d4596c285279d895c1a807fb843414086f59e5137a2a9e3b18156722fafee1dd

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d7285a6423d986749ef6dce50735e22_JaffaCakes118.html
Size

30KB
MD5

0d7285a6423d986749ef6dce50735e22
SHA1

0a5645d4d35528a497d347c8c7c84a88ddd2196d
SHA256

d4596c285279d895c1a807fb843414086f59e5137a2a9e3b18156722fafee1dd
SHA512

de8a3071e948cff0dd64d8078dce23fbf6524d4392ae0a449e154c29da70aab83bcde3c55bdc8a1948303b40c30af1dfc447d71ad84f422defb720ba34cefa53
SSDEEP

768:R3mGf0y7eb/VEXjPWHljWLwPWz3bdRr/FEIngJTDorVr:wGf0yC/VEXjPWHtJPWrhRr/FEIuTDol

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
1616	msedge.exe
1616	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 3516	1616	msedge.exe	83
PID 1616 wrote to memory of 3516	1616	msedge.exe	83
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2892	1616	msedge.exe	84
PID 1616 wrote to memory of 2660	1616	msedge.exe	85
PID 1616 wrote to memory of 2660	1616	msedge.exe	85
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86
PID 1616 wrote to memory of 836	1616	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d7285a6423d986749ef6dce50735e22_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a24346f8,0x7ff8a2434708,0x7ff8a2434718
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6276700612399575773,10600327588878144636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f932afd7858ee1a4f84e3b88664295b2

SHA1
4f6af79e7db77da916bf46b32a65562de37ed14f

SHA256
feb6cdf702ed6391d847382827a2db86f7521a4760b0920585950ec72815a079

SHA512
1a1c7bb0412fcd8481455b46b8a0851c80255a15b6703229af2254e6d2bc91bbf8f338a68265257241f7e7d5044ec9edac2757adfa8e14e28f59e508bfe6574b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6645072e60975e4d7c306ac115761d2

SHA1
524baab97277cf062e19119f21d7592fb48a0c7b

SHA256
f129f5a83441405373764eda33a498a3bb72b9d07060ca7ca80e9373a2f80a95

SHA512
a1b04eed648bdb0e414038f243125d40aca80423aff4adbb4250487108c9cdd532391d03ea2a454dbc0788b98e1dfb84e272db485df8c244a6d52e065fa0d38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
343ebf6a159d32eb4fe5965cb72cf7a1

SHA1
bb042f7e37bd0fc7d90734514ca9c7c357c48b32

SHA256
b4d867c842959009f25dd8ada36cd1acaf601b5150e21f941160689094f29265

SHA512
b7d91cac0fafa83341192495393d7218019dfaf31f1848971a246a2006125bf67ac747ccb5c35986829e9b609b240fafc21b8c16c8effe7d266999771f7325a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48cfb03131a8de2601369e76062e285d

SHA1
b52d60c244fbd206fe44f8261536c783031493e1

SHA256
e487945fb98aaf02bddc909d8bfa0687b14081bc75f790f4f7074badb031415f

SHA512
3a3a66a4497c430cec5a87ebf90ae997c2b46077a032348e369e29ef1de8936cdd4f6d3d4d9103fc62e54e37821c894f82273325a7d8c4f4405b89bfab5ab541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac088c0b2c6d4d313ddfe6fad1d38ead

SHA1
557632dbb5b31ee70dea19d3b61c5b2cb577b32f

SHA256
a55c5af931aca8d14c7da036616e6f758f040a29c2e63355bf1c68915ec86e27

SHA512
8aa4ebf11aa39cd7584a22fd2ded37d971a068bf1ddd2c548b69d83ff8858c75f3f95e5259544bb02093c908a1a6429d43288b21b8602abb6bad551909855fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4302e6a22c9a405c545f9c51d0b0f92

SHA1
f5d7cf90a61d94f7fcb2854bba5aa7282f022b8e

SHA256
7895f571ef924fac23383fb004858418b058c9e4771db0913d27865de3a77a64

SHA512
b6afffb10471d900dbbf648a5a53e0cd788ff365c1e0d9df556a09080915e32055b24328aa73fe916c723b83cab8c50ddf92e32f288cb3b52281d70c55eb786d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f1b785c5b06971314c594c2ac89120dd

SHA1
3019667d4112c9f53c9a359a792e96d8e760a239

SHA256
d1f2c19d55c83cbe4ed8ca0c88382352ef914c74515a97b20ee983d5ff528945

SHA512
aa1d9cab6eb69d14d5b621f03d418992389c6f8365e8e37e2bff295b78656e8796dc7fb7bf3dd703710bd6e041a9ba03034e74e4a69ef5f356bf8c8f4fc0cccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b594.TMP

Filesize
203B

MD5
7d952457b8665d10fe2d79a0862a1d6d

SHA1
8e301154bd9d682fce5d4bb0d45246d4df3ac164

SHA256
ba4f927f78648946a7d262264cf499cc711090d1551d5a3c8e9b259eaddea00a

SHA512
c8b46a4acda3a0330373ae9ee246abdc73fb788d2527cc756305a86d15e95e28c7b7472afbd3673bef22b993b239e03971cd682e156d6e9608b3b250fd0b00d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
36a8c3e022ef1e40db07b3e6bcdbdfa8

SHA1
3ad452d26ad67727394d8c1b7dbf3795ff89068a

SHA256
47b60e0ef5d4f552452457b05b0573490654cbc20b2362386711591b606a903c

SHA512
437f82f99f05a2f4c63f6bf5f13d2efff2002605ef6f25b93503325a18e85bce5aa50a154f19d111e294152ccef116f5d793550f677c54b7cdadd0db1ef9894f

Download Submit