c8541350f182ad6d26823e2762bdc6815f11fb9fba64dd3da134986c52115e0d

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbb9f0d1de226ca84b2c2eca2d4ede48_JaffaCakes118.exe
Size

278KB
MD5

fbb9f0d1de226ca84b2c2eca2d4ede48
SHA1

48d76bb1d4a5fa995c5b0de36bda65a59a6ed034
SHA256

c8541350f182ad6d26823e2762bdc6815f11fb9fba64dd3da134986c52115e0d
SHA512

1a2e19bb99ed508e23a979ce72a00e8bd478683b1d21aef6d24fe362060893754d3efce95229f9cead864c68793cde50feffb3ac1d941aa4d16924ab02e5b0fb
SSDEEP

3072:0VdUQ9yNDl0j0/GLKBVqQ9Oof6Q1KSPF+Rd9iFiU5ZS2efWML3YncSmGQzYrNB:0VkhpWQc+6nSYRuOhSmxGNB

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	fbb9f0d1de226ca84b2c2eca2d4ede48_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
3076	msedge.exe
3076	msedge.exe
5044	identity_helper.exe
5044	identity_helper.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 472	4060	fbb9f0d1de226ca84b2c2eca2d4ede48_JaffaCakes118.exe	82
PID 4060 wrote to memory of 472	4060	fbb9f0d1de226ca84b2c2eca2d4ede48_JaffaCakes118.exe	82
PID 472 wrote to memory of 3076	472	cmd.exe	84
PID 472 wrote to memory of 3076	472	cmd.exe	84
PID 3076 wrote to memory of 788	3076	msedge.exe	86
PID 3076 wrote to memory of 788	3076	msedge.exe	86
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 3672	3076	msedge.exe	87
PID 3076 wrote to memory of 4672	3076	msedge.exe	88
PID 3076 wrote to memory of 4672	3076	msedge.exe	88
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89
PID 3076 wrote to memory of 4664	3076	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\fbb9f0d1de226ca84b2c2eca2d4ede48_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbb9f0d1de226ca84b2c2eca2d4ede48_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7C64.tmp\you.bat "C:\Users\Admin\AppData\Local\Temp\fbb9f0d1de226ca84b2c2eca2d4ede48_JaffaCakes118.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.disneyplus.com/brand/marvel
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3ef46f8,0x7ffba3ef4708,0x7ffba3ef4718
      4⤵
      PID:788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
      4⤵
      PID:3672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
      4⤵
      PID:4664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      PID:4460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:4192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
      4⤵
      PID:752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
      4⤵
      PID:2024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
      4⤵
      PID:932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
      4⤵
      PID:1692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
      4⤵
      PID:3592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11803624077667107206,11053005130261108272,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4016 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
0c5745366a44817de3c8d7776eb08ebe

SHA1
60e97407c7c1a84391129284dfecb40ef1d1b86a

SHA256
7c48b6f9d678b6f3021c8efd62cd691ac203b8b5cdbd0e7430769a9a22d1d41d

SHA512
a27e527e9b87ee59bf22e1bc0c548235ab6f003dcc968cd0f8f80c6da7ecee8c25989001ffc86cf427469daba3a0e9cf798378f49e4a92bb33d206599dd0e8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
968B

MD5
b7b907fae6c68249f50d34e5d4435f61

SHA1
f65bfd504cfd282a39137208fcafce122f0aa340

SHA256
08adb599ba1e603ba585051a83de10879ce5e23d66945734d5f1228d6d09738d

SHA512
cac212879d02f2816d7ab54360cb3969773c74c9103d576811704b0ba7dfdd301c5284f5f561adf903646643270f2e198c5b6b4b9f38218a6e51d2b8be2a7281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83b2532143e12a38882dac1668ca7316

SHA1
5c289cf217689956bc015a3472497a3eb1cee6eb

SHA256
3b07da810865c02975b88b157d4a3de3479c886f4372097fa09d5d6f484c747c

SHA512
75ac339b5db649305ddd997e01248a10703dfaa8fc70fd6cc6f42fe6d9ff3f5a2cc9a811f6242512975c82c7879b6646748e569ba0bfc910e3af9e6a8fbfebd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
364f340c2dec69630a5bc66b62469f1b

SHA1
bd3dfffbd380c96810f1d89b194731816e5d934b

SHA256
a8d5113a66966c6097eb071752cf68ddf33ff4fc17a1622708e29e4e4b4f072a

SHA512
31e7043e0e66cb639c66c90eebf18cc11c3796c5848229d4f8ef469d1fe5b788922b1865fe42d213cb03136d7067c285ddbdd6f11dfe77351b1668eea7f9b331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
011f195656abed2093e4160cfde8b00e

SHA1
93ac86ff0b6078a124daa0a1e5fb51950ca6b900

SHA256
4dc9a529add3421b1f0dc68e7d29d975e3c0093063408eedddca5659b979082e

SHA512
4ebd538eb9d5790abbc590475546a6f3571b93916405d54ae3d8eba85d090b8ffafa95f40fcd40dd4bd24a4f8b709e03b9fb26b52fb3e21cde3013d0ed3db18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d74.TMP

Filesize
702B

MD5
963bc010fb2dad5a789cd9ca85a31fe7

SHA1
cb76060c42da300e94a65d04447460f1406b40df

SHA256
0beb2d55df7ebf5c9ad851d20e16bfa30126523c5486378dd369047bdf785391

SHA512
cedd67dc5e38a8611c32935eda3f92041eb5a00d793dfb1695c0dc6c9264bf7fc17d4c384553dda595994e5aef94ba234f115f4690ebca216d7d66d9c5f2273e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d476796ad494ed489f6387250bc3680b

SHA1
69987b2b6c1f8862779e830e17a6daaa3bade131

SHA256
6ece59f30e32999f83c697b1d8e05827d490f1bfb9ba5a2a0a306c4d6d75f070

SHA512
c35465865e0d8a23bd8a0f582e75a3fd6d0eff645a05f0ac950cdc22c60cb4f8c22fe44f3625d0cc4bd10673f56b5856d9ac0035d553e31a7292dc6e7bdb1069

Download Submit
C:\Users\Admin\AppData\Local\Temp\7C64.tmp\you.bat

Filesize
58B

MD5
7e01dbf83b0bdde98fb2429b157cdf2a

SHA1
bdbdf40f970081343f76dfbc04f31c68d84668dd

SHA256
7328795c6bd9707d8a1d99d59980a27050de211b31934237dbcf170395d73d15

SHA512
8d4e2cbd07e22eb6e3e3b56dbd87666fbb509419db0be0d04834dfb36ecbdbe806ea720401a3877d3ef175a9a2df680b71184c6fdfe84b9b3bdcbbe70f908b36

Download Submit