372369b79b9794b38982ff451100276e201aefec954407e9f59b63888b821dc1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
Size

620KB
MD5

f66d602223d4890829fc6378a05dc6e1
SHA1

9999c0b4769ebcf41cc7fbc1c2079039436a5afe
SHA256

372369b79b9794b38982ff451100276e201aefec954407e9f59b63888b821dc1
SHA512

7b49c83ec0262ea428897f5cd9490bf13aaa52250e6498c65ca03b6bb18eba9c1246c77ba972938fca72ea38dc8042e314d45cfc7e54f6d0f643f96737949f27
SSDEEP

12288:Wnl59wFrMA6dG+m7JYDClJb5Np1XT0ceu5bQb8zvMp4Y:WnNwFrMA6dG+IJYDubDXT0cHb68zPY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
2060	msedge.exe
2060	msedge.exe
968	msedge.exe
968	msedge.exe
4952	identity_helper.exe
4952	identity_helper.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 968	3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe	82
PID 3472 wrote to memory of 968	3472	f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe	82
PID 968 wrote to memory of 4868	968	msedge.exe	83
PID 968 wrote to memory of 4868	968	msedge.exe	83
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 4632	968	msedge.exe	84
PID 968 wrote to memory of 2060	968	msedge.exe	85
PID 968 wrote to memory of 2060	968	msedge.exe	85
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86
PID 968 wrote to memory of 1096	968	msedge.exe	86

C:\Users\Admin\AppData\Local\Temp\f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f66d602223d4890829fc6378a05dc6e1_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wisedownloads.com/Installer/Complete?source=google_dm-display-gb-336x280_v1&reason=complete&user_id=7ecca051-f811-4b25-879f-6996b7be32e0&ask=False
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffb2e46f8,0x7ffffb2e4708,0x7ffffb2e4718
    3⤵
    PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
    3⤵
    PID:1096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
    3⤵
    PID:2076
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
    3⤵
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
    3⤵
    PID:2388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:2428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:2136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4102410551391624511,17037029833527357579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2964 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
39c6697e7e12f6ca27f5e3f6a6e756ad

SHA1
4376b0d5cfe19248de7f0e5787a8dd53f83bdc26

SHA256
1676f8c5512c111f5de726a672a25afc4bc3e22730b2e235186247b87f8b3c61

SHA512
10c21acdd74cf78f905faa9d86a1248fc1f9b391ed38e5b8d73540f1a37b40cced31dff22fad6a8b94d523421c7456ebf54e425527b959a5c17bb1a246341523

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
9bbfc5d4bd0436eb57f7d76ea8b6f573

SHA1
ebd8af748d27d725aeb522275b0030d168f57625

SHA256
11d08f8a8a3f6c0b2d8af09d93c95524671e98845fd94aaa9e6f698f2dcbec21

SHA512
e3115516bc270f4524bc5c703b957539d6ec870abb1f5320727c8ed44e1910fd2bb5c351c26ab6dbd2b434be0aa6b55c636910438a23a8cda1e8ae69a7f7913f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8d538dfd8e6f471d1783d375a2a21690

SHA1
6d8dece6cd37d9586a99efd2793f0207abf16f4b

SHA256
d555607ce458e737652161848042f929d0510f04e8fd19823456964e4a6e2be7

SHA512
306e8e381b2efdfd66eccb340ea14a10696d7b088971d60c7fba56397864a5a004eed85f2d00f84aed7d2af3c5065c830f4ab3ee3102080f7555ac1cedc09f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5fd11d056830a793bc986f5db9c49430

SHA1
5dd355b56d49a0c16844370ba705e24e320f8c49

SHA256
841d21eeb9cebda003cd30c1ada94c751ea1b9b6893e3709af6f17afce4fefcf

SHA512
927f5d5b39e9d8c94f1597072efb5ade92efb63ff6e4f6c6b48aebc2f4db7ab73a4c0d17c8eaa161aebf15c0f632fe75b5101464b98c2e311c1649e06592560f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
765b10c363e78d2fceb04f55c740a242

SHA1
f91a4892416ed450781c09e6f6b9ee1ce1c7a8e3

SHA256
c636b8b4f4495a8e9d5146ff3c65f0818c791e37f93b96298f176352904aabf9

SHA512
6d582eff849f375ea8b61706e316bdce4fbbca0fe1bca8ef38c5007215b0bf0633e26453394506102501dc09bdd823f70d7676d51b44aca79608d665df64344e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f94e2b3cf1809143e4343296901a315d

SHA1
10075b594ed7fa1dfa3dc432ab6e036e0efcf91d

SHA256
61a2e672297ba7fe03cb5cc7ffa648690770e23e19f02e0da3d8c119f816ac29

SHA512
d4f4c798d762fbdeea2241695b8ce2bda1d8660e90b9a9d43dea67e045b5698ecf8a6177d00dd3901e71de53fae917c45164e1d5c8e7a882d882399be274d274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e6c57e8e2c3081e1e03b923b3f7cf02c

SHA1
1df37a76a9c5b8b61dd78548ec301a58472855f8

SHA256
a940bb2dbc883c783f7960e7d7f1a047cf82e6b11f68a04a1373c68eff5e7fba

SHA512
5cb80ad8ce3075a8fe81b1720bfe62cba8ce04019cf626922d2f7278a611b112938db04244049ea1b22b646ea164563b57ff86bcf6a698be5af83cbc338268e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\offconfig.temp

Filesize
6KB

MD5
135aa39705cf8e92a5ad36d4e4cbfa49

SHA1
d3653c7fe4a49d408c98f4d4e05a21deda0bb36b

SHA256
ce49f626b2523b86668ae815a2374229e839c5adb694894f2da382bffdbf219d

SHA512
0fc6fce761908c66d3d10a144c2b96d7c4ca59ca53b837b3314f9245dd02f605fadf088163d709810c34942e06a6031003c939d2be342d8a8b5452e02ad490aa

Download Submit