ef6581aca4a16ef8f83ec99f3f6ca75f7db1a40e51d7490b9e8fc647f5b1becc

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23bd257bcf2d5e3a94bed5da5657ff89_JaffaCakes118.html
Size

55KB
MD5

23bd257bcf2d5e3a94bed5da5657ff89
SHA1

fe9d4d529e2be6c632465c67746a2c0fb0c21bd3
SHA256

ef6581aca4a16ef8f83ec99f3f6ca75f7db1a40e51d7490b9e8fc647f5b1becc
SHA512

cabae701a05ffeccf4d154dd5bab75fe1897a6b49ad06e8feb81733fd14fecee1f3da2bc79c5df705259af1bbd6aed6531865ddfb3fcdc85dfc91f08146c66be
SSDEEP

1536:SujAZXPv95HWzxzVzdzJzbzVzuziz1zRzFz5zizGzMzezBzuzfzETmuuYrl1sbnz:SujAZtjuuYBPZYJt4e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
1568	msedge.exe
1568	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 3192	1568	msedge.exe	84
PID 1568 wrote to memory of 3192	1568	msedge.exe	84
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 2624	1568	msedge.exe	85
PID 1568 wrote to memory of 316	1568	msedge.exe	86
PID 1568 wrote to memory of 316	1568	msedge.exe	86
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87
PID 1568 wrote to memory of 1540	1568	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23bd257bcf2d5e3a94bed5da5657ff89_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd37b946f8,0x7ffd37b94708,0x7ffd37b94718
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1081963176820238190,17191185723362008135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
432268e919bdba08ae3bb6d75a70ba16

SHA1
70f21b8b61c4f70fa717fe207045e169e3947998

SHA256
b45d47d37bcf1cd15dfa8f00e782362ee7d9647f64459a3d7a676a11292664b3

SHA512
d122683bb8f163787fe588717cb82a659d94b488d6398cfc94de810c9a8e25a17fa24b28f6734088045040f1c687ebbde23b665e638049aa59837c150efd84ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d445cb98b123dbd4d0c67e86dfc07e7f

SHA1
ce84fb06023667f93e0bd92c18e4a71fb56cade5

SHA256
5e777f3e9cb07128aba4f3a5d0e45883d90ca438f227599df3ce354c7eff638c

SHA512
6db65010f5e1a98bee4e041e153c44b4e27aa9c9e81238a62dff457da869b88753e19b6cc68b9aaa121591c51415a281f882b9e4ba79d15b3f06bf27fa127907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac26eb8ae493ed70eba0671f65e3fcd9

SHA1
7e28f2acb9e343ad7e58e9a1fc85c785ab50f693

SHA256
138a6fb2033c5968e5070847b86caafd4257c2949c33e87ad2dc930746617382

SHA512
8c96b16065615046a002c51880de5a4fb77889aa6e598742d05a21e35eedb1ec078de8dff6d36f910b5e8d0e8894fd647263a43dd75936438594d1a28da9ccb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3517c52d534615dbe9a6f5d28d9a54bd

SHA1
403fc29cb43071fce8543334d2c8f1b9325adbf2

SHA256
0c8ca017f42528803617371d7fa7e4be677cd30595610437a24b0a7d1017d8a8

SHA512
12dc51a3f6bd8a14b0739883a5e1e939814cb2269b4024dab44a85bc0cd102e99c6ea1e06b285fa0f01d905db5706abdb7f6fb90a6e1836f2c31de8b1d7c691b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a75e14506637c7dc79bc19ff76f4746b

SHA1
c3324c5b008f51c7efc68eca396b3a5e4d5256aa

SHA256
79abafe52da929eee0ea43cc244ef4a1720bd28bd2c0b927e64906e67bc6045a

SHA512
488768b8edcda72df8432ea8c4a9f548e5364aafb6bca0044e5b41c500f84c30320f295f7ec678c7e81b60728cf7f5d78424689cf76d820130877809ef287aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43e1f18c4eece8e3968fc4a51090e74b

SHA1
e6e00603a36f4bce0cf751ad2e98727fe27a7098

SHA256
7b88824aa82321fb3f02536f8cec62ffad346e5ea26a904f1b48462d3cf49500

SHA512
55f1ba741031414ae1aa58e8215c204877a8f065677d72e7fb846b2b6c58f8611f3e3c9aa951505a1876edefb8213d0464bf8b640f4aeb0ff18b58610e5b9396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e918dbec2d3202f47d7d2fffc32f8c5

SHA1
5f293b43d2d6be7522338f359d77ad7fc8f96c03

SHA256
7fbece287f7b2e1804b461ecf89c06a6de4d2dafde1c39996c2fc665bc34667c

SHA512
e078c93983c8f097801a76d289db248998358d099070bbb59bb389731a5350a05e9056abcfc9638c9f3f2a3e01f66f41cebf12e0b7af1b69950fcd614086ff94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
69f021ca4023b7dfc336512e9fd03a86

SHA1
92c0b4170fb337f1bfd61ce0280b1bd83aabba47

SHA256
543f7e311d380a205dd19ac621f8cf73a3c462352de9f520ba04838ea3c1e3e0

SHA512
52d0db889905be1c66e5d34a1e2eef8c4ea936b8a6bf0891ac24b5ce45aa993a0ad21cdf04e35cce497ae4cf08e959c43be5504c9f242da525f2c733090808ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
ea71b38822de8e575fa93b019ee8448c

SHA1
c32cf786f78cffbcc941c2ed6bb1bb6e06c0f8b2

SHA256
5d1e201b94f5b6e41f5ece46554c590f198a2a39422fd22387751e4b52262a2f

SHA512
6339db91486ac3c3fa7a6e96b03aed1a85ca55a8e42e872db8f6ebab04777816a9d9400da5edd2db6d744f3e2ebd4417d72413d01a2c2b8def11ca2b60c0bf07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
4232049afacda4273783385903380735

SHA1
db07ec833d97be2f87fb59e14e135c656f2c5f26

SHA256
9983771a22710533af3d42499e451984b319cf4a2f73642a48f2a17a23baf11b

SHA512
51567440703306ccda4cf43152b9b7787fd8cd775711a483c03a0b87135e99d53ed064a744dc7e497d0325aea1c87a0d22eef0b2ae18b7f56321f34677fcd767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c40b.TMP

Filesize
371B

MD5
419f579dd158d7b8cdf94968f3f2826c

SHA1
752f1b2157e1b3dbc8973afcccae60e96e0eeb57

SHA256
579388df9ac850b87e95a20efafad848c902540cf5cb163d23b7192d70418a08

SHA512
a6883dc43b3ac75b168229169e53a60264dc5da9f2a147d40f0de69ea05419bae3df04737a62b4367e7b49397d54ae8a196a3a5e8be5f95d5495de684b11a2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc532d0580d4bbcfba466fd1598902bd

SHA1
42a34fafe225f24e84a81d7204f9f1973a82aa50

SHA256
88588abc1508c3ed12ca8e63d79ceff45242b2f0e3260ed3952527534c4e1137

SHA512
b0b93b1259a41d3a7879460cee3c3462f7d2e619ff2174af630654344695bfee205b0b415151c329c121f011a4ea4024982569ab97fbc96968183784761ee459

Download Submit