604766335f1c3aa986ab610b95db9b34941406856f65f1e8bd63a9232a3aa880

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17cf6fb1fceb241a753de7043d69621c_JaffaCakes118.html
Size

1KB
MD5

17cf6fb1fceb241a753de7043d69621c
SHA1

3e3cdae94bc8fffdcc353db533891dc13e650009
SHA256

604766335f1c3aa986ab610b95db9b34941406856f65f1e8bd63a9232a3aa880
SHA512

8be1c807f163087dbba2002e8cfdcba4004efe4eb890d4998562d322b457fcb6e43dad57b36c4c938938e646358a4d7412c2c8ef2ae6e5a4bf3cac8a37da772e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
4788	msedge.exe
4788	msedge.exe
2380	identity_helper.exe
2380	identity_helper.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 1084	4788	msedge.exe	82
PID 4788 wrote to memory of 1084	4788	msedge.exe	82
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 872	4788	msedge.exe	83
PID 4788 wrote to memory of 3496	4788	msedge.exe	84
PID 4788 wrote to memory of 3496	4788	msedge.exe	84
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85
PID 4788 wrote to memory of 4244	4788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\17cf6fb1fceb241a753de7043d69621c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14314816785651937256,15242044715076944609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
184KB

MD5
06ffa5b76f9bfb026788f76641c6545b

SHA1
e243f73a13d320f3ffeaae99dfb990a95f18c7f4

SHA256
68d01d8b24e812eba969cc7cdf41ebed1c981c522c796283a10903fd7eec18c8

SHA512
06650ebf089f3a46e993a1bd8924266248870b59e3e9cd4862955597bc70de66ab53d1adbd1f2c8d7c1d1c8a2ac8edec62a4e4accb32fa0eb67f29635569727f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fade9e1fb9458a627a6e7a82804dce51

SHA1
7b950e920c843e084e4f948aacdd59c3901a5517

SHA256
d1b91423d16e01e6c4f6932806b315cf6e3656ea59b5c7132f404eb3e3467d50

SHA512
0147c29c63f07e06b270387b831b4df150acf88104c680b0e663557338dee0093d41ab15875b9fb01ba8bdcf1da2d52059a7e78d10bed59d9bdb2e38cc24e38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
683B

MD5
f733eb6445e93ade60fa1b84c2c43fab

SHA1
9e80072cdb26c86cbeb2de02965f82991a97e866

SHA256
e485fb1b148f5300f63f28d8539b09d128f89b5a74c801cc7ab3ce6c301f1bf3

SHA512
dba8af9b295bdd4e86cb807c5c07419e10fbf7b585570f0c7e4d6d824e98ec0e674afad68989b0c1f47319c90a1a1f05316739b92f53987fcc359c2cf0d25b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c50a3f88cbc6e46c46b0b6322421b10a

SHA1
b4f40272d7d400e9db025fd589cdf711abb5ded5

SHA256
67e8b7f5444e8e0bbcc2b0bfb563a929a8cdc76f322323538f530616637c71c8

SHA512
0b0bd2de1aa199faef840f892ae7b9ee75c9e5bd12030f8c02c71510f7730b89988a8511895f9d44a62f6ff8a1e7276958aeec45f0e5baad22b9c9581feccded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8143b8cc5e5d99b2f74e3e0df4249c1

SHA1
9c3f5428bee6019fe1f89f3df8bf1d3e08608642

SHA256
01b195118b974dd2c6c5950d0046846558f50036aa405870a9024bbb8143573b

SHA512
7a7e1fba44b4f64a48a5c7d0b29d3d9fd688648da114920b69b255fe3def1fec7dfda19557932e2dc8c15d2426da1039e0f3898c585e49b13816947e94effd1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
6f4c9d2f448072ebfc2db91ac65886d1

SHA1
4eee68c871b9df4a07b12a46ad00eb0308f41fc3

SHA256
872b24090f6fac812f0258bd3335ce123c0afb5eb015a317a5c8d21c783d56bc

SHA512
57631a098387c24941e7c22d28c9bf016f80c305545c0f60f26506d4bfd3e2e3729e4d6e6273b7276d134ec66e38dc481717123e66a5bb5fe2023bfa6d9dd32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5820b2.TMP

Filesize
874B

MD5
149cfa9fde817d28e30a95d70e730160

SHA1
cf44331b95ab9fa797602005066922f4185c424d

SHA256
27fcdba301077338e6fc8926aace0364e72b1da2ae6f410911b2c77fbcb38a35

SHA512
61ea45343eb9993653a6790780d5a54f5590e600d9153678a580378537cbfa0b9fe193651bd756af734e595981194380f451abd9401c67b6b38ae52e412348d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
51272ad77870153c0384549b9f860b62

SHA1
4c269c2fd16e17642f3c8ee31ff027d11325dd72

SHA256
54090ea5656e8c020f62e079699eed8dba8793e611d9698043b249a8deaf74ad

SHA512
ea9b919d85a29166ed8d4d792052c12d208cd6c1d2dccc963daba8c701d76633ee65803bffbb3a18ba33601d571f753d711b407cba3ed8f3444fd16d317feaa6

Download Submit