0828a630d2b1b5cd73d30e6f3cd6d33145813f2e94767648d5b83f05924e0899

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 09:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a0de35d0f7424444403c159d2be71fb_JaffaCakes118.html
Size

15KB
MD5

8a0de35d0f7424444403c159d2be71fb
SHA1

e8683e8e7feca71e7d5cb4fe047252d8a896eb9c
SHA256

0828a630d2b1b5cd73d30e6f3cd6d33145813f2e94767648d5b83f05924e0899
SHA512

67f92dc8f7adb126b637a4712d1cc1b6818244386b630b4590de8dd5b3f804ec42a950ddaf894cf7a1a05ead5ca04b102ee0da7b523936042d9b95071c12c244
SSDEEP

384:pRfKyWLC+XlCIJbcK07FA1ejXT4uvRRTMc7t0VNPX:nfKyIlC8/072oP4uJRTCNP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
1040	msedge.exe
1040	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 3624	1040	msedge.exe	81
PID 1040 wrote to memory of 3624	1040	msedge.exe	81
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 1696	1040	msedge.exe	82
PID 1040 wrote to memory of 3512	1040	msedge.exe	83
PID 1040 wrote to memory of 3512	1040	msedge.exe	83
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84
PID 1040 wrote to memory of 2388	1040	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8a0de35d0f7424444403c159d2be71fb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942d846f8,0x7ff942d84708,0x7ff942d84718
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7218578946448226966,7471862985250794568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
97911b738246fc4d5df96dbb9c17e5e9

SHA1
6c0595fe8aba141811c918b99c25e4ff3f1b2823

SHA256
25c0b708050e63111f63877627a3c2779194103728657543c8c30b0a1c3857ac

SHA512
686e469c9be9d8f36cdb1d77c2d23c8b474b47276e00d80a242baf40c6f0427bfaadb88246487963522cdbaecc306125c16edfc141c38a0f0836c99de8461e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
661B

MD5
3265ce8e80c5082fea0538a16283561c

SHA1
a1673e288c6b247dce168bdac6fd6b245772e659

SHA256
d2d0bba14e6f88c4dc34f14da275169d0e28c0b88ba979e9e936e9054cf0ff38

SHA512
9ee495afe155eb703ba72e6333d7a9400a7adfb1d3b2fe5bcadd90914e1a09926ad986e6abae3484639382863c7f5afc3b4186953d2b401dde64057c18e6cea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
661B

MD5
489b3035153439ce9a79e6b6caa587cb

SHA1
cb8735e154e5f0345f62dd3812d35621ca88e705

SHA256
ed594ce4d86e497cadc83cdab8a81b79ffe89e5e23251c6a82b076f19ccbfbcb

SHA512
16e247e5d180bf010b2810ff547d24d20522b580c04a5382f9b5ddce847eedd9cb7f6ea908c39cb7edd80c78caed604fa823859d79f04f7c87e1b8d6bcad8593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
967038bbe5d64c0fbd4ea74cd8a95153

SHA1
ee60577d3caf0879e47bb7e784f0108a68cf22c7

SHA256
8c69be44e29f5897321770159e729e6951eb8d716d5a25c3265e0ddd20759df0

SHA512
4622e12983af5dca33a3d96002f8a051de1e57616cc72c21317f7848d90ddb4bbda63f46d9d0b80fb20b342f11ba8b15782595e2d3cdac2feab2794f05cb198c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f9b18a309e2533dd58ceec0c4aa18de3

SHA1
9b6a7e26234bfa845dc2bd0fea8e90a0fb49d781

SHA256
2826e05a89dd035739b9797669e3d1bf798e30598a62a352cef8976dca20b197

SHA512
0f2f914e9d5067379e60942160d46e0fc71c10d6ec6e2c14e0acb7568258b7adc01f2ad4850deb6feee99c446fd4b07139db9a66aae0b2995b8474934f7583e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0e9d142bb04c28b2158f727b318bede

SHA1
62381cd5d447f5c5457911ffededa23fdaf866df

SHA256
08712c6f259314756611704caf9e892f097bebbec93b37bf1e1334f5d3521199

SHA512
97e6b1b91d1fe990782bc6f2a1f812069cbf03193d345abf6cc520d48c558a2d10286a7e54458b2b6e862952b8d12ebae6367094b3642b591ebf290b2406ec07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
976c214aaa0da15f15f75ba7c196b899

SHA1
aeb4b7f2a04c3519b8fc78b743e442504dc2f051

SHA256
63b21df346b5f2b299b9f68bdf049100014870e63c6e6fa604124d4272ffdfe9

SHA512
488638f46260e41e6c5329df9d79c3357ee8254b1fd56f3baa7bc641aae4cd67addfe26a79a70285e000c8810941957fd0cc33b00762a7a28df7a4d1cd30d114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
deaee63bfb403a19baec8e2a5237488b

SHA1
3446108376bf952472bdcff824c132be316f3ce3

SHA256
d1c20c6ad1c0a6841089faa4401958ddce338705947943ea34318fb581b1f7d1

SHA512
49a8aac8680916d15de5f81fcc5289eeb4fd3491365a443ac3a77aca0c5105a09096bbb277bd016524a0c287c2248a929f7019f3fedb5b704ddeee9ed9f902cd

Download Submit