9847bd85d85bc6721c3fc6b0ac84e68542b89834a4d8078d2ac56b94cead9ce1

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c3478bc0b5d841acde81811b047dcea_JaffaCakes118.html
Size

90KB
MD5

3c3478bc0b5d841acde81811b047dcea
SHA1

6c6a2f03cfd8c40229042c5e99e1d833757f19b6
SHA256

9847bd85d85bc6721c3fc6b0ac84e68542b89834a4d8078d2ac56b94cead9ce1
SHA512

5af6a09707d959a5a5f090bdc971a84fb75118e8d03bce7132b75ed67e49fc36ad023ec63d0b1208ab1de7950a9abd9e154060b930227a04c90f2ecfd00ca718
SSDEEP

1536:gQZBCCOdI0IxCI3AJnSywBuXqu8Ruqnp2+rDm+NZshJiC3XlmiprgA54ocr9eUKS:gk2O0IxRhPd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5328	msedge.exe
5328	msedge.exe
4092	identity_helper.exe
4092	identity_helper.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe
5328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5328 wrote to memory of 1272	5328	msedge.exe	83
PID 5328 wrote to memory of 1272	5328	msedge.exe	83
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 4412	5328	msedge.exe	85
PID 5328 wrote to memory of 5008	5328	msedge.exe	86
PID 5328 wrote to memory of 5008	5328	msedge.exe	86
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87
PID 5328 wrote to memory of 804	5328	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c3478bc0b5d841acde81811b047dcea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6dbb46f8,0x7ffa6dbb4708,0x7ffa6dbb4718
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1891827662831753980,14792564755605318429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6472 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
750c62affdd77fc009512caca55c7fb9

SHA1
5543a563c659dee2ab5ddddf5c3a340b723a2bc9

SHA256
086503969468164244c7421d61d3c17bd594f4651d42f9dd59dd84d5d1caaff6

SHA512
00c8d8f0835b9d978599847826c5cfab9f66c2f8bdd06ef080e6f2b259a51d1b37ae6c394c03ba7f46457869db1cbb219d67139c516a71920eb0a84d3899a858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6b561ba8c69941450e53ca58182e01ca

SHA1
4f6e0e5a0abe4e0096ea79d89129021f842779c0

SHA256
562ad588257c410c3df49d9bf2d44bdd24ddae184c23793ac1d6bbfa2ead1ba5

SHA512
b5e95cef97f5fc5feeee226728ab7bcb668fa54753d6e0e29cb32a9fa076e202540ed1b8ba87ee26c83da66494322ebf0da3c291abcc9d684f18ff1061547db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e94e5a1b9d4871998853fb956c0cff62

SHA1
5d5c4ccfbb7f140ce0ef9e7e280b5c8b3e5750a0

SHA256
da3436e17f58021908e9b02804416e903a0bcdaee77cf83b987d60551a4b2839

SHA512
20e8497c65cb6e047c87e05a911af13cf9928ed859d03fda39112647de2b6e2ae97baebf180d13e41770c0459f2fb0496851baf15cd866d8f764321fb9e3f0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42728453bf5239cb5e04137c0d76ba5a

SHA1
419af9f7327ae49922127ab9db4a461c08752c6f

SHA256
6c3405187da105bce61ae9983cb927455921df6e297465f12ee5a4df0b6a90ea

SHA512
d0c40a4f365ad3cf0cbbd454a0abaacaa7ce72e7dc5d120a386bbc0261ef71a9c112761704121acc965f3774a996aaff8d90338812398ac2783fae36f19a1910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d11eab551c6211ef71935719ae19602

SHA1
cf60bb0e1ce7cfb1bf77bcf2fbb4d70e0cae4607

SHA256
ab4d855b41e54f2a4d7595bb6cf4a8b002e1e9c4729149c4f93e52ff618c5328

SHA512
e8ceedb530c2a6906fa5b1c75018c7528f18a4af4ad929a3a96b0de81e462394ea6aa8aa0f7eec9b8c3a208e5be881ad1dc26da3382095e4f8bde71cb9fec1ca

Download Submit