d6f950cb8f4ce081473eef673a714d30591c867f4f7897a0926cfe248a126649

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 16:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4bf8c2384688de06aff2949b34b54299_JaffaCakes118.html
Size

51KB
MD5

4bf8c2384688de06aff2949b34b54299
SHA1

6ceab9614ec645b525f5458dccea71e5f1e23303
SHA256

d6f950cb8f4ce081473eef673a714d30591c867f4f7897a0926cfe248a126649
SHA512

1fe3a8df13d38d7566a9ba48696a4aaac03492f1549cf6d44b61ffe6d042324adc3afb76cb1ceb1382be3d0b6fcc16e11de5c6ad280e9f24b78c833ce12ac2cf
SSDEEP

1536:SddfaYT//msnzNm9F18HRudesnzNm9F18HVAvMU/rivHHkqPaFuUGLCGM1UqHe0U:SddfaYT//msn4cudesn4UHHkqPaFuUyH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
4540	msedge.exe
4540	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 2640	4540	msedge.exe	82
PID 4540 wrote to memory of 2640	4540	msedge.exe	82
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 4280	4540	msedge.exe	83
PID 4540 wrote to memory of 3568	4540	msedge.exe	84
PID 4540 wrote to memory of 3568	4540	msedge.exe	84
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85
PID 4540 wrote to memory of 5056	4540	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4bf8c2384688de06aff2949b34b54299_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ffe542a46f8,0x7ffe542a4708,0x7ffe542a4718
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6253028986126552728,4901077817099804290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3a51a2dbaa5817d42df4b7d1b00d1827

SHA1
6b19a946dc9f98db1b302732acfc921f06efa426

SHA256
35e15b5858929607f0f4019b87339a70adb65acd714fea980a2afe3f4e220db4

SHA512
de72339fa45cd348bdfbb61a3adaef0167728eb65dc13a49e382b244d200fd962ed4f6f03364cb4d55126905d406309577c836c09e54072ad7a31da73ed4eb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
543B

MD5
9f2a399dcb04d3d47bf6a94ba3b72345

SHA1
0f6537034cb7d820218cfd106efe24e560de7e53

SHA256
27ccb882072c8520d4c110d371502be3c0f722e2e2008090a28ebeadef8e1e04

SHA512
d9c82148207728db9860bd5e71a779168726135f88e44c25e267caac6fa99890c5fd59337b989e01894c8b76135b1a3598c189e741c7ca394a14b4c13e84fb5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f73d2470e7b171640f00c7415806af4b

SHA1
f19f501e67aaa014cef8a3df714b81a01ceaad65

SHA256
27ea7e8959bae7916d5a96867e717904d26740855d3bfd1e26918aee1dd041aa

SHA512
b71ded9144b79c79de83fb9fd3b0c40cdc92c9fd6e54bbde60c0b698f97018a37e4547d7ce9d767809e644aec6c156473e7fcd77019c793c9d4b36aa0783959b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74ed97bffb60fe8cf4549689fb09a7af

SHA1
5362048ca000491eb8f1c2280c21bda4430ada7a

SHA256
7651b762d9447d35fb3a713615a125837c63cb7b51c70cffaf0764e6ed888ebd

SHA512
296893a9162d24a821cacba7e32720419cd8f92c001994af81693ef89d93118d8d2049a6c57cc93031aabbc0adcf9d25512ec6f48623ada2234d73f497494a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63b292925ebb042fbbd601dee6540b0f

SHA1
8c46eb8d8754a01e9a8ec5012bda24a8fb1a3777

SHA256
5fb37d27fdc73c7cd5d1040b7210e5d78cccf2f875f67d8836c6065a660f49a3

SHA512
d92c07325fe671cf9c6544001a2f12cfa5f837dce614e5372756d5ddf862f8a9f4ab882e7d93393c19e710560374925f736a9b0a92c3f455c06f7143c878ba04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b394f2ff0543589e11e732ea8c16803

SHA1
dfafbd137d41502a851245355be50f4c71e90c27

SHA256
05be5082fca580425486a373452c9c34d61f540ff0a3c9c18255967a23880e3b

SHA512
007c2dc0cdd938400149f4e818bf72378dbbe1fe79817f1c3774a65d35bfc9ff5539213f0e6240ec6ce28e74b0bbd6065a6b15decc08f27cb9813585daab9bcd

Download Submit