90e10d60d9287176246e41d1dae5f0812bb731aaae792a36a3e918af5b825473

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31d9ea93417874a4552d3a6da915db13_JaffaCakes118.html
Size

57KB
MD5

31d9ea93417874a4552d3a6da915db13
SHA1

a8fad815be4bda01a9de242adb5140adfb128bfa
SHA256

90e10d60d9287176246e41d1dae5f0812bb731aaae792a36a3e918af5b825473
SHA512

f437ea2326506ad65978047b04a6f262657e4ee987087dddba137db52a6d4aa87e13ba51187060290abe93d8694b6d3640b80b086b4fe7765b4e3dc09a3459b8
SSDEEP

1536:ijEQvK8OPHdVABo2vgyHJv0owbd6zKD6CDK2RVrox+wpDK2RVy:ijnOPHdVF2vgyHJutDK2RVrox+wpDK2m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
5092	msedge.exe
5092	msedge.exe
828	identity_helper.exe
828	identity_helper.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 4380	5092	msedge.exe	81
PID 5092 wrote to memory of 4380	5092	msedge.exe	81
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 840	5092	msedge.exe	83
PID 5092 wrote to memory of 1788	5092	msedge.exe	84
PID 5092 wrote to memory of 1788	5092	msedge.exe	84
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85
PID 5092 wrote to memory of 4208	5092	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\31d9ea93417874a4552d3a6da915db13_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2d746f8,0x7ffff2d74708,0x7ffff2d74718
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7095457293629053397,17461738232242848800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
d29da7caa6aafb04ca97014564999210

SHA1
e96912c2db28d451ca3de33b6d67515594a3a67f

SHA256
9ee35372412ab2b8c1bb990bf137d75eb99d20382e6d83f83f64e027fe56d0d8

SHA512
3eab128c4f312f5b6f69f1ca9297dc51e369a7c0abab1e6ae98469e03eee34180b0c8294d4c84725fac79f578a74d0866b6fe6634b540413e5961d2986535a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a1ef22ef75f868266140289547a8167f

SHA1
0157f896d9e3c1f070156d052b2ebc50f0ffa952

SHA256
6c8137de56a54168fd1ccf3e782bcf1df65c617c7859d7645bbfe8dee61b1ace

SHA512
ef58607e4f23d6699034890fd3e780c4e8750dda543963d90104b7833d1b940b1d9333b0c9b82188b04b96a9948ad74714aa04f9714e03f5a6ba5d71b5f58d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63eeb0c4ae30a98c9daf380724f05067

SHA1
646ac29a61960bd04edd153ef09952a98dcaa178

SHA256
33b9b60d0f9556895ca1a784397f434611dcb14db1d6438343e583610a0499d0

SHA512
f75cfb60a96bb75e45bf18b8c1c20121a63981adeac93b7d977df898620f1f4bf7772404d35da2c7d204d0ae1d95360f7317551f5254d5b50545dd90a5c5d916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c3e3065f-0851-4424-8533-63f4bc398af2.tmp

Filesize
6KB

MD5
0f773e9aa4f4bd11d4adadba6cbef231

SHA1
20d689e4b12d107c78202753c771b7291099ddcc

SHA256
1d6f1d72315894b8cd5ccb6334b977207c418b740ea4ed66cda20bc506940f00

SHA512
16206e6d3c49fce052a4b95b44ed96c46495776e27cfa7d855bbfa2420f1b78b778c2f7015b7d34596b24d44be800d5b1d2f259a52d3f87193cb83a54d35115b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
794e66901525925b363a507816544059

SHA1
2d1905bcaa4b0cc3d7650854b9d088fe9a9d7e86

SHA256
12440e6e31cfeb82e2adf8a17b3218edadae1e3544dbbcb7e6777122ec8b6d39

SHA512
7e958a29f3ebda3ef8b5547eea87158e1468cee86d446a4655e922939d3c95736bcf1b8cc622385aa08724d3bd68a29b10463bd51761a7dc11a36016fdbc748e

Download Submit