a30123833f06f31ebd09f14c00c5eebf213067c15dd5bec82055c1b62286091e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 01:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eed8b86e9cc28f81c71e8129e3c8dc85_JaffaCakes118.html
Size

16KB
MD5

eed8b86e9cc28f81c71e8129e3c8dc85
SHA1

dead74487529a40343e61d0fcbd507fe510ef3cd
SHA256

a30123833f06f31ebd09f14c00c5eebf213067c15dd5bec82055c1b62286091e
SHA512

46bb11c724a41965e260a7c361ca8e4c6d7b0b46bdffbb63e916c4ffa07d022aee2a3b776f6576e4f5d0941b19d2f300cd1c7a53e5bc48583d7ce2b305686211
SSDEEP

384:M36YQlBMHGr2dWWD/Iy0N6HMHiUw2p99CwL/BqDkc1vu1:M3huCeWNC997LcDR1va

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
968	msedge.exe
968	msedge.exe
5104	identity_helper.exe
5104	identity_helper.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1576	968	msedge.exe	82
PID 968 wrote to memory of 1576	968	msedge.exe	82
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 5020	968	msedge.exe	83
PID 968 wrote to memory of 1712	968	msedge.exe	84
PID 968 wrote to memory of 1712	968	msedge.exe	84
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85
PID 968 wrote to memory of 1076	968	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eed8b86e9cc28f81c71e8129e3c8dc85_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc5b746f8,0x7ffbc5b74708,0x7ffbc5b74718
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3676384826237708817,17891835947994886976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9a5235f2-fc94-415c-8652-490dcc134967.tmp

Filesize
8KB

MD5
95435d9c5b70fdec61ad8ede5244cef4

SHA1
9fcb6bf2a0d25ec336c34221369efaf62855fa14

SHA256
cfa8b42af9ddaa354b40919f310d0faebc1600270fd30dc1bb520fe54f32dfa7

SHA512
98baf5c8e667ae99e00433ab794485f4c155fa797711f3a5148bce60a61ef767e816110906a9c35272dc6b11170ee9e016d21ab68a158dae86e366a26953f0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
32KB

MD5
11e287ac9d9839e014c454bc130f2aad

SHA1
a99317dc7f83459e259621de9c78a8f2d92eeef2

SHA256
da1b153ae4dcb954aacf64758db80644b74344de78286b50ca58aa100c698be2

SHA512
602608f41fe43a5fcc16cffba00a1b580fd7f71643686875d09e5f3819bd15eeff4b5d1026d62d39ca2718c58290ee08cb9d91de7bc9a799315a58cc2f8ecce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
53e4cb99dc8c65e267bb56ac0c1f2402

SHA1
688513d625ceafb4d21419f8a803d57b9c09f9f8

SHA256
9138e223cd7211ebddc8aa06f9449ec6ded86d791b9b3b5ed05e1a0dd5e8dc6a

SHA512
8bcfcc4fe6eda6f9b12e381bf8dce53eab9490ed9c65b6889eacc3c19f08cf6f4bae19f11533fad91f4d2ff50447ae79c623c3d61102472dc8166df54610865a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
052c20e547908da3c4d46260bd5dc899

SHA1
4a955563fa1efd71c7623e0bbc0d60efb663d829

SHA256
2ab7fbd28fef54a454689de2c0f69dd69ef0a3c16d51ec43e8fac2ea9a2bd8fd

SHA512
d6fa0ad749167dc56729f259aeb8a29fc6d8280479d11b58bb0fbace6efcbde43c733f43be4c83107df7449eb895eb19756b478d57af1691567e564f9465c5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
122f0fed6c086a06bb6d5367434d0ccc

SHA1
ac794eb185a933513861bdae44ded417b5727e4d

SHA256
35f98287df6a107162611cb06fc178a82972158dac4c05bdab78c2e81f3af891

SHA512
2f016e1d922b64f78461856733a44dcebd7069954d76bf7c69951f17fa04916f0e3c4f81da86a6c20fac353c7973ee5ebb4c1989d1b4d1e4beeeb41b3bbeb4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c90d4df06e07de7eb80ff3f01dc38b7c

SHA1
edf576b27bd18324eb032af90599941937d949b8

SHA256
45d33ebc3329eb5f454a59603de6ce39f19aa62d0b43155ca84cbf5e478e7be9

SHA512
e1b9234fc2b0c65575d243eabce33af2c71921b170ce0ab2b9b12df237755f85ca8b5e0f768ec1c7da220adba9ed50c961b2600e8ce68f76598a2db1b7884c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b14f52c41bddc9a15591d01ab24c77b1

SHA1
99fc500235c28e58b8fc74aad65c48c09099b37c

SHA256
98345c97771863db988b6b5abb4ea9766a8dfcfcb8a4cdea2665a64b13c2611d

SHA512
f9fa6bcf2b22c306e494ec4ecd44e61e004b09b4a1c608395e86c9877c4ba6f1e01eb0369bdb50994bafd932066ed493cabcd77885c325c29fdd023b3133159c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30a27d90e8864f7b7164515c42b2f9af

SHA1
b7d59bf2553e725c4aa604e60178fd8b7cd6c398

SHA256
f6dad7672fa5cb2a7ee633a3018f7e4cca64183b57690cc2a28ed6a913a1ac59

SHA512
bd4f4a1f8c43d5f585488d8530466bb53037ee7bb86503a646477293baaf368c448dc64df00252435f9f930bb8bd23288677e6bf007dbb5ee24128d92ff0fc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit