ce0c621ce6d97cebc3365c119ed4f71e79cb8ea64435f24efc175c25cc734285

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62bc5119b60e421cd2be25b61f436279_JaffaCakes118.html
Size

52KB
MD5

62bc5119b60e421cd2be25b61f436279
SHA1

10fc917ac8db779044e1e41b40cfd12fd37206a9
SHA256

ce0c621ce6d97cebc3365c119ed4f71e79cb8ea64435f24efc175c25cc734285
SHA512

bc1022ebaecde9b8af46014e559819adb7273d27adffc79b004f05e52eb4d0d13c7d67b65c43b0c47bf5b23bfc51f6ba2260b4b8eefe8ef19696b6b332b5cac6
SSDEEP

1536:aNTosnQRcxisR4k1BRAqg4Pw6kGCoRFR8hHP/+adSqWt7QYPF9vs:9snQRcxisR4k1BRAqg4Pw6kGCoRFR8hD

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
90	api.ipify.org
91	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
724	msedge.exe
724	msedge.exe
1544	identity_helper.exe
1544	identity_helper.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 4580	724	msedge.exe	84
PID 724 wrote to memory of 4580	724	msedge.exe	84
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2812	724	msedge.exe	85
PID 724 wrote to memory of 2088	724	msedge.exe	86
PID 724 wrote to memory of 2088	724	msedge.exe	86
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87
PID 724 wrote to memory of 1176	724	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\62bc5119b60e421cd2be25b61f436279_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6051476966664134873,10622812389246026700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b912577fca93587876d414b8de84002

SHA1
186177048c41f42c4f6c1fbfb4b9f0998a4e6898

SHA256
21e3f3533e1f40760cc644ae92c958e9b044f08f9770594ac5fb219e27d45ac2

SHA512
c17756fef76b23d526858e61ac5c1ab4d46d4ac7228b0a9a5d2b94bf08309d1449bbb0c93cf26cc2ca46dfad954dc4a332b132b753907fc686453fb614a50a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e457b9b12dfede00b2f37be9ef238f7e

SHA1
b7d2daf6ae171aac5226e9596d0599ee70af128e

SHA256
fe90848027a3cec1211394982a62a20540c1caa7e9b94a360efd23e90a287920

SHA512
73f7b341393b0e1419d01e05dfdf61564bdfeed390d79302588ad1db867bfa1a48b392db09ca97703fa840b8ecceaa4208f91439a053a712acc9215de4caabb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08f06b75c154282d506d1c1ce1bd2f95

SHA1
c21f3f0f95e7351d104a5d6a36b5a5ca73a5bf1b

SHA256
be0713e8f7536d208ded6a6e7e2f7e94c167cb1b4aee56e7e6fb691fb20444b5

SHA512
e68e3b674a34889af5b5b49d6c7d412a90231b9c956e0a3ab26d86d7879995185f0f8786249fb6e6b3c701a0eb99d0af2f5d5a38123a7e108e1146ea3ce1790c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b30272dacd2097566e7bee405f095fa2

SHA1
5b00ce7e4540cf963d233619e21da729ff47451b

SHA256
ce468dde469c07223ef06aa1a651594d0ec2c7c9370eb885a780c686bcb70c18

SHA512
a8f7e1520878202a1803f15ad17c0e529046d553a1cd51f1d9daf52c798f1640aa036898d9d1b85b1bb6c287bab02ba2bbf4cc4272f9a05d13d60e2b32e649f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bf8436e354d274a78f036b695653bfd5

SHA1
730916ea3ced07618a49d8119274b74c651a94e3

SHA256
96ca1d2a250afe74531a81134bbead62d72a068d090ee02cd5eff64ce6779b0d

SHA512
7a71ade868e3549f508df3e8e81d602b853bde5bf32a2f85506a8e9e99682d60efb5b7c4f23fe6a89b72c540c3cf19465cccbae88dabf1e39d438d8b1d41cf1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c0e3859e6059a5bd17b04e2f3efc124f

SHA1
a66046fe8d450478d4cc68a6b00abc03828cb302

SHA256
8b31dc9dfc222011ac62a2d42c909e897bc18c29312cf5c173980c13b836d6e0

SHA512
6023b212dd250c2a0fefb63bab10f204db841231e96e2c3d376c3ae0d618b84cc5246df03a3277d3d67d9660a4a1c13ba706ee4d4a58349b7dae90fe563fcbbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e07d.TMP

Filesize
204B

MD5
eb769bb647baf7e107e55bef7ffb74d6

SHA1
dd14eb9a8d2a7b6fd83a97c577e814108346ea82

SHA256
e3964242839700212b66889b9ef16f00222265f4197c7045ca3e078a137844cd

SHA512
319fbe9f9aa760aa8db3b0cb091e72c23f04aae52049c7172454b990f68ebb32b1457c20f68fa1156d319810f72c9340cd9651f9bea679cbda8c17955645e7bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d066c508a4caf25d1dfdecaa091175f5

SHA1
cb6bbcdbf3829324e0136ab2126256397a48b8b4

SHA256
bdd8ab7e60defa42caaed5f5bc440e2d7a55dfdc9ee473f4626d536d7601c98d

SHA512
fb7eca23cd7988123f789ea831f09e125d17956c1a51702aaaccf978e0e0e54c9f616ff9bfb169263356852c110eb2a87677d64fa1f8fae7b9d5945e77a408f3

Download Submit