43f9cd95fddba9d20f0cef68acfa665f63c8f938ac1540538c53e18f60bc3d76

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d4f413006106d3cab6d5e3122e5bd6c_JaffaCakes118.dll
Size

210KB
MD5

4d4f413006106d3cab6d5e3122e5bd6c
SHA1

706176990fca2848a591c03bba9ca09f02901225
SHA256

43f9cd95fddba9d20f0cef68acfa665f63c8f938ac1540538c53e18f60bc3d76
SHA512

ad3bd8f390dc34b50d70a38ebb9334823b43d4e66a8a975987102ad7d459844322588ed23b83e86a31502df9073d7c06883b5426424fe3ad6a0860ca2f3e93e8
SSDEEP

6144:gD3kWR7Fvv3vKbcF8PzXtFOoHbF+xEhRHn3:gDkWRZvfvXF87tFTHbFME7H3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4728	1704	WerFault.exe	83

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
2088	msedge.exe
2088	msedge.exe
1500	identity_helper.exe
1500	identity_helper.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 1704	3164	rundll32.exe	83
PID 3164 wrote to memory of 1704	3164	rundll32.exe	83
PID 3164 wrote to memory of 1704	3164	rundll32.exe	83
PID 1704 wrote to memory of 3692	1704	rundll32.exe	85
PID 1704 wrote to memory of 3692	1704	rundll32.exe	85
PID 1704 wrote to memory of 3692	1704	rundll32.exe	85
PID 3692 wrote to memory of 2088	3692	cmd.exe	89
PID 3692 wrote to memory of 2088	3692	cmd.exe	89
PID 2088 wrote to memory of 952	2088	msedge.exe	91
PID 2088 wrote to memory of 952	2088	msedge.exe	91
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 4536	2088	msedge.exe	92
PID 2088 wrote to memory of 860	2088	msedge.exe	93
PID 2088 wrote to memory of 860	2088	msedge.exe	93
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94
PID 2088 wrote to memory of 2112	2088	msedge.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d4f413006106d3cab6d5e3122e5bd6c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d4f413006106d3cab6d5e3122e5bd6c_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c start http://hacks64.wordpress.com
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hacks64.wordpress.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe295b46f8,0x7ffe295b4708,0x7ffe295b4718
        5⤵
        
        PID:952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
        5⤵
        
        PID:4536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
        5⤵
        
        PID:2112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
        5⤵
        
        PID:4960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
        5⤵
        
        PID:4088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
        5⤵
        
        PID:2708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 /prefetch:8
        5⤵
        
        PID:3992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
        5⤵
        
        PID:3964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
        5⤵
        
        PID:4588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
        5⤵
        
        PID:2548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
        5⤵
        
        PID:4820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
        5⤵
        
        PID:4960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,3728909485612405690,9366302165147843945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1340 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 724
    3⤵
    - Program crash
    PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1704 -ip 1704
1⤵
PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
a72dc5193634001708c199511f0281cb

SHA1
191c5b96ef849a5c2ae79cca70e1eb802bec8afe

SHA256
a9c34646bdfe90b11ef7f5bad8ad0dc44afb984f1fc90939eb8165030bbc8337

SHA512
7cbb385109981d408ae66f6d0d92e8ccd83919eedbb89b789d35a3c7f52c1d69ec58dd0320343a4c3cad4c1453199c7b73453c32194b6fedf9d3093ea52817ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
b3314a5131bbd97c877f44d6c2b10ee1

SHA1
fb76563ad021db9d2394647d21bc0b00513a6b9e

SHA256
ef589792fcdd3c97cc457672a554fe7aaef0a8a25387208cbfd2ddc08886d2fb

SHA512
3fdcc170f0189b6bc4701211f10418c79fb6d192e534401e23aa675191388aaf0feea390ffd9e6f9ba5d5ddf0086299a84a4651858d2dc27e3c6a6b1588c4d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3e4c2030c2b2e47c4de03d680e4761ff

SHA1
b89f0a26a8bcf0972d98c000dc921182e0445af4

SHA256
d5b72d1774e72ef3d4e4255d97cbfc14eb73ef90c1c5c670f7a4d2afff49e38f

SHA512
af20b56d70e1852f7392433bea9b9838308a16de1f06ce5661b9af25ab2f0f02ecc2a67a40e6080b0815f29194e060d7a86c0ebcfb4e7d39fb307be4dac7a553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7bde9f83af8fe9ee44747dd65363d15f

SHA1
54957a6393748e39460b415da5b65960bca7c181

SHA256
427295cadd4508ca6b9e925a2426672144b0a57d76d0f7708217c0670928ed8a

SHA512
9fa8d63b991cfcae10bd0270df6fd4ae8161db4a0468e3aced8be8672475e1352df4cbd43a886a4cf18a9851d3b65d06d0aebc059a54dcbb08cc489cbe1c6d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a396adf43a1eed3247e46e593c90b921

SHA1
a6d4c28a653117a66d93f4f16bce6df2f1e1565b

SHA256
b65451449c9f0eb3dd5715952a7de3559d0a046f72630be00b6375c65fba7039

SHA512
486c49933154bd42c0e1780cb0ddc2ec9f0dd0285929cf24cbd233c170f62dc15262366b55aca349d01cc9690422b130bdc32fab5585110ffb75c09705e5a00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c53066ef99c4dca3e4d7f3e6cf5b0cd1

SHA1
f26cdb59ae4d565eeae84e627ab9f463529f3139

SHA256
cbd887bf3e2f26bd51f74974976cebe94a886f88474581022d96c595527659e1

SHA512
e8fbbba0bc16b6d24cdff340a215f1be738fc950d176d00a702b6c9ed1e3c4f6f31f1656de1192fc95d747261b9af52b5ccee9f0a3c724f51f1544da2b5a9304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89724071819d8ea2710d0676d5cfc7e5

SHA1
14ec7a724942901ff27e5226cca844c281939564

SHA256
5e340585344ed53d92e1068e6de6ce02a1a040c4fab9562a4def703e1b39ad7a

SHA512
383fb6e9e01d419f753703fe9871f0f13bc2ac899b6863328e43374dd313293767496467462059ae2872a391efd19f6110e8542435f27701ec8e64c23259a581

Download Submit
memory/1704-92-0x0000000074E60000-0x0000000074F19000-memory.dmp

Filesize
740KB

Download
memory/1704-93-0x0000000002BE0000-0x0000000002BE3000-memory.dmp

Filesize
12KB

Download
memory/1704-0-0x0000000074E60000-0x0000000074F19000-memory.dmp

Filesize
740KB

Download
memory/1704-1-0x0000000002BE0000-0x0000000002BE3000-memory.dmp

Filesize
12KB

Download