8934bf9eb46abee79bcef736ab7d49a879553f4ac62548800c7bab6d42836624

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ee8e2c2f549745f7ac76f09fd2374d3_JaffaCakes118.html
Size

353KB
MD5

4ee8e2c2f549745f7ac76f09fd2374d3
SHA1

e523d7e3529239945e7dd0f3c85fed5f7b331608
SHA256

8934bf9eb46abee79bcef736ab7d49a879553f4ac62548800c7bab6d42836624
SHA512

243292f9c59c3eb07bb9ab0cc46f78674682477f789bd7c7a5d1a0bf5d9b122062cdd6abe1ead3f7e617905416e854baec1bad360f9c423004aa4ddc06c7a5a1
SSDEEP

6144:sSykED+RELVzhXkA3d8VZQvmZV2lms5wBpknvjXGXgcD8yKQfBK:ZRELVzhXkAN8VZQ+Wh5wBpknvjXGXgcI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4708	msedge.exe
4708	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 2648	4708	msedge.exe	84
PID 4708 wrote to memory of 2648	4708	msedge.exe	84
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4672	4708	msedge.exe	85
PID 4708 wrote to memory of 4048	4708	msedge.exe	86
PID 4708 wrote to memory of 4048	4708	msedge.exe	86
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87
PID 4708 wrote to memory of 1624	4708	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4ee8e2c2f549745f7ac76f09fd2374d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1807029799570900764,17390458630930496890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
32KB

MD5
38288a369294784a5369e7abf03a04e3

SHA1
b078a4e77e8f92ef8ebd52ad508258314dc46359

SHA256
ab2fca2ed379d5f710c7a741b41aa0657ad41d53f70d2e1741417b22e4ba516b

SHA512
169fc48ad74690dacff887171eb5e5db9b1c51e8bcdb57352803da80643a3ccbab55069060f6628298f134714d107122cee9e66f34c276a7eccab33d3036faca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
99914fee9faaf0da23228235e0e18605

SHA1
13d588c78b8a25c19b1e3618a2377329561bfcdb

SHA256
20d2d61e4f8fb6115e1568e5d5ec890f946b99f7c705cce27c8055c47449258d

SHA512
e6d03528fa50a6745f2f283f8ac49eb1d2bb6dc413e9b561527b9510b9511c83b2c1edf145ca4ca9fb8adf4307e5b22f32aec4a41e951ff08597a5a216164028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\39a2ec1dd170fd09_0

Filesize
243B

MD5
5b5a561bd0c0e7e14b35faec4635b035

SHA1
0deb73903448a9b78712646efe7a76eb03a21b8c

SHA256
2d707697aad0494c59db749223c020040b1b8e84809f03edac28661457fd2f81

SHA512
de3b6cfb6a9d608ecdb402762dbfe2fa11fa05547a68473e2d08265ff7d58f3be6c0a67c7791d742022d96b5f0cd1845ce8c72efe3d6019cdc80c990f4403e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6baa92b92b814fef_0

Filesize
233B

MD5
ab895dffa11f6f9d71451cf91cd01cec

SHA1
9c1450eb62c527948c201f919f0835fb5d218739

SHA256
468a6c13a729ab5a1a534e96f62c658744cbf545a718930db1a0cb378c38b246

SHA512
79d1686970fe14efc60f0f7ec49a5b8381b48d1ba852b05246c6d8a12622fabdf778a708f88c88bc7a291cce8ab6b87329dd1bb1943a5573ae642999231a5406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
007cb7ca416ff33d552cd47cb758c1ab

SHA1
faa597eb23ab0528364499b7b13988a6a3b3efc8

SHA256
8f52665e32b843ccd76cdaea4089a13b002fc904e8982ab83f167bbf08342883

SHA512
2af0aa99e74b0e82681a6cdab5d3594997579ab2bbf78408328f816c0bf0b1610d19a0d9531b1826942f980f659e74a707f16b0ec61247f5d25c1a28108c7f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
a6e1e4d4fc1ae06cb4c0a139d890aff3

SHA1
e1239e2e8df2677e09fb489f80c94850897e9eb9

SHA256
e178367524159d3416af6a50a9110e48dfcf8d02b5d2e66805809758ad93907d

SHA512
e8b1c15b76106e2b8a0734f98d12fa4f1dd32029a9ad4e2a8f6a87e02748fb820ae7732bdca2a1404a844a051bbc792aacf41b85eecc02b381ea1a398632a64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
dbe0ae6309b88933efbba98e5630fe8f

SHA1
54855f3ad73db0ac92f422a4557e8d2e475c4174

SHA256
ce2480d42abf6b910357cdd58b2cff7b5bdb14c494a5e2d50007a6887244f957

SHA512
387aa5215fb60af78ca86d2023f1528b4fda4c5ce8ffbfc0476b0361148dd720454c3c4360faa43ab6234cb02486fd8fa445d8ae8d9f6157d3e602e92fe896b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
07d795344d200eb5cc820402f4c20970

SHA1
e2ecc51c2ddc556f64b84d0cf60d1e406c2ae161

SHA256
ea872ac44b1c7e8f213ee1b871bc635dc762f9fdbe0890e2d34c14039d3f8437

SHA512
39ca44c76f3ae8e35d52e3199b40d380daec68f4a8509db75c3c58cd0125f3a8382964b92ff66ab4c0b2c705397faf5aa49a860956890f1b7739419cb5937f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c573448ab477243094169bd71ea9854b

SHA1
5fae269060f2555b94e2999d2b801bfdb3237e44

SHA256
c2883f8609ab9e636a6da90fe0294d4454d0821fd5b7df4a493ba5f92df657a0

SHA512
7e257fc0ccf9a77d5f6a788855e44cd317799f846b4b00d5e28fe3a31672b8b7c4a0b2f14713fb2c9ef0ce11cad4924312e80bb9304c3c30e6ca76b46327c1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a4b6815edac1429b7703deb47ce1055

SHA1
59d222f825700edd02541ce8fc8518bae6860cc9

SHA256
e98bb9db6015532a1c2da38b39d53696c92361934dda079c41fd74f1daea3a6b

SHA512
f3f5f352a436ca75492b0bd66ff3bfee6fe749883ab4d36a205942787d2d24081ead5a98aeda11ec003a25343ad0c228e7676644c7499244c31931d2d5960e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7cca5140a631980263dccd2534a0767

SHA1
021fa9b009fc12e83d65702ee9ab0ebb68f9b5ed

SHA256
c890e5de0eb987785612c5dc08827a4eba4f02e1d6731e037641c2155303a5b1

SHA512
defdbee7ab07fd783968f12cc337a7eea31782f270c895ab5576ea67ed27c2f8557b17d592fd29c48aa810988276cbe6aeb51ff7a273a17a15288c24ef1aa533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e5e.TMP

Filesize
371B

MD5
48de5ae4d07f783a103a4a03b2b1ad75

SHA1
0f4730e2c4707b69f5acc697a573e8e5142477f7

SHA256
d4a3ffd83dac58560773efca89d761bbe330ea2ccafbe09d977c36bf6586fa29

SHA512
a8bc0ddb1b38ee92f12650aacc16d86f0f69e026534ead6a04e24a272b48a7c3d1b1b7c94262df9ad1746654411eaa5e4a99622cb2405a79f5eb36f2f0b64294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0d62d8d01aef8938bf3736dcaf7e1d0

SHA1
481b7f48dbb3c8d157c764236414803636c0e3ac

SHA256
35acdd56a3e6bbdb0397fff7172048af23a82fa7eb59286269e9e0e757a40102

SHA512
d5d8cb3face1e042045a5ac345b614bd32ae4ad975aab166462656752c996ebf7053fbe9ae641c14126f99ee57904a2af41e923104d501d9c2a522beb4b2ad17

Download Submit