b8eb557b9b7bfe1dd92f69d2c72851845581ccded32440d620bb49269a793c30

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82c19b45f9cacd2a47703e577bf05b25_JaffaCakes118.html
Size

51KB
MD5

82c19b45f9cacd2a47703e577bf05b25
SHA1

1b6fd520377244b4ef14a99647dbefc660b7836a
SHA256

b8eb557b9b7bfe1dd92f69d2c72851845581ccded32440d620bb49269a793c30
SHA512

3064d87fed4e7cc7977a075b7a62054cb51780b556c1f561edf109bf9e199682371e74d26b00ebcb66dafc0fec8b09a2ffd53b474e9cbd5f4f8d31e9472d4b28
SSDEEP

1536:StlPvB5HWz1zPzbz/zyzIzWzCzGzszIzgzGzMz3z3zrzqzlzsmRFsbnluNqm5Yku:StvLZYket44

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
1804	msedge.exe
1804	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1640	1804	msedge.exe	82
PID 1804 wrote to memory of 1640	1804	msedge.exe	82
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 1376	1804	msedge.exe	83
PID 1804 wrote to memory of 3064	1804	msedge.exe	84
PID 1804 wrote to memory of 3064	1804	msedge.exe	84
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85
PID 1804 wrote to memory of 2556	1804	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82c19b45f9cacd2a47703e577bf05b25_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,13208149634004710085,5462437845610187039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4400a44ca8dcf20c5ca3feacfd3027e7

SHA1
c84d9729979d4d16a69f866b33641e5a7d05a3f1

SHA256
4c165b62fb1a73eac29226ca2e3a39a665287bcbfb00664bd1af6f1e3f112bb5

SHA512
a07091abddc42c61275532892cc60906abde5c052ee23f687b7966a8ee3304f87f61ad6b563ee386343f1a574eabe6c9bfa9d4b8e1398b1a5939635dd4500408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
7776c2b22e30500bd0fd6ddfa6697770

SHA1
b0799f225e9ebebc584faf9e90c773b45cccf703

SHA256
8659ad096811b823f01408d331e533217c2696004da15d03631c2f759864d249

SHA512
a253c6d6b1ef14067ac5b4a732f81106c5d33ccb4b23d50ff09b1b7f7aa1d063e69e2d03bcf12201372b9c4ef052dac007c6a0293385f07dc617f7fcbe0c638c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
65ebc9f50532aeebf7ca5aea402c0ead

SHA1
564aa962e75a752dc376052ef885c53c49174e49

SHA256
cae2d7e6957e39d49d82ae646e7e5069b726a623548e15d18d7ffe25da45945e

SHA512
b9170fe5f27c6b30e69dcd6fe3b9a5cc4148503448fa62dc1d2e3c9bab16a15c6d9dfce6a1ac971830e7f0235ddc01bbc3932477ec29f9b3db5606268e8b1bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
51b4b1f4020d23bad8c35cff390daf5b

SHA1
3564c4b7280c4ffb308029ef2765080de1df146d

SHA256
8d35fdf3a556499b1e85317d32d1d1b177f401fcaeebb1047a03ca1067f0271a

SHA512
311b31b15aa25e13ae418ceda223f6d3461bbcfe1fe2152a50c22b885f0a7466ae41e3e7d93bc22efd633392d719a02fc19b53c923f6ae4c4c2466738901a4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
465c6d6e7727e82f99d1d82392f28a9c

SHA1
5b74ae16e111aade8b5ee5d06fe6e61f18828414

SHA256
21fef74def2f3f94efbad73c3a660a2c33cf38a95a9bc9022c698ac041f42d99

SHA512
884c067274977fd4a1aa8b91a41d5fb6fa5a7f5b5e3f0629dbd5e3bc39343f7d6f2c787a59125dc361c74f646522714291a8224a32b665c01d5742c7c46f5e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b8d836775fad663d3352510370926d4

SHA1
63ebf91a8955be7fa125710df10a3079135f9959

SHA256
a56d3862cf619f1f4baf4b9b8fdc4c8fd3a68f38c854cbe203aecc497f6fd31f

SHA512
edebadee7a11fa4fe67f962fb2c303e87ac46482a5d576a7cfd1622fe8fb7485cc7459df5a5a79b158db8839a0f5a5397664ffb45db81c2cb550a174bc1c6dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5df8a0239fe7ea2fe152734c2a9fddc6

SHA1
bbca53d86fb8e012ed5b77490fe837e0e2c92631

SHA256
9be8e9cee2dd18f866a573cdef69d6a0e207f12aeae0c1bcf77ebcdb7b24f2b7

SHA512
0fd8a6bc9af069d246dd4cb6cee3f4c7943e8cf7b3ba25b16e67d37d2947bafb9f0229a50f358e53075c99d0e46ae945b751376943f545a39ec2dce25ec7a5aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cb6630643dd153e262da3d53b7dd9f87

SHA1
84af30af3967e31bac1e114d53f7b896b56d9332

SHA256
35d1f8af1cc998c7fc3741d0f117cd1864ef29819410ea82c99804bc17170978

SHA512
280c3ac661810af7016091f1698605acd91a3d682859ff5ca27f5a37bdded4209a7bb1d259ce69f1d3f3e8f678aa671969843bf2c47138c9b425388e61b667d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
5ec780d3e1a403fbedd6eb7d4da46a53

SHA1
ba114327cf8d39425bc1f1ea01b5cc184b433a8a

SHA256
77f5a84905fbd8ab274ed0dda1b9d8f47e058fbfb792dae88182bf535e4fe034

SHA512
2a0b82d2f8bd228e228b439610c35a60bcc0abe7a70c932d6c541b7c1f96df0d975cc6197446673ac6be9869a1e2bd8db4af519e10ce5f3f4f3f770741d7ee88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
8e3580efb0d47232664029613de2c0a0

SHA1
976214e3cae27cf255e7a3b9afa98be3fc13e88d

SHA256
ac8b5e9a2ab2ddc8758ac7d6b8132cf838d083dbcec98feb0873e9448c72d742

SHA512
8f64788cf865cebeb6f9ca425a02a5024a70a42a965b1005ae8cefdb95c2cf46a98d06a9d71e9556c2fccd3fa2ff0b76470f2b94ea5b1d126a62cce3c5b54ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
33f63f1be4017d9ff6142eabf0d4369c

SHA1
3b7d3040bdaae9c8d952c899e6af060a1156ed4a

SHA256
28b4d0c520653936d9432092de89984068775d763400e846347980d9e6cc515b

SHA512
6505baea207e054f1ce3babb92b734c857621d4a21f5ba3710a590e02fc80578f1facd9fe81a217f8ca980eac35b7e4541a95f21cbd9d7f0a5bac8e10a98190a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5c1.TMP

Filesize
371B

MD5
ab0909a6c542324ce5dcff6d4072c461

SHA1
da9ca1e26f606788251904a24fe8a3cd39532d64

SHA256
4743b291b36dfe8fdd52480e1311afc1c0c7e94a1abd504c178c31784887b41e

SHA512
7340631242d768487621eb96d060f4e7b90892b13af26e883f5d013796bfd9920ec92e5ecf5adf67b002515b6e8dcc4568571e64e199fd902eb3b7a41537c972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c900effcbb00d93cb59a78d44c39b083

SHA1
227b769a4e91232743c398639c941474eb7ef857

SHA256
7bb1a36fe33adcb580bb2d471363a7b6766f6758930373c0c64d8082e59cd23f

SHA512
a1bf95890e7d4abefa7b6a17826f9345659750b40377649e03377d4a0c6e8e28209b62ca9bdefbe7214f545dda0fff05b0fa9e9acb164b9a16d2955a61c0a259

Download Submit