92e9bd77b6e8e2e8c21e0c0bfc85c5e5a1afc90d1af921fd0c1ebe853e5cd2de

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33f3c2a822ab4036dd53597f7d450464_JaffaCakes118.html
Size

44KB
MD5

33f3c2a822ab4036dd53597f7d450464
SHA1

5614e925bd99d241d67bde1db977e8399414d2ea
SHA256

92e9bd77b6e8e2e8c21e0c0bfc85c5e5a1afc90d1af921fd0c1ebe853e5cd2de
SHA512

b9c51bab9471095fcfd25d221bd2b820dd34bc78b91ac719da489819d74b2f1f144bb1e9334b71932a8b6934678e8c8e1bdded8594d3dea083f9125219de706d
SSDEEP

192:uNDp3m1bXa/tbZbmuOcJujQKsIibpJXwA7PpwHKljTByLgnWv1UD0os:8Dp6Xa/lpmuyQfIeUAjpwqlXByLgWd6s

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
948	msedge.exe
948	msedge.exe
4932	identity_helper.exe
4932	identity_helper.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe
948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2520	948	msedge.exe	81
PID 948 wrote to memory of 2520	948	msedge.exe	81
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 3580	948	msedge.exe	82
PID 948 wrote to memory of 2556	948	msedge.exe	83
PID 948 wrote to memory of 2556	948	msedge.exe	83
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84
PID 948 wrote to memory of 388	948	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\33f3c2a822ab4036dd53597f7d450464_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1e1646f8,0x7ffc1e164708,0x7ffc1e164718
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,969267318419326679,13991992086144709890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5b7968e7ce783ac5401537a7f04aff05

SHA1
dcd5763b333c0568825ea694157cace46ad23f57

SHA256
1ce0e0fb0d888548f21c41249f8268da3cdec6b517b46ce4c6da60b1dbec52a8

SHA512
4b3008be01e22811ccffb8f6ba72d1a15a8a6628d5bb8de911879f90f7676e846d1e9f62a05d8def28149cabcf5f466e3ceee252258edf25c5542c1364573bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8b1ac17b4da52c44ffee8047d174633b

SHA1
88081201743fb94d2de9bb0ea3f5a392327490f4

SHA256
0c51b78955118f566b40b6463bc1fad16662a395d8e51f18608470a51509116e

SHA512
c11d0c6e6ae35852324b7a6bfd702eda50c1b3984d7c7bf0607842545cdeffc66ff80e062a239946a0a05e88a8db6c4e50d23e885a368d73d67a8c7c9d9be9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be7c12080d47a43c637bdf13a5436205

SHA1
c4546308a77efc328d459851f0f859dbb9b918ed

SHA256
7d82cad739ceb3011c5e4b870e63bed2a723d3633cadbb9a5acc4a686214ed57

SHA512
29bdfbcf5941189f5d5e8df19ba78d0bc81cc70c83b57c545e3d61d1df9a66aa12132f2c729287a953cc987978e42714e10e077175df9e821cd30dc8596e779c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df93b6f53900eab5ccf352add780f248

SHA1
2b755cdc4722f6ea06193046db60ee3fc26b375e

SHA256
e87cd3065426e82aaa308a822966dfdbbadc34b84b876e89ebe648667f6ffbde

SHA512
875aafbb9a0674baa69582bc563c246c3b9dbcdae096151406bf0a99fb86a6f5c24d27c888252bcc84445eefb028b9dd051eee6ecc66e847a2caa12c0d22911e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
067ce1ea24d4ade67c40468429d58fb6

SHA1
1e458825a85fe1c8b17619c023cb3abf846117b6

SHA256
a220ecdc5cb8cf687b18081454cd381ca0f6306070a1246ca4559b8bbce0e422

SHA512
30229a06e31da609337e35f9bd5d37e1d5b717692f91e4d4540b024f157f869c00cde96d9d072edbca963f3a8d06e796166b4cd792fe18a4dd6f869f47a3dd86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580858.TMP

Filesize
204B

MD5
7da63c61ba9af68c2eeb150d2a95be9f

SHA1
1b89f862badd2aaf9db60aa1cabb94ed72bcee73

SHA256
fa129d4474ccbfd7df5fa728eabc08c3620c9d537e0aade262020685156d8357

SHA512
026b69b90788a45255f4f34a857a0011b5973be9af927604010589e68e26854ad5b7f6573db11735b6a744f5d3b7258a568020f8de5691324ad6e4ca42ec2484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8730189-72d8-43f0-b5fd-fac398f4dec8.tmp

Filesize
6KB

MD5
7362e67338f33ff7dddf0726a6288427

SHA1
a492c917115023c0088fc34564ae1a5c4cb413b5

SHA256
56a2260ef904823a31779bc8d95190c68e40e2faa7b3d090c9945119a2a888b6

SHA512
b4a4f6b6f15c9a8abe5d82dbe4b9ca6040ff799f913b6ea7863eb1e30299b0b4ece4c9da1002ed671f3da00a9396052f58babf48426c7474c1abf240e1c335bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a7ecff23382086b661e44eb2c1d10da

SHA1
498e04a847818b1a04b976181602c7dea067e72e

SHA256
b93b473914c62e8527a08d67c9977205adb0021859054b37bb90e543f67bd77b

SHA512
101ceb3e563cf9348003490750cbd3d1592f8dfed3961ca01e42974f7d4ffa15e649584fa327ec8aaf3f2cefc91aab8df4a2b33de9a09a731933491a71a602f3

Download Submit