67dbd6007ddcdb495dbaa0b951f8cb251fcec8928a8bdcaa744c395d19f61eed

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

068177e81001646b915484460ec9ccd8_JaffaCakes118.html
Size

216KB
MD5

068177e81001646b915484460ec9ccd8
SHA1

85b286db78802998ffd00b70d427aeb6550c8998
SHA256

67dbd6007ddcdb495dbaa0b951f8cb251fcec8928a8bdcaa744c395d19f61eed
SHA512

aeb610564659403c8f65d2e51ad445d90300fd036e813cc8e26efea8bd98b95c69d999cacba8ce7806505c50e01e5c7a49a926a125ede575c3c43ab1e0c99a91
SSDEEP

3072:0Bj1yZ73H1WqQouaRUo2WApuDq3mXXt8KNIOpTdxuHRNsX3MbGG9lE/sMBRyVTg:TDcWDHt8KNIwdOsKi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
4232	msedge.exe
4232	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 5016	4232	msedge.exe	82
PID 4232 wrote to memory of 5016	4232	msedge.exe	82
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2636	4232	msedge.exe	83
PID 4232 wrote to memory of 2740	4232	msedge.exe	84
PID 4232 wrote to memory of 2740	4232	msedge.exe	84
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85
PID 4232 wrote to memory of 4736	4232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\068177e81001646b915484460ec9ccd8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad34718
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5198192646963573880,8993907585191265482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
20edf2568a35742b70a0d18571a85e69

SHA1
82e9c43330b4a9a718fc36e6683e7bba9c53c912

SHA256
b0ac0b78a9f4cd09400fa94d6ce7d57b031284434239e8bc7cfb6ca8ccefa9a4

SHA512
88d1d4975dc9ecff380cd0db6f5f47c5e11b152810b9cc92128341b77c288b4f95f09e93780697b40f5c58e5b90b9b86f8eb3a3e55bc5866f6cdb0eb0441ceeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0175b323ddb845089f2077a03bd9d8e0

SHA1
e2177b54fd26ab639ad58c2f2d7b19f07ad8681e

SHA256
20917fbfedb379a826392c3707af8f75883962bd3f612c08385aa09fb3f5e53a

SHA512
c5bf7fd9a99b457c30de602f97ece5dceca2ff6683d0c9d1582e64d08efd08c15d4bb1b9e440684e46675fb9d59434d2f3f0117854d8b32bc5a040ed61865161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
1a8ce52e9c60cda417f62a6b1bf3cbcf

SHA1
454013d7cd4cea85d19f7a164d2232732a5d7335

SHA256
fec1ee9133b0127987f4a878a2e068e1e89b01f9503da1c8cf5aed2245ce2cb4

SHA512
0bd44d79386aa9fe032bba97b518eca59f6e6447c896fe1cac36895885f32c3e8d288040e71adefd378f2c62f0bfbc026db660ac0c19e57ba54bf5da465d8c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7f969286fb50910cff72c13f416cbc29

SHA1
edc59c07549b8459ffc7414a6ecb759621f84fd5

SHA256
31e861674df15f47e817ac1d99844df1522146ae00f729f33729b5bc7a4c5c48

SHA512
b48c3e9dfdd90a2af2f573b7f9a5ff435c16581916e2dcf6d5d3bd1eca4722656cff8c57a97fd486feb7faf28034bb94c72065af04cb7b03e799377203a5e188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cab3bca110e6525a2cfe878bc9f585c3

SHA1
733b2468edeeafe81492528ba9a8caa0bc1e1dfc

SHA256
3c449ee19e9958043d679b495a307253690ff09e8f04bf898cbde236a4798684

SHA512
1be9f6afbd5fa5aa83afe90679e96f363dd43c0a55eaf920607db4ce2e6148e5893f39f1ca34a8faedfeaf4e2664edf44c42726042e12ed447a7542f557fc90e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88dc976bce719b079e9ae57d3197737d

SHA1
71429a072b73c2839281bbf5df3c78a6330d8ff8

SHA256
02e3fbd4d934c8d2832419c62dd5785ed32745b96997559b19fb934865cf595d

SHA512
f6d5f090165668749d405e6e1c9217cf770e5f594a332c8dd92ea6e200c3b4fffa24f86f3fd519c42609e1dc747a7f057cc2b22be5c8840850291b86008f35c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b98db69df2241c744ed774caeeb91bd

SHA1
36924cc99a440782aafe02cd7e953cf575049d2e

SHA256
57011f3bd105016e4eac112d43f84d4d7a5bb5aae2e1ec891df15a6e8771bda7

SHA512
f65e37b988926cbe74c0e7afad6645ae996372f0219a464109a4e6273b9656172c697aa66881f26156672cdf22295b197bccac67675199d40a1fa5842fa9d972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
687e7785bb6df12e37a373732845b688

SHA1
9de4d0f5d250b4d5688afeb37054f022565fa9c9

SHA256
94d4c377c0360b4a48ae2f2e4eb021c32dc8705c1fee765419191cb505c1c0a0

SHA512
b49532aae77b1cd89ff25acfb2aa30a60a123c3afa9ea189e6a550a096294b225ee4ff11e9235d0e96d8875dea6fd4a1320174b40d7568bb6da1d1c83d7a85ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de4e37ec01090e22bf73b29d8f7a4af4

SHA1
10bffbe2f86a2ad73ddf96a5a46dc9d7c30b2615

SHA256
9f65f038e6fc27e1a5895af2801927a61341b63d4d230aadc94dac5ec5bc4e48

SHA512
bb557b89778657c59da14ddc273a0bfba29bd3a3daa2216b4f8eec781b36214824a590fef09c6fb8105fd55f8bfb478e936ece59bd4f1284396f4c523390bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582565.TMP

Filesize
537B

MD5
553c3cc6e697195ba323179cb59fdcb6

SHA1
7c49b010bdefad18fb1bc8097a3880dc49b73811

SHA256
e31d85381877ef68ed7c253b1d7401aa42c9d841304a0d9380fa378f336ada9b

SHA512
52c27f6c78341393d064b786d658d739c6433998b2c51ad9384fe4bcc2ba12e6b5e30b611a04dbceb7a20eb21efc10ccdb2d94c7633df47e29aca727e0d8c0d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c207fa5f3cd7b0df98db4b5b064b73e

SHA1
077248b6798bcd16a9fa9af5556ccb2cfb10b65f

SHA256
cb51f3debc12b1f628b48c2436738ca9e03b1507f2fe8e0d0aacd4f542343d4c

SHA512
b29e84850284d40fe7a4beafd6968e95ed4ec4c4fe3c08d77ce17f94ecf1b3bb2bc70c72a3de23744c8a4201a5489387dc235d0675cfc945e4e4867b5323ec38

Download Submit