3f1c8dd4aacf37fe314bc9e6c52ed7dff1163a7ff940a83bc49ae3d5c53ef226

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52ea18ff0a167ce902de63c39fdc014b_JaffaCakes118.html
Size

62KB
MD5

52ea18ff0a167ce902de63c39fdc014b
SHA1

0580e4012cd2c896bd2939bc3e49a76ba5eb23eb
SHA256

3f1c8dd4aacf37fe314bc9e6c52ed7dff1163a7ff940a83bc49ae3d5c53ef226
SHA512

21df9a078bbb5a8fb35aae26a80ebb2e45d799efe1b6ad7232a7c87d5b3d4138d3dbaf868d6e79d1d498a171197476fa1f436c72d1c209de8a4b4a438f46eefd
SSDEEP

1536:YBiiU9jUIRhdWWCzAesoM2p0okHRPu2yJjp/5pCFjCeWWrzEf:YBiiU9jUIRHWWePM2p0zHRPygFj9W9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4992	msedge.exe
4992	msedge.exe
1680	identity_helper.exe
1680	identity_helper.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 1164	4992	msedge.exe	84
PID 4992 wrote to memory of 1164	4992	msedge.exe	84
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 2244	4992	msedge.exe	85
PID 4992 wrote to memory of 4888	4992	msedge.exe	86
PID 4992 wrote to memory of 4888	4992	msedge.exe	86
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87
PID 4992 wrote to memory of 3600	4992	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\52ea18ff0a167ce902de63c39fdc014b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb34246f8,0x7fffb3424708,0x7fffb3424718
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4768006299059707814,1137479664743054394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\502f5079-f294-4e4f-a218-67882b29ae76.tmp

Filesize
6KB

MD5
ebbff9e23738d92fd06b55517b22642a

SHA1
59677abcc78ea566ca010a627d79ce5961f8f029

SHA256
41cfebd8393ac2771fee2c054a4f2b351d2215059240bde0be6c62d0057e4e01

SHA512
328aa3c0609f3359ee1fa3489935e60c41ffeb0d1b0e486d7ca98de82a8f4b6f5891b6e70cef847dd2b4f6432d4b1a90b7794af07c6b49e215077ee77a07d144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\710107eb-9df8-443a-bb56-ea219135fa5e.tmp

Filesize
5KB

MD5
e1e077be781736b561bb73de3eae773a

SHA1
77853a9ea558c0fa3b13ecf0c3d14c4a8a34b888

SHA256
360551e0a745d2a688b3a47fdc59cf0d711043cbb964f05d6ab13ef547a1974b

SHA512
a947f966ed5c73390bd194a66d4c06ba45c10aa663ac35aebe920a8f5cf91322219df3618f7e375ca202cf510c0411c35e7fc74d11e3c3d270e3e3d2e281df16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
05197e9427acea2ac4dc812f97a8f078

SHA1
3d2a38b79da52e57783360f195ac3e7c85edefd8

SHA256
7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191

SHA512
084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1f8ad9c981376a62ad143bb934fc0b48

SHA1
8f803697db7be7e99b5cef60d72b3f00aa2c57e3

SHA256
bf285efc33ed68eb230d9ec479187ac57271d6c63081875c5c1e83ad90e02afb

SHA512
fe9cb29b1431ce82569eb20ffb8fb6817933e5a07421d97d616caefcdd5c728564e498a47cd8bf5154ecdd447732a9baa0b816c52213d13c1e72d82db2aa9eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
20f01762ee0cd38f923cb67333a3ef7d

SHA1
dce958e4e8d60e74cfa3b84e41d1c71eddd09934

SHA256
9cbe077c2b23e6f0dc407fcb31d15990b402a28e5e0ae802f5876d7025a2f8d0

SHA512
4a6f22001069f5e023da06ca04115cd1ead279c7c2eed22b9bd3969611fc1db0c4f75e79feb89225129a7bd20e63bd4e33237b69ad9df93a81c083e72355b028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
93f15c69600028f4081f2c16dde8adce

SHA1
3668377dd564031eccf79c94853b8ca4bab9cf16

SHA256
d0c71e1ca2d271aa85d71eeaab1d7aebc1ec72aad3c560f81d5176a6d529a9b2

SHA512
b5d91be4f36ee601568e597cbe772f7d92ae4c3103d9bb0b96a8c6334919a6e5cf94cf4f6fdf1cee439ef1bcb404402348a96a4c3ee42a5e94b649ef1f651b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9c7a1a0b5dfb20e063964ce8a1a9b0e

SHA1
c878132585f20cbf4d18e31a961f92dc285bb6e3

SHA256
e3c82a5850202bbd2cfc958297839e089203d3e9505ba6e3f1b10265cccfdd2a

SHA512
1653c242daf7f92d6946605e66b29c7f57be46595c65a32d4d29e1b57fd6d4ba0fe4523623faa589ea13e6102602971247378bda2915d43d2d7e8a8e407ab019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c44eda8f1700bf515c26d4d2afc19bb

SHA1
1fe6232f6f96358d017afd3e604dddc4d9574d31

SHA256
137df038ff0bb2256b01df742fe93a7de21754b78f7e80693be7ac2866a58343

SHA512
6f1b99b6263c374eff4519bdfe2f967a480f537178aa83bd95000671f2ee31eadd6977306329e8794d230a54ef5b51df4fcf970b343575f1fb32818289ac69c5

Download Submit