71ae69e181ce81f31e84dbb3df8679c5609f2b5609ac9a6eeafda828c83b074f

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e81da434248963aed53ac315cf4bd079.html
Size

131KB
MD5

e81da434248963aed53ac315cf4bd079
SHA1

679ba0d4d8e05b2fcbd40aecfa57e967181a1b84
SHA256

71ae69e181ce81f31e84dbb3df8679c5609f2b5609ac9a6eeafda828c83b074f
SHA512

c10ba2ffe73fd62b158254431015925f5bce67cb19aba618bf5dd4ecafdda1a365ea5d4e43476f5cfc02ecb4dbdef291c0eb67b9a155bb603a5f5b66c7803460
SSDEEP

3072:C/4Fo7/Mxzt8aNvXaktADZMuLhJJM0cRM/s19of25RV:pVt8aNvXaktADZMuLhJMoI

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	sites.google.com
12	sites.google.com
13	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4768	msedge.exe
4768	msedge.exe
5040	msedge.exe
5040	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 3804	5040	msedge.exe	82
PID 5040 wrote to memory of 3804	5040	msedge.exe	82
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 1456	5040	msedge.exe	83
PID 5040 wrote to memory of 4768	5040	msedge.exe	84
PID 5040 wrote to memory of 4768	5040	msedge.exe	84
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85
PID 5040 wrote to memory of 3924	5040	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e81da434248963aed53ac315cf4bd079.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe18946f8,0x7ffbe1894708,0x7ffbe1894718
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,388717711266948639,372230362685028063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ab48d1d-203b-493f-add0-416177c4ece8.tmp

Filesize
7KB

MD5
eca8c6b0fbb8d54d351eb796a73bc653

SHA1
d5ae8d1650dc9c0acc354c5c816e7ba3d6be9384

SHA256
275028020e565357b430cff85cc4c018712b8940cd358ec646d741f77dbea8ca

SHA512
e92e23dffb6683f68d53d1f6eca81d30a623cff66da93b779f8df453a18ddcbe3e056ee12824eb976eb7ab5467691366611e15d567c5c917c6cd3177992f6389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3989d623e5c8884f9f6e5bf13b280f73

SHA1
7a0f11dcf23a96f4937831ce2fa2f2dd6cbc7e4d

SHA256
3564a9800b7ba38bb834d89ed669f74794ca26de8830baee4919f01ace0026a7

SHA512
7132f5bd6fa4254fe5b2b175d7aa8a75fbe8f1d3475ac6e8c3345e3de91401da0455849778e67e77b6d9c673bd04880295a6ced5c2eaa7557a8c22c01d8c2ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
a32307d25af60d9b505dbf127cb172bf

SHA1
dcef281bc7c9a074a7895ed02ea6868e0d6f0e3f

SHA256
c2178841992e88a51440f17048ef03a06d13ef4d8658646d560a82ae7a2c86cf

SHA512
7d3b3e303004cc209b534ba2c37ef1c4ba21e97bd01b5d253648fb7096f2cee1120aa4d614658d6c4c70ec9c803a8cd42b1bee827863eb8a32cbd5de492b0177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1b9a30c9050d7e4d4ee7085040c4cf7f

SHA1
8f7eae9ee2d3a6a7c8dab136fa08d3e34cfc8822

SHA256
600625bec0ee87cee43fe78ca81e964354cb6f33bd422eb556fecb9568b87869

SHA512
3b51f1f96ca24acee6d36e3de043ca696210eb7bb4dbd1ac3a1a54dd2aacef27e155e6212c5a949c2807e080612f20570862a469b2dcaf9c2a3e51cff056cca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c87772940e5b8ac00bcda78f61c37826

SHA1
68c8b150d292123cafaf5fcad6d2f96f32496f8e

SHA256
07cda1b1846af50058be5cc4a45203b3fbeefba0afe34772dc1567d21d7202d5

SHA512
dc6dbe736502ebe43da5d08bada973ef1ed9f91b3a5ca574c3bd23ebbc5f897ec396d3c524c0d5dfb33ab4b06c533c8ffb9252c9b4c3b629248c805d5f517a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d8c3870ac04d9e22e081c5b939244ff

SHA1
bb857f4a1ead929fcdf87ce262a38b10c7c11c53

SHA256
557fcfc6d1be010a62fd649475a32027eb47c34d5ee10f62c77b776225088d3e

SHA512
815d960d0c9c6f1d7dc23be0f9cb6c56f8025d91bd8e6502564e323173b08fac1732654a780f0ac9d4c13eaf86f36dbba6ef04f81bf33903e59b09afcc6510a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f58b.TMP

Filesize
702B

MD5
25b20e5cea79a3c36e4b5d56f486ca33

SHA1
fc3989f68934b3eee1a3818b91d8243a0dc135dd

SHA256
c7a9a8a7e7f3a93d210061f1aa01075830b5fc900ac813739071c8201af6cf58

SHA512
6c5d0164bd4256002a68dcdb8fd2459fa8077f119dd9cb09742a81199411513568c95ce61963e31088281957df123cacb3a1375d8214dc019e82a7e5f541b94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07e0f17574dde12e0cf33369f6733551

SHA1
eda2b9ea0a521bf8d3362051a6596737ae2bf974

SHA256
8c50ace57458ceb39b2be13bc2d9df7a01c3cf36b2c55c925e15822cf4571ba7

SHA512
1b8c38a65445bfe531a1166d19df43ea02326843d000f7c3cb4305c304bfa05fba2eea26194a4cc69e625a8e90996e2ec410d417dbf16fa79345c499e61b6a0f

Download Submit