02d90a42e8cc6de5dea5ed2782f1e509b298773ca6384562f14794c1a26750cb

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff1cd696412a5e986b9def2bfeac3521_JaffaCakes118.exe
Size

57KB
MD5

ff1cd696412a5e986b9def2bfeac3521
SHA1

b4866cabf1968ae7acb5ef744f55bd63c04c4876
SHA256

02d90a42e8cc6de5dea5ed2782f1e509b298773ca6384562f14794c1a26750cb
SHA512

309d82538cf28b4b3d31f7f378ccbf6d38af8c29234b141e8ca21a7abb4ee30b811c0e77de9596c3e3b39091713a61ce74e5c6de832141eac4a7156e32140e0f
SSDEEP

1536:Je53/KCY3L3RiAfLiZaK+QHegWmw6AHjDK0UBUc:s3/VefLib5et60c

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3440	msedge.exe
3440	msedge.exe
5184	identity_helper.exe
5184	identity_helper.exe
6044	msedge.exe
6044	msedge.exe
6044	msedge.exe
6044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	712	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 3440	2684	ff1cd696412a5e986b9def2bfeac3521_JaffaCakes118.exe	90
PID 2684 wrote to memory of 3440	2684	ff1cd696412a5e986b9def2bfeac3521_JaffaCakes118.exe	90
PID 3440 wrote to memory of 388	3440	msedge.exe	91
PID 3440 wrote to memory of 388	3440	msedge.exe	91
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 1080	3440	msedge.exe	92
PID 3440 wrote to memory of 3200	3440	msedge.exe	93
PID 3440 wrote to memory of 3200	3440	msedge.exe	93
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94
PID 3440 wrote to memory of 2336	3440	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\ff1cd696412a5e986b9def2bfeac3521_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff1cd696412a5e986b9def2bfeac3521_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=_l2YuGAqNeg
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb244a46f8,0x7ffb244a4708,0x7ffb244a4718
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
    3⤵
    PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:1460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:4044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4300 /prefetch:8
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
    3⤵
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:5312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
    3⤵
    PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
    3⤵
    PID:5672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12666752162991931736,12671391128877737489,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6004 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6044
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s svchosts.dll
  2⤵
  PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x324
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9bf3a1941056959a5eba7360314bdcbc

SHA1
99344d4525cc7a159ab9cfd079b6dd0345df6851

SHA256
a5553e0213c248272671a9e9bd11ccff7656d1eb324f57ca50d1c2d97d166fa7

SHA512
6e210003c3b60dc929c7d825d4bae7eff3d4ace398cb8eea6e26fcfe11fa57c2d5c9fd224bff751e91a12860f96a0fc450ec07a820b8eb01b46ec855cf71a08c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
933cad1cb6423a8de322e25afaf83855

SHA1
6f758b9db23e1327c8af12fe3cf17aa16200d2c2

SHA256
05e7eb568bb3e79815047f76f9b40c5261ad19037cb6b5a72529dcb68d22b3ee

SHA512
9c7a77e1d2de58494e8751ee6ea46b1ad209088664cd4482704b72cf130efa455957d418622935a3b370b63ee56540a7fbed58f90627671f769ceb7fc136e797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
24edf43fe24e0e2e7352dbf325da6d4f

SHA1
26b8244d8366e748da623305c3640f7067c3c22a

SHA256
26d41b24cbbeb3c94bcbb52078ba4604564b15244e1f7a519d835a46101a7db9

SHA512
9660c8e0aac4c9061c535ffc8058d999b614e891b00bb60de16ba80a4910c79525538875174c7a6cdf430676fdb403ae63be39d2cba81518bb82e48cccf4af64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
c5fd7f5f32752edafbeb66b551d89455

SHA1
6104386d7c141fc49ad8461215f250d00df2f764

SHA256
7def2efc555664ad7c94ea06bdcbb89218dac9e672e60972b814a79fd215697a

SHA512
9bd627cc290f08c65c8b247771d048a68b2f894f881b4cea619aac01d246557527714d0a4068545e5967f63d7bd0c595d6a85896f6b9d3ed7e6549615313a378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1ad2e2900a11a29d6e86c9af32b020d3

SHA1
f7591271951fb0ef969f9a1c4ed9c43c5a7cee70

SHA256
450c5815cd65bdcb58e61e7d76c5d3d57280565c573f773bbec1002f6fd717e7

SHA512
35801052631e351dd49c4760760c666d1a5681fe4430ac2cef6c33c626e93ed6d3836d754179a28d0c124df47db6c5adaa49c6f80ad69689796316a66347a453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d7c6a690d363229cba16ef36966f09f

SHA1
8e7356aae73c5b38bdb3852b67ffb17f284f0656

SHA256
06052640e66106b75c3e0cbc8ae9b06cc93b2801a0ed50105f3bd3241bec8ab8

SHA512
449e49309cc587d2883340b749b7ee2b35a707b9dc120da7e5061eb7cb74ba6ec18b5dd900885a439bdb0916694637784e8ae1b17178d0c344660a693b965fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1779b53e5ac75aa25216cd522afe358

SHA1
95e420f69c4d44d6ad6a748b140e5bd80a2d5f26

SHA256
ea04eb807929c7a016d306705ac922ad2670ae7b0c39cc17fd9fd57fa057b577

SHA512
ce72655c5d22591854995eddb6e665ce36a1344f84bfd587c183b7e1a066defa64015e37a8bdc9a1e0c72aebd25aab9868df4632b822464442e3a0aef0714b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
338b0ce3dae9bb9924b73c271540982d

SHA1
cf1e8e7ec3f6d4c7a2d2ea27c6135115621299c4

SHA256
29b5de12519157fdb2cc55d43c4c3e7d8044d480836f81bbadd4ccb27a4ba228

SHA512
7971945fe52e68939d478d573f1bd92e970c8b6c0884fd769f9ec631159733814350a670b5e83b69ace76120c56bc5dca1a3548d841569ce7b46d77af61e3c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3fff346f-067f-4220-8f5d-9f0ee275405e\index-dir\the-real-index

Filesize
2KB

MD5
ac328a149b21600f29d853dd207750da

SHA1
d15509589c44648f3bf5e8e56b4fca0484ecd2c1

SHA256
5037b7758716defe8ff106371d6de570ed45f7a7add3867281d3de0fc738409b

SHA512
8f023c7d91c6c3c0bbbc48a7a6e17db34a07edc4ac8abe71abd5bfb21c1161e41499a7140f58b2c67da7a507a5396ccf8f9081dee621c43d9d0a1a64e0a397bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3fff346f-067f-4220-8f5d-9f0ee275405e\index-dir\the-real-index~RFe579ff9.TMP

Filesize
48B

MD5
9109c6d83e52e032ea97f5756be9699e

SHA1
c9aa93167004343b343df0f1fed409de296cc4de

SHA256
1aec4fa07b3c307107c7cfb2f34883224f981f82f3649476ab7e504bbf970076

SHA512
1a12599d6fe2952e4336132d194b7493f0ce3f75e9687f4a4f7db39d8a36bec7971886c31a4c9dfbbd30fec2364eeb37b0be879e04882816acaf3478470027bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d52419da-a5cc-4b0e-8e4c-03c57c8c2a1b\index-dir\the-real-index

Filesize
624B

MD5
260e8fdcf2e52f09d6d1e981fc597193

SHA1
a636e2c81c04e2b01b95e8d8a23546cdc61e1a7f

SHA256
8a6693e2624c1ef8cde6ecd0e54db67618c80f8ced5fe1a5a0e7a6dcf6b17bbf

SHA512
ee82d9f3ab2659bf9586fc7c1a5bd3f3cd490141bd89a0ed3374a516ca90e789bc4a7ecfe8d4dfc53a7f655d8668dbfea9c935bd03ba6063a6ae4dd88b1bfb0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d52419da-a5cc-4b0e-8e4c-03c57c8c2a1b\index-dir\the-real-index~RFe57a2c8.TMP

Filesize
48B

MD5
3a8df33e7462619e7066bdb5d4ce7461

SHA1
4cb1f9dc78780dda6f4b1824610a821dfa87649e

SHA256
0b2c032c9e60d256c9f38f07934fb1c3ac7a7e64fad721a0f7fa8f33448df4fc

SHA512
af971533e333f0966a9f4f2e12f325f954e8494085b649980b82908159c3dd9aa06856e5852743ab26a6f222fe7a0ed27b0c192ef0ebaac34724d6126806f963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ed894cf4ee63c5443f57936e5c23c729

SHA1
20e96e0ab4d2d57e561c5623d22c91eecbcc60ea

SHA256
a46ead145ad524d3be76350caf37a1b6c0b2b5dd77b447f17323fbf6889e2576

SHA512
51ce5bb87c895d355433224fc76d9702d9a1f8c9007993d0508be69beed1908f70bc3f92c69cbec6cc2ac036919b0a91570b93c5dc480f7a34f7aa8f59bb2681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8dbf0480069817ee47892d65397e6f80

SHA1
056c6427483966268661aa1f261b043a45232a9e

SHA256
785624bf568c633c01da0f580c8d426cf931eaa92386608fe214f5c4ea4573d9

SHA512
c5abd3042896aa6e6d99befa9d266863ea1b86a971ebbc9c2d2328e2fa265cc3ccab54f07d4e2521c4f0ef26712c82ac92d766f1ca3f2115fdf5a7143d901081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a7b9b35f9122fe74d09c4f325dceceb8

SHA1
4e2c5d71ad1813b4b5e9e119712fb38fefd11316

SHA256
3b65fb92855839a1184b6f0260fa2b900bb9a3dfddb249fd9bdbf56bd2dec4fc

SHA512
aadb49889864f8ce6434ff983daa9b9679163a469715eff3f08d74e4dfe8058d7b6036d991cdd66f2a5b4b06d33200ea93cf6358ae8509d49c90a1aaa50c3302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
5ba868fab7cc95ddcede994a0d39ca3b

SHA1
aa6f2939377ae7ca89a0fd7ad198e2c6ed0aafac

SHA256
c7a4a49d21264b4bc3802f9cc49dc0efdf6c7c27914852a1950fa8f734d13a0e

SHA512
e49aed6c551a23f88eea0ecf0d4071ecfcaa2d8505f0f767b71ed8e8154d8b322cc1ba4ce0a349e24b5b1b600d67daad7bd985c1f85e44e32bc5848be681ccf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a4ca76efb985d3bd5c6a1ea70aca0980

SHA1
e0c0020195fd6dbb84ada6bae1c137d7db374a84

SHA256
bd8c3d9d4fac72a60ce58f91ee6917571ab42ab3422bcd40a8ce3a798adcb48b

SHA512
7acf5045cd3cf50e3dec3b581cfe57a32f9459d2ec316b252bc2054008da58430dd833bea06c971451f222a558ed32ea69b0e18204637d2ce56b922c10f3cf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
18589d45be5cca7aeda2e9eb7badaecb

SHA1
48a54300fce4e05f8327e4aa1d83fa3562652329

SHA256
af4547c4f563a7bde05134e6b8b1f73ae2f7567f823a11b770365451aef05de3

SHA512
d44e414fc53a2f89e4dcf4f60f0d355e0142424b2273338b050ac7c4bc9a8b838843b0b993f4fb684f7bb6a21a5752ca55656fb619bf8316bbb1b1b014cca219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579887.TMP

Filesize
48B

MD5
934d2249ca30c7bc29f625ee52812512

SHA1
30a4d813e30f05c2732fbf3268dca2268b1789b9

SHA256
8fbd4c02037c516b0ee2f71fd4648c8afcc56a28f22a4880e732025c9f6ad034

SHA512
582f5b5e55cd8c2816a706e156a58e3c28c5970490891f85fc90b05630ad9ebb9b91beaa4366647087f2d81f3a484508ec6fd2591e3db6644300631c090a1160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
848c257eed694bba8380a96e01979436

SHA1
567f14219ed5c4bebf8be208295c7720ddde5c90

SHA256
db9a19b7abf250f1f3a99cfec8ff4452adfd3ba2d7e5a50fa2c1a89ee716a63f

SHA512
cfd7615b40ede3b5ab1ac6844cdfb3281f7cec707b411c6a2ac86a67815eae1078a90274733b3af64f4e1adb30ec6d123c638294bf1a439abcfeabee24ac4e13

Download Submit
memory/2684-386-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2684-0-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download