6b98545b30d9aff3ef7522f3db462b4e2f3eab1a5647cedd94885a18c49f222b

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 16:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

684d793153803de1146802b53c02da03_JaffaCakes118.exe
Size

16KB
MD5

684d793153803de1146802b53c02da03
SHA1

478abfd9da8f10340f4a4705f81802bbc64a31df
SHA256

6b98545b30d9aff3ef7522f3db462b4e2f3eab1a5647cedd94885a18c49f222b
SHA512

1f5d5e5fc18668a550629a2cf9798795af49dcab60c1693c9ecc16c0feeb9b9ba053c600b42addc967f76639be0ae66723b28afb13e2de2acf58da287df14118
SSDEEP

192:nYAs61A/0LiQxqfKD6VkagfWhiQ7SMrZEl96Sd/T6j7iAVeQRCQjcWYD/YJ:Wx0iQxqslQmj9b/T6TVeJAzYDA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	684d793153803de1146802b53c02da03_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
4436	msedge.exe
4436	msedge.exe
3276	identity_helper.exe
3276	identity_helper.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	32	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	32	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 4436	1508	684d793153803de1146802b53c02da03_JaffaCakes118.exe	85
PID 1508 wrote to memory of 4436	1508	684d793153803de1146802b53c02da03_JaffaCakes118.exe	85
PID 4436 wrote to memory of 396	4436	msedge.exe	86
PID 4436 wrote to memory of 396	4436	msedge.exe	86
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 4204	4436	msedge.exe	87
PID 4436 wrote to memory of 2100	4436	msedge.exe	88
PID 4436 wrote to memory of 2100	4436	msedge.exe	88
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89
PID 4436 wrote to memory of 3160	4436	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\684d793153803de1146802b53c02da03_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\684d793153803de1146802b53c02da03_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4da246f8,0x7ffe4da24708,0x7ffe4da24718
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
    3⤵
    PID:4204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3624 /prefetch:8
    3⤵
    PID:116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 /prefetch:8
    3⤵
    PID:780
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
    3⤵
    PID:1488
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
    3⤵
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17472291028708100642,18281716785037150984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:32

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
8e3419ad36607c33ead54a1d407e7d73

SHA1
33830a156ece879aed10bb81d7cd5a2b95b5dbab

SHA256
14d3f90137ed0dce6f8d1206019880bf37428f348de962deb010a6f4b8fee6f2

SHA512
3c03f8c7439aad6b3aefb5a3716fb295f56f4698958374e9dd4feb84c0050a2ff0ff658cf36051b65d4887ac297f597ea8967ba679b567d3f5afaa2029515cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
280169c879e208608b8ac22a0559ae79

SHA1
0e32a161fa0e950f70cc08cd5dd85c9a9e7d7702

SHA256
c2092920d7980aab585251fb02d4ef200e402e25d6f2afb9bfd46af47d0c61a0

SHA512
4d97e4f04f5ee3c83f3eaa657312a0df5e3500ad16f3c943ad72f83350c37e732a375a792ea8cda15da113cfc79485c08cebe106f0b44c94aaa51690425524ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d40c5e1e66fad4f9473750002f889b3c

SHA1
9e0c78940af19cdcf1b6b80eeb29db1edcf9c06c

SHA256
a8603b7af4f0c005e1ffd79fc91fb5a04e0488a060a9cd0f47672b70af3ea34e

SHA512
6b41ae5594b5dd4cfe12384c21ba6d92a7b3a9bdc3ccc98831e746b63bf1be1430e4717e875d9afd6bea9ea8c67543d1788b675163883f51d8463e0dd5183209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0cbc4c482ec69db89ae51e6653130bdd

SHA1
4901d823cb18b0e88a11cfabc861b61e56f330b9

SHA256
0d6d7eebcf37b6dab67e89b1dfd54625963b3dcd1d0813ce1d0d4ff71d0dd11d

SHA512
5304853bf7c276cde64ed28796e7d3570358e7d2fa78ea5ca2ade0b5bb4064c4e1be9e984c99e80c5e0f46b7ea76018842d5833ee3149752e69878b2898faf19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15ad5ba9b76919e33f59ac9c5d6579a6

SHA1
a9972409fd6a5763e94627dd7094317561ce61d9

SHA256
a607eb2f7217a290d09fa7f2dbf06bf55a0b60efcddc5d87b2c5df3fdde55b01

SHA512
3bd048417e8e93539b496ae00b23bc2150902fffefc0c3d45de5364f5e9af96fe1d4cf0ece7339f1e7440559b3e2b8dcc6f1e8e072c9487cb7877d18d3700694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b812a99f-ba40-4cd8-bb1e-6b2526586f53\index-dir\the-real-index

Filesize
2KB

MD5
2713fb6ad35542d3d0d8053ca8fcab62

SHA1
7b1937c79e63c928f118ea1cc19ca33e73c6e904

SHA256
49760e31b5e7ea2824a6ebcbef1eac0115d1088a6d9673fced7a20e94a724486

SHA512
e26fbe81762b0665a482be32f61e5bfedbf63d4878272892fa5e3e16a848102110b6b4bda09122ddf5bef6e22a7b46aca54647e7d45e57ccbdf92b9b983e6895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b812a99f-ba40-4cd8-bb1e-6b2526586f53\index-dir\the-real-index~RFe582cf7.TMP

Filesize
48B

MD5
f08ceda0c1e14a9625b716ba91007ba3

SHA1
2fa0a7a272d26a872e55f1f0789e81abf4008af8

SHA256
230304bb981020eb398fd79fcbcc9a30539a8577332d09c2549294e839e00d47

SHA512
81567bdd4281a7a25ea2356b580db2962b0fc95d045c27e5293839e2c848d8f9a00f8d109db31c41835b449479d5e769bed3a770d9cc7c8b2f2c45d753114afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e31753d07f09c4b617a50bd3b952b611

SHA1
6347178b238b95c732139a9f41875efd1587d125

SHA256
db3654530ff1266b3d53fceb514bb8db647c07173566a5d055f3a9d2b73609ce

SHA512
61e27be7835dbd9e8fb1cbdc7a25713581f58de5592ba4f6db852f360d81237ec16d8da20a04fd93d6ace068f8d436fec35eb259a4b8f334d2ae69543a9b3d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3c09cf3d4252f5aed56f25419abe9a83

SHA1
1dd365abaa5b4401f98ac0c18617ad8a0f6ec7d6

SHA256
8178c5a20314caa289959b1ba1d6bf16cd311cd0d803cd99008296f6399465d5

SHA512
3bc57ad5767b87af452b4a383b3a1188ef9c08df42f07af1a9db653924c33a3a8a6edf80294afcf3d6aacdd2c76d8d1ae1285fddca2139ee4af238e2ac906cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
277c2783e02bcd84f7c01d7f920159a5

SHA1
d6866d35b08e8d9b989d4b5340a04b9de81993ce

SHA256
8c757739633aa4c195d9c3c5b730408d320f1a4e4af79087e9494a70dbaa1e38

SHA512
4a5a41074c203e40103160af5517f65fc2a21346f168ca213ca1f7b34b1841fe94e0e26eb9e3bc056c492c4d6e21d84f10c4ba78e0573da8bc8cea90840762a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ff8cf485c6ec018a479f4db208716468

SHA1
f4317e1dc7add398076be27bbbb5a78d191e803f

SHA256
72c3f7ec2b786414958be543fb606eced534a5347b66e2dc1c5bef68782d917d

SHA512
d28e43dec109b63f797f2eca84856e8aa0476956ec35bbd99c1907291cb3eb60eacb6b8ba7a9f5d8877fccfc870bd0abbcb34e9c5f1e09c274ef8150ee2840c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e9cc1d42204d6e8da5da79ac3fe2703a

SHA1
a694b2827c8870adf899459ee5fa9362ec6384c6

SHA256
3eff11184b206362d394d64294b2adc15be4f29b3c781c11a55de70d13ff53d3

SHA512
5a22d602bed7db38a1c86424cfb9dc73440f54f9cb333eb95725386a866167255803694d01076e206b1d1eb9f2e7e638e441cbe8dd14e839d176f7655e50991f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58273a.TMP

Filesize
48B

MD5
3892cc0c150a6593e77e4c0cc053bcd6

SHA1
80ca50dfb15eb7a045de87ed104313ad1526c95c

SHA256
c6a8f7a81aec6e59992c77b74f43129e341ab981c19b2b8b4f5ef5789f357da7

SHA512
7322c81c6a7d4bb5a54078716bed8cbb35f0e73b7c808d060ac5592ebf396863e57aa07f7557342e71afdcbaf5e14ae9b240ae36f8f302254e6031b927c27c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e17ec8f562eff157b9a96e395bbef07

SHA1
26435bf2ac1e6baa47655efad238ef929329a63d

SHA256
5a20a3b93e1bf71e23f757ed58517ef9ad18d70e71e151818df277e9c356a875

SHA512
64e650bd7917b616fd7ae37f79626c16ed64f63accf4c473ee2207270e0d6700527803262aeaee5466c5e6429c7f8af71c3fef4687727a328fe3d72f9e8872e6

Download Submit
memory/1508-37-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download