94ec99085b18b2ae112dc7c061664e82cfc62e2fd69215198ada03fc5c3ade3f

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4fb4ad9e918b742972d7a05128e0ef10_JaffaCakes118.html
Size

91KB
MD5

4fb4ad9e918b742972d7a05128e0ef10
SHA1

b2cc7691dc90bcd989c53a93d8a2423cbee8ceca
SHA256

94ec99085b18b2ae112dc7c061664e82cfc62e2fd69215198ada03fc5c3ade3f
SHA512

3f5d12a94ebfda5201d91a540340db51271bc7cda9825fc138d175ed7308c67f0174db2cdef9f79c70c9de69a9dce96d54f772e328b6bbd0108ec8412cd3c807
SSDEEP

1536:KaHHHh2hBEOeaQYtzvOOemzQrESm6Pk7TtFfidOq:5HBg1hhPTtF6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
1088	msedge.exe
1088	msedge.exe
116	identity_helper.exe
116	identity_helper.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 4864	1088	msedge.exe	82
PID 1088 wrote to memory of 4864	1088	msedge.exe	82
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2424	1088	msedge.exe	83
PID 1088 wrote to memory of 2316	1088	msedge.exe	84
PID 1088 wrote to memory of 2316	1088	msedge.exe	84
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85
PID 1088 wrote to memory of 3012	1088	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4fb4ad9e918b742972d7a05128e0ef10_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff9954718
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1769467119507806596,5331759479106433342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a3d643239b1dc26814536e991105e568

SHA1
280520de1283df7e593ca93839e7864d3b3a541d

SHA256
5c5fc0e668157c319f506509e734c2247317cdad70cdb70dd9e6c634dc31d90b

SHA512
3e46076afa0d4fc59b65b95a98acab2f394ac44bfadd96479029241f2d3e06e59f44b144d5e2c65cf03f97401cf9bdd6ef4c7884d797682052196e263a80c0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3919a5764de12a457507ccfd81846656

SHA1
3721dc9df5af4d4c151b94c232cfd9758e74ab22

SHA256
1ae79a0fc32251550517bcbe54eb7901fc00a9ad44040d74bf8bfe52a15aeb01

SHA512
de0630efeb828dc5e6ccfe8973d5c3bf320ef6548743e20f55c0f19ea6ba644940abe049cb11aa0024567a70e2831ccfe97661a8e414f00ed0f0cc2846dd71a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
98f8255c05af253f9c609c5c23404ac6

SHA1
9e53978ad4af64d15a6099e89d880bea4bdf3e09

SHA256
190665418da8eb45b5f92bfc984d3df0d70110e06ef5f0323a0be8dc30f2a8d4

SHA512
8d1fcdd0ddd4a1fbe3c25a4f5c0a936b6116a1dee0e6b7e0526fad752129ea528ccb315ac40a0c082d622330dc96709475349fd1b5cc4721c03aea3c5cb276e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61463a1bcf75cdaed932c7a5b4ff6826

SHA1
8edc96fade92d6e497e0f634504e65223dc9759f

SHA256
08884bf72895284c90af14849bd589efe816f15417b3d5ee6f9b293903d08162

SHA512
124b72b19e4bf08ed588170627826b1149f7d97be45aec9c6729bf8ccd60b128fc4fed59116c6669a0538fd8b1db85c972de429b2f45250016a124f8348d7f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f35f82283c76d3cca9640521600315a

SHA1
ebde27351df566e6764011d9e22f1301a83f97ad

SHA256
d78765973e9114942a4132702f469b4b82f9cf4748112bbe7a86efca22f80acb

SHA512
db7149132bf4ef75b584aafeeba2d07c5c08e04c536a9572b69e5fdd6edebc05e27d57a4b8693d6bcc3fcd8d5b358e85923fa77749d639420b76159481eca64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49b022d717f338cdb04c888bc4ed5568

SHA1
bd046393cdbbb2a1cf0fffcaf016871eff996721

SHA256
8d7ffac557cd73c6b50089b5135e89e01581e5eedbe94e7382843ff55862f9a3

SHA512
c2457f505305a68d0127e8c1bcabbe923b1d7153b4c4c684465847ef984ed6828eea6ba8452e892a7370f5632bae2a94352a15126a274aa0cb97e9437e4da217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c1b9ada8b10a2762b15860ba4e76fbc

SHA1
07d93387e45a3a10638b7bbbffd44a55e4f899bd

SHA256
8091d52778ccafdc0aaee62f154f6be24cc59c89b14001e2a542d4e3da2d8fc7

SHA512
e3408ff6ee02b4cf0bfedc7544b3d0f28655423b967fc8217b8e90dc9d7fb385c099fb15c1a631b76c93d30d039d8a0306d47b66d3c32cc05b10fe862ae34793

Download Submit