f42e57e6eb96c1e4f96eaf732aceb7d206436412ecdd9dc8e076f126c79e878d31b261e892e8d5f3f44dea3d21ae1a66d62ca2c93b4f28470149bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60cef249a37ed1fccd6a7ed63fbd9f44

SHA1
e008ca468ab8ad8d45b531ae58e7e1db22d7a411

SHA256
c820279d84acf4f0b9efac494cc717aa7d13aca5b42a6e58671880d6073d9827

SHA512
966dd9f837cff15f63eda3ab54613b33112f4f9290e71fb99ed0cf36556afa1ba2f95b50bf9eac4e1609028b048c7ddc97290c08be5a13fb047483dde2898fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
7b17494b231fe733223ec925043ec710

SHA1
880977127c31bc2efc620d5414426051af686f78

SHA256
e50fa7fa047560ff74a76799b775f37e1347f31d55f76fdf02c36c69422221b8

SHA512
220e73ab6d3c2e6f1189ae9f32e84911283ad4b8a2e6a5c2bf5e707483ef5c95b86cb9b08d0af69456121cd677b538a810404baf044369e894ef9a80bcd5a888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dca4.TMP

Filesize
871B

MD5
3ad7751b2121d64f3254d39665bf0a83

SHA1
76cb45920a3a2767a30fff1a6c120310e1f3275d

SHA256
e857d2bb6b266ea7f7f2a1f219de30fda9a9112d7cda9b56e26b4d8184082206

SHA512
b3427c2a0f7a8eabd5e4f6558621cbfe29257b9db42ddd6d0a4b48537bcf423b2ea5f1e1b8d2580c56ff7bc17aec45566ddea393771fe86804000177986a10a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cddbc7d944c455033baa50058f90947b

SHA1
532cc31e6d986d05c4026dd0b2ae73c13e32a814

SHA256
ac61f4ce6e7d7c5ddbd5f22b3fec327fc073302ce8120a85043560c582f62720

SHA512
a8094aee0e28d50e84c5a791038c92bc3c10fc6511d138e874bd3746552ac54b5ecaff25b5241062b22a5781150026c2d8dcf677398896fcb3f73c2b07818615

Download Submit