1869e363cc991ea8d6f2d1b2e21507d2a8fca1f9b62197c3e0f57ee95a18d425

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d64dd89be84c7d363dfadab285b3ecec_JaffaCakes118.html
Size

211KB
MD5

d64dd89be84c7d363dfadab285b3ecec
SHA1

b2aa0bd422376c92ae8d9b2aa3bddd5ca826ff3a
SHA256

1869e363cc991ea8d6f2d1b2e21507d2a8fca1f9b62197c3e0f57ee95a18d425
SHA512

5360f2efb4b1fc5e660e61ba984e3c0891aade7f77d2c01e576e110e4548c02e9396f3b548b085c87273a8e320b24cefd28358f299fbe7821a0da4770bdb2b61
SSDEEP

6144:QXmZcIIIB3G4k5QhL8atVBdiVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4UO9mge/bE6j:zcD23G4k5QhL8at5iwMIsuQyf5bTM+MD

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	sites.google.com
28	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
1148	msedge.exe
1148	msedge.exe
1980	identity_helper.exe
1980	identity_helper.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 3732	1148	msedge.exe	83
PID 1148 wrote to memory of 3732	1148	msedge.exe	83
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 1592	1148	msedge.exe	84
PID 1148 wrote to memory of 4360	1148	msedge.exe	85
PID 1148 wrote to memory of 4360	1148	msedge.exe	85
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86
PID 1148 wrote to memory of 1068	1148	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d64dd89be84c7d363dfadab285b3ecec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffcd83a46f8,0x7ffcd83a4708,0x7ffcd83a4718
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8505137817246006317,4176779938745456905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
9f625a3a2a96c686d0d2f8c002ee43ac

SHA1
693394720166c20f225061536ac90551bfc3ad97

SHA256
6b4f717e5f741894fd87a531e2f5a91c4ef1721a746d5ab7a7458512a2c4cd52

SHA512
cbd009572a5ffe3420ee7fdb4856a6c554ddd3440dc73c4920598afeda68fc74793e4f347fcf997ced38f37efa9b5bb62125588ab7cbf4676b63f914524692ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fa871eb5ad39e5d2f5529c45810fe206

SHA1
e6b44728ffe18e3026982da220b8d416362dafbd

SHA256
ed069d66742104a7a00d46554af913e6ca65bbf2b976ab50b4d764e9843204e5

SHA512
9f2d4d3774b9ca782c2027bdb2e787fa788b8fcf8814e5ff5f02232e67a01bde1ebde6ffee54007f2b2a469f603af4e4fc3b1c383e0a8dcec61e0c43fe38e2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c94cc413c7dcceaef2a1764a223778af

SHA1
b2e836110ec2ef8aabec73006c32dffd49f8b1eb

SHA256
38078e9b56ceecdce832c39c2900f79adaef5632943fde26a3db4b4ac446ae33

SHA512
434a45d5b7cd369dd239d717f10d1c5c149a9c3400d1a16f2db8fe29cceffd75ada619300ed4af872ef8018b13a1bf6555ad834f974f9390d358eece4e7d6bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f652c3a791042617c348d203f2c75ac2

SHA1
ae614f1ef45f665652ed84ea55ddc41de08ec518

SHA256
e961c1d82a54363dafbcb6efeac0c58cfa48d06653d2572eca91f80316494bc8

SHA512
aa709539f30c9f423c90225db2606a90d401cc28b8829d7073dc473a3e078f815aa74e7100344bd0fc7db824ce93e1147731f3b587f6a793f56086b52d9c0aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b880e818c1b1f52fac85daff4f020e57

SHA1
460cb0c1fb872ce702cdeaf52a3141a0dc35dd18

SHA256
b0d310e6468f67ca73269edf55c5a2c8e5e09b6023658c01069e190e8a425206

SHA512
1d8ef568d42d6a3a27d227d70b2ef9190c315ed7e4e8b145fafbb6c7b398fdbdb265e942877367a3c4d27e087f170d5ee01d72491e6f9f24144e7ccbfd2840e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8a347100263c9c7a126afd6cc687af3b

SHA1
46bada60b85672d370409c749c230e29f49e784c

SHA256
58ec09e9dd1256db32cc5a4f2f62969dbdb305bca653f1db95a15b99948c8e70

SHA512
f846f6ee8b3052cdfe168c0598184c053a7f1f98b5d8abdc2a6e578d778abc86e5ec79ce8f455ecbb50cd92a98e142941c13730115693fc43501b73f4ae5e13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58173c.TMP

Filesize
537B

MD5
5436933737abdae3507eec56a64891ce

SHA1
37081a2f697ef4694b1bfb559ec6899a1d9c1f70

SHA256
8a5e0094f6124dabe6edb1db11f68a61a5f096a8bbc5df049e4e006be1da1eeb

SHA512
e44a728f25b3d708c1dd468dd28bb4cd96b50827391e0e8229ec312c50f7e88cedf5a9d27728f8e2f52569b073843e6c2072dfccc7261bb3dacd550e82f2cfcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
314620a6db7a3b34f1469cde382ea94f

SHA1
113d84072b68bc0d4805d90fbe758151be0d07a9

SHA256
99c38641658f203a006517c90ea058aadd34a3e03d2c9f358c00f114648205ec

SHA512
3956c0386ada6f1ca10f72cc842a42560d5027fb5970ff4181844bed67c7be2813c034db1d91c26bf2a59992aa26ff0ac92abff2769f7c46a8cd8ae95e95a46f

Download Submit