042d014c84b39a99694a066c938e15f1bcfee93680f5bbf9984b7c0739ad3555

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e271e06a10ba1b6946a7f83a75fbff9a_JaffaCakes118.html
Size

85KB
MD5

e271e06a10ba1b6946a7f83a75fbff9a
SHA1

c544cfec9b4c47cffd7b85bde2d11e83db310ac8
SHA256

042d014c84b39a99694a066c938e15f1bcfee93680f5bbf9984b7c0739ad3555
SHA512

4c8918c0fd8285e98d5c92f9bb95347db286544401b8ffe1d65df7a2e5d0c147ec32195dab2aea3b52f148e3c75681a4bf584e12f03481e7eb19891529b9a81e
SSDEEP

1536:7WVOZO8hf43L11r5t+e7WfKIxg+z/jIeILOrwAIm+Y+uuMyjd3Nx7:zO8V43R1n+e7WfC+z/jIeILOrwA7Z+u6

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	sites.google.com
55	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
1280	msedge.exe
1280	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 4900	1280	msedge.exe	83
PID 1280 wrote to memory of 4900	1280	msedge.exe	83
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 4892	1280	msedge.exe	84
PID 1280 wrote to memory of 5012	1280	msedge.exe	85
PID 1280 wrote to memory of 5012	1280	msedge.exe	85
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86
PID 1280 wrote to memory of 4904	1280	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e271e06a10ba1b6946a7f83a75fbff9a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee21a46f8,0x7ffee21a4708,0x7ffee21a4718
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1253327145220901725,12272805367359396816,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7b4ce414c94741e787c715e0d45bd632

SHA1
fc8d8798b4fe013305384a98d1ad336bb8b47f5a

SHA256
90f3d3d3d3938bd9018a1881ad78134de350c60c678eb863a5e3e466c75cd066

SHA512
fcb5befa21058dc3836b9041606942b1e72191ef17ed7a330cc1ee6f3005f5bcea6e1f58d00ecc98be7aa1e19302f7289611c057aa3f24576418dcf0bd1322e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1d5d9ccaa2d381ff44bf10d26c205e58

SHA1
eb7ab6b9860f453b5e60cf680ffc4c96b55a2b2d

SHA256
7d4eec6570bfa608c7eae89c2565d67810c957312d531e89bab26f80c4aa8106

SHA512
8211226e40ee510215f774908ae7bdfb00f1bbb391cd9d6520790f0fb159b08c99a8569e87f6e1d4d6de72f1a8b06f181dd8c807d31eb59c5f8b75e378c8a89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c7d492cf7262e4805f7830b7a34d924a

SHA1
7913b6606c3ea322ec256380cd9f4267240c6157

SHA256
dd4d7dc6235e6309596cca28640d8de8f7503b2ec57e53471842eba99c2b6035

SHA512
deb71ac18dc8755a0d483abb3818935aacdeec3895121fb5e446d787c56e1b642a4c91e8f27e2dcc0414c9d1bdf7908fc2c04edcf181c9a8ac2a8328e8b8217f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e90e391eaff300fe01da3a62f4bbff34

SHA1
f49e0cffda26e3b16f0a197149dd2ef324b7c4ac

SHA256
b69958ad0b47ba860e172bda1f5edede213678f30aa5afb9538ec15c1a71beb7

SHA512
e85618e3385c9de2c5f750718b00aa272bf9017cdc5575c5e921c4fde68c327771ffd65dfd5ba263db030d0321111a12264723fff8ccab6289ac47c42456c652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f45e70ea1466a7092aae531e24efa74

SHA1
84d55e44661fcae143846d1bf196ba5f5e30fe35

SHA256
57476d61301d9b842a0349c2ca84a87848892a5193c9aaed60c7f67f995025a5

SHA512
d5b83b11d829fbd304e9bdffcbd2a00cd3f73de9cdf3f3b77bb6f5f3d5c16e99a7e800221ed0c836e606dd26c6334825600b0224bb59169605f2207856287dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
114c7edbf9b198bacebb5c1dc6c8b0db

SHA1
f78ccc82a4ab3d406b971ba67664803a1c939e3d

SHA256
a800cac8e3acf2bffdf467b111192abb13cb250f1a2cb030d6945271942519c5

SHA512
240da57bca952fb096d2a72eb4591115ab62aa93591b9c2d8ef66b875bcadf42aa7c9e19c5ef6990c366c8ec1b55f8abf7c6726ca6d038a412fc317ee986a68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
70b02f103062d417f6f2d3ec97a71f0e

SHA1
6c3536341e2a529bde847eb88766b36b3f28fb41

SHA256
caae65b9f96749507d17bad86f75db15d1503cc7ebd77dfd78bcbd9980d17b9b

SHA512
e7e3cef6fe44ff313751f89c39fbda27d53c7c4afe2f9c5d31f992edc010d76d28a3b931981fc6a06ee6863f431f3977fd0be0073b6e84b4431a9563baaaa4ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ba91be5ec463394588baa5b357218790

SHA1
df4b98f1068cced3a4a7f650595f20a49fc65bb2

SHA256
8ae7c649cf9aa46f7968c0377c580516c2f40447adbfc9f2c07d579a76c044f0

SHA512
bcb5accd4e1ca3c0991d9e3ec9e50d810bf14c1622a51f7bb83449f5fcddd79efab405d1d496f2f7039881723d53625b0274be541e9c20930970ecbac058ee86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58072f.TMP

Filesize
370B

MD5
d8384cbb4e31284a29963fcb8d9cdf56

SHA1
e46086f4b2de0dea7739b4834ee7e99407d552ce

SHA256
4d455e5bb501e8ba17774be46d96e49f81b53fd46311e09bf49965dd9c4971db

SHA512
aec9a3c81df4e682e0c956d4af0cac1965361b2ec8c7772637158c5f293195a232ddc4fa1b824df4edb5da26c7a7bacd5d55fef8919da79aca99086cdfc76200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
67583c6c189f56c3ebf197f33bd391f7

SHA1
dad21b369ff0294e8d0778f0e7999c4fee3ea730

SHA256
f2829c8c8973f2422a47c61845d6c4d88c9106e264242e2f8d0d5a0b07dcc7ad

SHA512
6c0ea2ea9a353a1ffb9b1552f358b29919f39df81ec216e77905b856bfb50d80dd7a53db220f0e6184367b018e599961a7519385d09f14248957f06d449669f0

Download Submit