73ae157eb5a2ace55c3b7539c7c1089223f251ea55c70ca2b8f464444c1dcf17

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

296a7c59ed7f149e68ad9ac0daec4afb_JaffaCakes118.html
Size

39KB
MD5

296a7c59ed7f149e68ad9ac0daec4afb
SHA1

8eaffcf568e4246409a5ff0edfc5da2749080933
SHA256

73ae157eb5a2ace55c3b7539c7c1089223f251ea55c70ca2b8f464444c1dcf17
SHA512

7066f74cd79f324a3ab6c472b0a4fe819a356a088f23c41fbeb288e0f96931ba92ab37a7a5d9e7cdbdac5b5af652e7d7620a49c8d14c917a053519dda1df98b7
SSDEEP

768:S8zNuvqCHCQPCSC0CtCD9bD2YfLbbGKTw:S8puvq+Hl9g+jGJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
2996	msedge.exe
2996	msedge.exe
4356	identity_helper.exe
4356	identity_helper.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2132	2996	msedge.exe	83
PID 2996 wrote to memory of 2132	2996	msedge.exe	83
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 4312	2996	msedge.exe	84
PID 2996 wrote to memory of 1496	2996	msedge.exe	85
PID 2996 wrote to memory of 1496	2996	msedge.exe	85
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86
PID 2996 wrote to memory of 2960	2996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\296a7c59ed7f149e68ad9ac0daec4afb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92c546f8,0x7ffd92c54708,0x7ffd92c54718
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13719414530534257665,12995162367601327837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
aac98a47ffadc284f0fdaa2190e5cc3a

SHA1
310cbd5bf2552f4660a3e3479a96b6739d914f7d

SHA256
31bc96c1d894c3e66736e3777126d00a196836c6a11d8486510d3ff8e74f8e48

SHA512
7556bb6fd84847b788d8a3a4969468cc854b2c9453fa1f919615d8c9f968074abd37052f98c4ba4e7b94d28161063a5ca74e0cc0eabd0fc71f079893de18d368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f9fd975bfbc38150bba64e07eeb5ed48

SHA1
cbfe63a394d2378ffdc4bd4325546a1e9454ae34

SHA256
7b375eb6417ef08bc064903397bcc8d36099f0e6b8693184d7d4f53a092880fb

SHA512
7ab578e46c727ed1cae926e7a8d9e611343a0d2017e5cdb22e8fccbe87303e18ddba66e49f8785f17072d135dfa8db71db61bc6c8228c02a418756333699afc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
78f60fe79e5f36a504668bed46e48d23

SHA1
2178f85eda810da44fb2d45c52ff29bbe30941e6

SHA256
a7f4734e5817d7aa5e653a5993521151e17a2fcd78374d59d4c37f313603e372

SHA512
2069d3f8ef78143f59d162219c36280b13af3c6fdc935de57e9bc9b062adedbf6bcc6c17f8b23172d6bb51dd951f1a7ae0703d7d8077a1d8a8ab07355c64686a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
654ecf164f5a869458228d0fe852865d

SHA1
b388a07641a3ef153b4c3255060bbf71e62ad61d

SHA256
efcbf461b7d5abf82046d342c7f912e50144cc63bc53dd91b0b06f2076ec2207

SHA512
c38e3d497bed32309972661dd749afde6c9a530bdb8f9717f99f10f76076b9924c9c14c864a56a9aba05bf25cb7651215056534a878ad2679a4bb3e4ab0ff7a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eff0d167fc07b0892017ce2424dd43ff

SHA1
35af3510525dedadc8dd12e0bac4493b63af3fce

SHA256
89e1778166a3ea2e0616bf5eb63b56032b7f2dbb91d3152725437464dd131e8d

SHA512
564eff919080d34dd459cd57999c86ccd7e6563609b5e7fb769ff6f5a6b2a71326e727c5fa06d81e349a8f481c548e3791d1207e513cee03be8fef9999186880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef8ba529be137e45c5fc30982f903edc

SHA1
9dbab9f84aae38a280f8113cb96a5af20f1642a0

SHA256
6b32b301665dd04da382aa775c27e04796e9cd3685ee811e517c11124f97ec58

SHA512
a814e13b5938c06459cdbc2c7c957e82de62ed1081bebc523c61bca9e3b10f2af8a9a35da7ab3f10592552e98b5fa5468868086bac7fe7b9174e19e12ba1ac6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f345759ab8cea0f71a0109efaf64ac79

SHA1
c805daeee545dc93fc431e078808ec78ccf11ac7

SHA256
bf6fb5b5bd20290a5297ffe16c354c6c743dd8e796495aa685edcc419fae8c4b

SHA512
1925780815fde5033b5ee4b721ba5728d89a1c7aa383e58e4550769d8b0bbbc57c1c6957a6361d752d8c44a1c34089a04b759f284b0a78943ea38e5269cfc4b5

Download Submit