0244faf7eb47d633501d7cd38e655a30fe9b9968cc564dfe97beffe7457ff7d5

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1d04cb7f024937645ac1859c51aa7a5_JaffaCakes118.exe
Size

379KB
MD5

a1d04cb7f024937645ac1859c51aa7a5
SHA1

82fd4d31dd0eef58a5aa4fd0625de2f23b4046d2
SHA256

0244faf7eb47d633501d7cd38e655a30fe9b9968cc564dfe97beffe7457ff7d5
SHA512

1c139b9bef5c6bad2303a674470b35f9004fee69121dfb3adbf879f65b1150b249729dc84bd65119426d76682dd5bfec242dbbd9f728d29fde50724b2383a75a
SSDEEP

6144:IWBtQYoVU9ypRgmlCjBsY6/C1ZlV2VRc7EchvEsYd/O8G2X8F42I1bARl7:lBuFVU9y3RY6/C5V2Ve7Ec5gmn2XSfQs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1d04cb7f024937645ac1859c51aa7a5_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
2044	msedge.exe
2044	msedge.exe
2332	identity_helper.exe
2332	identity_helper.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 2044	448	a1d04cb7f024937645ac1859c51aa7a5_JaffaCakes118.exe	85
PID 448 wrote to memory of 2044	448	a1d04cb7f024937645ac1859c51aa7a5_JaffaCakes118.exe	85
PID 2044 wrote to memory of 2708	2044	msedge.exe	86
PID 2044 wrote to memory of 2708	2044	msedge.exe	86
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 4808	2044	msedge.exe	87
PID 2044 wrote to memory of 3060	2044	msedge.exe	88
PID 2044 wrote to memory of 3060	2044	msedge.exe	88
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89
PID 2044 wrote to memory of 1484	2044	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\a1d04cb7f024937645ac1859c51aa7a5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a1d04cb7f024937645ac1859c51aa7a5_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://globo.com.br/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9749946f8,0x7ff974994708,0x7ff974994718
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
    3⤵
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:3468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
    3⤵
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4036 /prefetch:8
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:1124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:3284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10339890660220031638,12668641263944760806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x1f8
1⤵
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
39KB

MD5
5061518f6f362816c323c21019788db2

SHA1
a8ed5a5b1c3e6c7342f20b0549c9abf044e3648a

SHA256
210870481a933ee9f0d445758a10d7ab58d94a3b231f99a757db2e858b2f9116

SHA512
20c6498fdd3efcb19e00977f48d80c89f014c9998887927fe1c38e0702751c3f01addd23dfced5ad726cc68eab6d6a44d2fd74fb17dbeb1b6b2636bcba0ef7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bbb6923ae4650133975a7ad977335ff0

SHA1
9d16ca22b7abd747578c8da500dc24ad83a8115e

SHA256
5c44f3908fec19ec947cf13363e7c7eae43a10b161219ff51ce56a9828921453

SHA512
303732841125c616071f214e437b2933c669754cee19e155d1901036ca079acebf385a186fcc4d24e689666c2f47981c65f7fcf869c2b6a243625b7da6213dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
2bef42671012a7fc994abbdb3d0d8ed5

SHA1
6ffcb5156d4343a7dc13ed1b0879dab5c5a741cb

SHA256
ab09d34c5a1c62c44d92021bf46ef6303eec696f61dab2695eee110d235c53b9

SHA512
cb3e319d6ab37862d91324563b616944e9abe18129ad58458a1fff25027b48a5279677c3a4e8dcd647483203128f6ca3dade599aa7f564c9d4cb880dceef42c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f4f82d51cb6f8cbb1ceae79b1571d54e

SHA1
e20d7dc4d5035b885250609a92753d8122d9034b

SHA256
16faa96c123563596b542b5ad7b46903936584484b9e806b0d019358e50bca61

SHA512
1a645d4f6488e26869f73ab84e14736d4c9fbdffed103b07ec77910e9119fc2b5babb4a635b61d667604a87d040cdf7f04ae215b4f10d32ed3cc59530b6f8787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
50d800fd1f2c33bac8074a661c5ba7c6

SHA1
66be869e70f29825cddbbc0084fee06eb9a327e0

SHA256
1665aa7cc28b3889a23a70e5b1cdc4dcc18aad640746f2f89b811434796a4893

SHA512
c15a2c6236910d73584b29cfe415221947a0e1b93235ee4dc606b011be49085aca5777d981314d16241187ea24e7b55d4622c336a9f8feaed370838b0fd06125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
310577f25ff9ca604a3858cf8d116a5d

SHA1
c1fcc28abe881f278323ec054d0d18a46a3c8bda

SHA256
962e06ac7c29495f5a896b32d3170426d88489411e84256ba5929fda6b52039f

SHA512
59705727e371c5b8e1ef1835a538edb2dc307f3c8b6e9e03059b7939f597ac4fb7b6bf2037b41ddbbb520664b37d237939c7bd067f41cf6d46d6c72bc62aafd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dd3360b911d156048e64a1cf2438b905

SHA1
03972f9bd120e773d41c1859782b8491578fa285

SHA256
38ff9d170c1c56da9fa90471806b9c0a833dc06b16e621e00f16e4e521c5f583

SHA512
2408ecb46a670755e3526029c952711e67abdaab12c01c332b90097d18267115b9c2bad50d9b6447bc565134dcc66f28f6888dc0ca069ea613a44bbb1b91e625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ce30cb7b5076afeed4b39b5314caf9d53311524f\fd5a504e-781d-400a-a2ef-0fe9657b47b5\index-dir\the-real-index

Filesize
192B

MD5
6f3ac15b9d14ba83e94b5bb9688cfbec

SHA1
20ac500b6e02e96c8f12efbd2cbf146313d0cf7f

SHA256
42afcc3c2dacf06d075a6b46127abbfe2034fa4a8aa9927e2e6693a616ef2866

SHA512
c2bb5907b4b6d82d76bf8b0447fac705d65a0a3a8d44b4cb02665b8eca5f82cb85defdf6b43918a923270ac50f2ae0e1b45cbcf56edf56922ffd2228ff4f853c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ce30cb7b5076afeed4b39b5314caf9d53311524f\fd5a504e-781d-400a-a2ef-0fe9657b47b5\index-dir\the-real-index~RFe58002a.TMP

Filesize
48B

MD5
f0d56a7ece10f572edf13765703984d1

SHA1
1d2b7365383714880a4d85bc5bcba5299c5c8ef7

SHA256
d7a391cb73967a4a5959dbc060974715ac19c4a928ffafa2da265f182ad7c06d

SHA512
b35033632b9a2caa1e5b74bac950fd870aa7e21dc0daa7070552d96069aa43de9e718788c42055423b9915394651efbcf3a9d37febb0a3bb0cc7590edfd93972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ce30cb7b5076afeed4b39b5314caf9d53311524f\index.txt

Filesize
116B

MD5
e4179f30fba1265ebbfac16763700db2

SHA1
4eb7d40e286a291429bb22399d5e081d5a225d5e

SHA256
86830bbbe12e70f3a34ee248463490680bc34734e9e9ccde9623f84bca634532

SHA512
e172f2799dd8bd0513cf0447cd01d81c06678fdaa0bfff50ca601d49baee8f082e7d0a968f1dd1d317c6a6e72a34985849331ddfec79528b9734ae376f35f1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ce30cb7b5076afeed4b39b5314caf9d53311524f\index.txt~RFe580059.TMP

Filesize
121B

MD5
362982c493af249fefdc4b595860d34c

SHA1
1667b505c6e79968064f6f20820e61ad31f766da

SHA256
7dbb4541d6a87395cb71b1a14bf12a96e13f28cf9279ef680f9170ec4818b11d

SHA512
fd1cc32669474bccbb4e67d595227ccb3e6afdd9f9b58fcb9033a617b6f1bd6c8e73699a179510a49df32d18f39fc8aa9687089d2294aff9f03d4a30884b015f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
9d16bba1d6ff56695ba3085ffe9cce05

SHA1
9f81f046803cb3b8a043b813eb2d0b53083c16d2

SHA256
d0a79413da035995a76c8547669e0bf542cdd1658d31a143fb6cb98e30e0c959

SHA512
e47d14601115176a45bb51ba98020c446ba28b7052a5df8bf20af35e53b6707d2a25307ca9b796a0278d7204061e97bb85bbb82a82369b64effcf00c0c38c79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fa7d.TMP

Filesize
48B

MD5
82eb0384af1373e6cdbf06175980e592

SHA1
87ad1d72975fe5e09bc76fdb548f4c1bb0d346fc

SHA256
59aeeb065376c65d5ddc44f8c454dc789ac70aef5d616a9f8da1a80785312afe

SHA512
83129ef8ba623f05d73d5824b1b68775bdbedade298bfba96057afc13334094061ca4457d00969bde47210765e61ebb4b3e5eeee9ed45a9cd1b16bc137ee3c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba943359d92021149a08d181408eeb13

SHA1
6af5ff21213053552a6d04bf101c71ef32c7083b

SHA256
bf9bf74d5d229dbd9a3c7a49098a26bf9908d385a05f2bf7e53b48e083e3de4e

SHA512
753071039debc511defe43fd0d59e112c54206ef67b4b009d518f380ebd73b117d091e7e276f5139742919c495ac20d2eb2c0ff33404d4ee4757f1b4d9fab24f

Download Submit
memory/448-0-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/448-18-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download