a06bf94ad8f62e6bca52510225952fde058a629f43bf78739c2c3b2646c9d7fc

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

773ef99728eedcbeaf56ed9644c6b467_JaffaCakes118.html
Size

175KB
MD5

773ef99728eedcbeaf56ed9644c6b467
SHA1

0752d69a8976f8b511a677ee6aafbf6d7c6cbf68
SHA256

a06bf94ad8f62e6bca52510225952fde058a629f43bf78739c2c3b2646c9d7fc
SHA512

b415cb25b1c09f5d12809e76c05cecbd302fa7a16c27058124faa4f22769045f59571c47c40ba49cc8d0008a5e00b3c2eb13e27747bac7c444e79327ffb38cbe
SSDEEP

1536:SqtO8gd8Wu8pI8Cd8hd8dQgbH//WoS37GNkF2YfBCJiZc+aeTH+WK/Lf1/hpnVSV:SaCT37/F/BCJiDB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
3204	msedge.exe
3204	msedge.exe
4332	identity_helper.exe
4332	identity_helper.exe
5884	msedge.exe
5884	msedge.exe
5884	msedge.exe
5884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 3644	3204	msedge.exe	83
PID 3204 wrote to memory of 3644	3204	msedge.exe	83
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 376	3204	msedge.exe	84
PID 3204 wrote to memory of 2976	3204	msedge.exe	85
PID 3204 wrote to memory of 2976	3204	msedge.exe	85
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86
PID 3204 wrote to memory of 1208	3204	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\773ef99728eedcbeaf56ed9644c6b467_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17299481287026735549,17119803525729808299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
4d9754e6e7652be6874b90dcf0c8c892

SHA1
80714a67c0780508c1314ee6ba92007b745d3671

SHA256
73ec7ac283f1d2a3809e00c660f9cbcb7463e7d3737229fe270c3af96206db80

SHA512
5953e802dc0df70adc97e21037710ebfb2fc5b9d22fc5b85f7a73960bc0e9edf50068b0611fa269c6b534529edf7864f6dfa72440c0ae3d06349f8c4919364b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8cb6a6476858c933298e61577a86fecf

SHA1
346636e33639d27d48d783ea1733fe0b896b9e60

SHA256
28c46eec75f50c9de29a2aa2f8eded6a472b86d52c123e9c8cdb0e4f01d9f467

SHA512
52334f2070eaa34ef9ed9e56e31ffd1275d50d9e233f9c12ed3c39bc20c271abb5615864394714768c007eafde5c2a982ad21d5b3a916a884e52047b2f603834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a688d1ffdb230972f59f0eff72a72924

SHA1
6beab3419c6865f7336214db8017e3e96d06069a

SHA256
0a0f17cfa7d93a31bbb62862d1afe6434265da362f4e0dde043a875a80911569

SHA512
ef32788ac24074a4ea44df2a620debef78c20c477a01ea7728c658d71cd471d8abd3f43947fcb1b5c505cd04fa109f3054785c66b4402e2cccc59cf6243dcd20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
561334042f8b39d46923f39b513a675f

SHA1
3b8a05fc54d06e34f92f4ebccc3be255487c452e

SHA256
e85f06937dc99f8a3eb0e5c30ad52d15c70ded34904dc77c015eb4d090852fcd

SHA512
8231bf6b063d7191eac17ded1326070834bbc5190494805b82884d8263ee1ac08c43ccb4031142ff006592bed461bf634a4d714a384b9011243e7900f602155f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
864fba47c733837399483c627ab2ea6a

SHA1
84078738dc2375873ca3dcea3cac4834ab9d045f

SHA256
2509217ee1985a88657ac39ae102cbc460eb63bc312ba3c38dafc0b9c286ba0d

SHA512
4398b35b5410c25b5bbd6267412ca379932dcf4f145e67479b136cf5882a94d941333e3d5f56533aa9c178e5188796357330c448f611802037235cfdbe8e428f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
867ffa30d3335264246418440e495527

SHA1
5ed70955f08b54245028d15b576db6b70024739c

SHA256
2b00398dde90a836afe3262cd10d3d81074f2ebdede57699f82f6d21b383dc82

SHA512
698b938bf44adf3c45584713297eefb160f0eaa1e87d2f10940118771ae65cd90f3595799334b4670820b482b5f1ecd2046829e42f8ab076a502b7eff4332c7d

Download Submit