686a43dc557535bf0359b4639ab167322e37a7800b6e349aff82528a707dccc8

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 22:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7170c15f1ea2fd3fff0a8a43d6f9f76b_JaffaCakes118.exe
Size

72KB
MD5

7170c15f1ea2fd3fff0a8a43d6f9f76b
SHA1

fd8eef74dba138871f13576abcbea56053d1ecd9
SHA256

686a43dc557535bf0359b4639ab167322e37a7800b6e349aff82528a707dccc8
SHA512

074eee82570297d0ddec179cd8b881df0d656bc5465b5f1e4f55b5b64e826214bc95d2d6077a966ae92ee4e28423f2c2bada3c7dd300a1e4600d86964aebee81
SSDEEP

1536:fc9ZqVQjN4U2VEp6F11p8IQJxHTUCUo1oog/cNqicfS0Ux:fzosVwq1q4soGYfSnx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7170c15f1ea2fd3fff0a8a43d6f9f76b_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
1900	msedge.exe
1900	msedge.exe
892	identity_helper.exe
892	identity_helper.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3620	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 1900	1172	7170c15f1ea2fd3fff0a8a43d6f9f76b_JaffaCakes118.exe	85
PID 1172 wrote to memory of 1900	1172	7170c15f1ea2fd3fff0a8a43d6f9f76b_JaffaCakes118.exe	85
PID 1900 wrote to memory of 3752	1900	msedge.exe	86
PID 1900 wrote to memory of 3752	1900	msedge.exe	86
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 2584	1900	msedge.exe	88
PID 1900 wrote to memory of 3888	1900	msedge.exe	89
PID 1900 wrote to memory of 3888	1900	msedge.exe	89
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90
PID 1900 wrote to memory of 3064	1900	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\7170c15f1ea2fd3fff0a8a43d6f9f76b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7170c15f1ea2fd3fff0a8a43d6f9f76b_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://br.youtube.com/watch?v=FwLcV7KTpwI
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a68146f8,0x7ff8a6814708,0x7ff8a6814718
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
    3⤵
    PID:2584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
    3⤵
    PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:5048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4116 /prefetch:8
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
    3⤵
    PID:3436
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12865350752300723119,4943557712872250587,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
05f78f42f581d697960263c1a888830e

SHA1
3e17e4887d89ab3e75f53020377226c1a5b6b423

SHA256
5245d902644ff0b33140a47074cbb5773e79685746abe8a591af71ab8475419a

SHA512
7b26270f54a2505772a25d6efebf7521fbbf7553d9e01d3230f2f39bbe1f310bf924d080d5fc9bf7f42109a5cd5d2bd22ccb81a2a9b7b7dac81fe93330982031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ae0d9743e52e321af25290e1cded2926

SHA1
eb34ad9f06358b29d806144448c78ca1afc15d1a

SHA256
2be401f9db6efb582d3d3c5ba9fb0fc93935c87569aeb557e87707b6c0161e85

SHA512
869bd49e858786414dd9692372a087deeda02513d0ca195d3716f3a1b1cd9db5a79b9f8d1ddfd31ee50eaf05329a8ec955ac86f00257b5b94f0cfc29da07407b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0d3d56273030c65417d2bb5d3c7112c3

SHA1
be18545cded4b448b4aaa16cb687708e034e2d04

SHA256
2c16c08552ecb30e6b2808a30bc502b978eae28b3ceb1b9e44bc74c7f0f4a205

SHA512
64aa63012dd6d277344a03cd01ff291ba821f49566159c44c403491bcb9b580cfb571ee38583fed9b5890ec51ed5fb60e64d0d4ef96b61b078b08b7195d547b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f480a7300cbbad70783177c2d56ea891

SHA1
c11efe280bea999aa57be678a74afacff707aca7

SHA256
dca2267b4e88d486013255760442bb529efbe9b01c91678bd6445d0d1ccfb4bd

SHA512
f9fffa206a259c01adafdd67b507a9a6171733a1c5072ec6a5724486fb03d0f29bdaa900c5b7ccc4d2568543440f35d850784d8dc5ed8eb6c01b8d8d4b1bbaec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2c9ce1b819cb1013b7b4d3a5c9faab6

SHA1
b1ead3a4a698a538221485286a4972b3efaf8efd

SHA256
63e68744f2d4523fddab995e3efe1fe8771406e65b3b79352a5e3393f8515bf9

SHA512
a4cf44c64dedcc67fa7e546ee6275f72a52f5accab00e07251bbd288ed40db28c39558912cba1349aa6aa801e376836d2c2198eff8c72e9882b0b90444ece9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3da52ec9-000f-4bb0-854d-b106749c9991\index-dir\the-real-index

Filesize
2KB

MD5
f502c4213e65c41c350e8786bca2bcd3

SHA1
902be58883810f53bfb521fc03d6c9b023103873

SHA256
e5d2cb609da44bac284dd2b114222b0e622ab7518c852be33f2c44b9c41ec263

SHA512
f2d8105a2afc6d4f33c4cbeb7bf43eef034d80e138d48b81a5e704d7834b0ae3d068b05ea0150014fd2bea1a4993cc8a547bd6fc9d7301732194819bf8fea774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3da52ec9-000f-4bb0-854d-b106749c9991\index-dir\the-real-index~RFe57f7be.TMP

Filesize
48B

MD5
923a888f2eabc2e4b8d31cd9fa6980eb

SHA1
d64b6577a6fc852ed4788867e39fe7c4ed003214

SHA256
6380e150a3ecd8c254c227a27382082e987b8ae9e003820d513eb94ac705d732

SHA512
56a6f0f8781a1a7a64100247fd7a44bd88b0cc791c1fa7a8faa5708dcde2b6be10459ec31d3d50ec50a22d5d91dbe560a0e7557378ee0f2c980e9cca0ac55fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2dc8cd82c4ad62c0faee03a557147c04

SHA1
09cc831c84064a848f2cd329fda54a696d4adbb3

SHA256
b3e7c5acd00d8f546b32484bb40a504b8390f06789baaa0d8c87255c3c89b0e2

SHA512
9e3ed31ed076316656b942f109e33fe46a5dd64fe73091fff5e173633ac3810bfa87d7ceaa4f5b10ba1670ef0bbbd58f54a916823a8c6bebd05bce1eb0ce4e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
819f840e2449a838aaa9ebb33f94e346

SHA1
964c334cb5ca46e5bb273f404cb2deff04536ad6

SHA256
e138153c7b07aa5f9ee91041fe42daf663fb9f9eb7b5a37f924a16f46ee67381

SHA512
1d5363b35ddf127a6034438f3f58eb8bf699243a94cf48d728088d0917920b60e931d1c62371adfc25c3e819771be8675a6b0ba32069dd24e08ef591157707f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
68876839ce6f630fbcd28b78336317cd

SHA1
6dc460fbd3a05ccc062bb857b7b2f66211d7426c

SHA256
86df3a4c5ff4cab3e4b7d50085b1246b4aa475574518efba9f3b7d41f93ef3cb

SHA512
d16af3fe3003a9d37648977ddd125ffad9db5fb96b3c0d780cd26af2cb27b1f39d682e3d2278c6de9bf804ff3aa6f7ace0a1b61d3ec0c2c60a2146bc71fde3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a180.TMP

Filesize
89B

MD5
70e27b97c586be5b021c96775ed007b1

SHA1
eff85d1a01661d726480f8fe2af1f5bb8fb0e056

SHA256
b7661f1d7f2dc4345c81cd3be10962ad86e8a04cef6a690d05cdc9e3529f16a1

SHA512
28c1fd461009bbba078a46b6a49b694f1a1058c843a8880168736833b9f24eb2c7d62f650c2528011edd0a400e9babdffec21f54c99196242b9a2d5a4b047dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
434d1c2845a681e8fd004e8417be2aaf

SHA1
4c98585e8482cfcfa0503dff77892538be9ef9a3

SHA256
83001b9a72ed15a0510617122e543461bac0c4f323530ca24d7a749768584dd9

SHA512
6a7d9e583cf2e1cd5c1aacaac8af9b59dbe19446c00e0a9593af7a85749053f4c6f9035b431323c9bab9823730877323d682e83b5c584b03cfdfc697e2f5f089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f0c8.TMP

Filesize
48B

MD5
6600494c1b00968969f4db918ba8ef90

SHA1
8ddc33fb472d61119f433764dfb70bce0b5c987b

SHA256
e8f9165ab61a9ea7e96441cbfbc2c7609edad2bc4cbd9602fa467f286d99cd97

SHA512
4805b090152d44d89b86d5159ac1f46c127ff812d208b042c7dbd893065b147312b03154f7629026067b96e20bf22486129b83b09099a2355410f0adee0de5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b1c59b05fd71d5f4e082ddca585ee2f

SHA1
27f2e1ae22d4c0966d9421b6bc80ee77bccd6092

SHA256
089c17a9f38a92aac999bbe88ad37f276044d4906720700132e3fd143eaa2748

SHA512
110e0111e2ad77f6e6e8e9dc01fe5271d2d07852ae0ee4240acdd58c0c16176979c6f1e2036ab64f3a61675ed726fbaba0415d9424100f8712e5d90ad773456a

Download Submit
memory/1172-38-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download