e6778d87bd35e7cb8070265912a0cdcaa7c345401be48a01b39afd6fce8bc5ef

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe
Size

109KB
MD5

5e4c24183e4989e0fdc9399317c567ae
SHA1

ee27e6cda33acf8c5f3c0e3f55d3e855aa52ffbd
SHA256

e6778d87bd35e7cb8070265912a0cdcaa7c345401be48a01b39afd6fce8bc5ef
SHA512

7001616ec7e63e7415351031f7a4b3c57d06744d1c1b09c0698b471eaa6a657a489dee4da25e28a40c756ef09cf28cc73906002289dabcfb533b8e7fc04a8237
SSDEEP

3072:HgDmWThUfGH9Q+4Gl90SSSjGlezx6E3HMqtLGTn:PWThUfGHxnGlEx6E

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
2888	msedge.exe
2888	msedge.exe
2064	identity_helper.exe
2064	identity_helper.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 2888	4208	5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe	92
PID 4208 wrote to memory of 2888	4208	5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe	92
PID 2888 wrote to memory of 1860	2888	msedge.exe	93
PID 2888 wrote to memory of 1860	2888	msedge.exe	93
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 2740	2888	msedge.exe	94
PID 2888 wrote to memory of 1540	2888	msedge.exe	95
PID 2888 wrote to memory of 1540	2888	msedge.exe	95
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96
PID 2888 wrote to memory of 5112	2888	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd31e46f8,0x7ffbd31e4708,0x7ffbd31e4718
    3⤵
    PID:1860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:2740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:1460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
    3⤵
    PID:544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
    3⤵
    PID:1548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
    3⤵
    PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
    3⤵
    PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4801905208620505291,11056048622261701136,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5e4c24183e4989e0fdc9399317c567ae_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd31e46f8,0x7ffbd31e4708,0x7ffbd31e4718
    3⤵
    PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
319227d3843e4c4fd0ab8b459379326d

SHA1
71699c77cee83e2799aabf540c6773303da2376a

SHA256
5ce011cae053ff3f94fe5af4b4d3cf9c3e29ed5a1d6dbcf1ea7a4c231fa16697

SHA512
44bad64037d7138b2e1d1596314859d9ef76e0fb1acc9b059a3c81e5ab34c4c1409199795aef8983de3a7dd4669dd6232fa976ceb1bf7792962fc5df43e0b124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de62fc6c71f75583e256c6b667b3bc5e

SHA1
9de7a6a2c0a19112b9b184833b866d4e501bcbeb

SHA256
e987eff6111e9ab64aefe7f644afea7b2ff92fde2f0ede82110d5db727bb8f6a

SHA512
6159be9335431e9b87d84b16b5146473dd8bff7ccd1ce815e673936c5e4b2c7d8500a04232045ba8eea1ecd7842fc62125924bad8d07b7f8b047bb7743b1f26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00b5b54f45d9a7d4fa6b07685d5fac9b

SHA1
5c0ee24fe89877fed0f6447f1173fc10de6c4d91

SHA256
3e5a18f04e260cd1615453198f05f0c9a2fda8d54870ae7431d65f45dc7179c5

SHA512
9f8a58cfe4146d85c47a5fba7b5ad7497e95db8760a635b3bd6907c61f800d00c1f2ccb5acd9e3a3c432518c40c0b11d27649f0469e345691cb0b13b057c45f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c82e39ddfbcedc9c0316fff157da797

SHA1
d144ab66157640a99f10046d22791409da1513dd

SHA256
16475d89ef5706a32ef537cc2d1eb2a384b47874ef8be9351570084d7f24afde

SHA512
217d836f38c78343d153b7f61ba6ee9dd6b43adf4446bdf6b45cb67f83ee533e92510362d0db123ebe01507bff199edeec42804681589ce58381e971d3b484d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
064ea34af4b105576df551ebc28f4db4

SHA1
6922fbbe031732e1453307155a4becd180b22e27

SHA256
6a89eac47446104a8227e8c42a4e1d1ff33c71646479faab1c18adeca96b57d4

SHA512
efbbed32005b1855c74316ca81e9418f64ba29b733520e4282b51cec40fd25fb078a8d9b472677f00e1372c9885728210dab77f2e0c2adf2618d4e354d3631d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f2684b4f-f640-4cc9-aacc-3bd11de711da.tmp

Filesize
371B

MD5
90d47c20109245295f03e9a630806a27

SHA1
c3298ef2f4f4cc3b4e617f984ae42226ac259ddf

SHA256
e441bf350e2494c01a00042ef3a621eca14dfcceaedaa9794c195f3ad7b827ae

SHA512
0978ba22d5c00e195b23a7ffd95fe762c5e27d7d6b9bf2d2d64b46f952947a5928352f8b9801e204707e1bc3e05648bac6f34d08f81263ac6c604a11c8221ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
741ddb1984aad9bdf24b053be75b88ac

SHA1
5f2e1d3b9e7eebbea032d601184b6cbd2499cef4

SHA256
35804d850cb38da9c106cc0afc68ff49d80f5263a8347364640112b1142e17f3

SHA512
bf871bea0a5ea59674ed30429682638f358fbc747dd82df165696b4b08d9ce4974fbe84936f7054ffbf4e6aa6b307a9962e8e0496c44d2a5b6e5264e52c0d6b0

Download Submit