d82498e0af4657eb9b50aa143d737843b1d498804da9d309ba4167ac5cd14b09

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b116c13c87186eb8f0c4e6ca1092e101_JaffaCakes118.exe
Size

644KB
MD5

b116c13c87186eb8f0c4e6ca1092e101
SHA1

c4c51f64fb439d41afff5b50b61a64b3fefcb5c1
SHA256

d82498e0af4657eb9b50aa143d737843b1d498804da9d309ba4167ac5cd14b09
SHA512

7a0569fb5fa2b820507ca70ddcc2aa24f49354bd4f8c182cb25d8718a3498a0bcb5e2e18b2608b359f58556e861f1006288acc3a338f094a6094210a118a48e5
SSDEEP

12288:e5TbKPtqJudx1+Bsgth0L27/PqrI3EWPUsSMPXsW:6/eqJi+BhPiqqrufPUJMPXJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b116c13c87186eb8f0c4e6ca1092e101_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
4268	msedge.exe
4268	msedge.exe
5416	identity_helper.exe
5416	identity_helper.exe
5280	msedge.exe
5280	msedge.exe
5280	msedge.exe
5280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 4268	3008	b116c13c87186eb8f0c4e6ca1092e101_JaffaCakes118.exe	86
PID 3008 wrote to memory of 4268	3008	b116c13c87186eb8f0c4e6ca1092e101_JaffaCakes118.exe	86
PID 4268 wrote to memory of 4564	4268	msedge.exe	87
PID 4268 wrote to memory of 4564	4268	msedge.exe	87
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 2408	4268	msedge.exe	89
PID 4268 wrote to memory of 3108	4268	msedge.exe	90
PID 4268 wrote to memory of 3108	4268	msedge.exe	90
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91
PID 4268 wrote to memory of 3600	4268	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\b116c13c87186eb8f0c4e6ca1092e101_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b116c13c87186eb8f0c4e6ca1092e101_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://video.globo.com/Videos/Player/Noticias/0,,GIM1298814-7823-CASO+BRUNO+HOMEM+QUE+DENUNCIOU+O+PROPRIO+SOBRINHO+AGORA+VIVE+COM+MEDO,00.html/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3ab646f8,0x7ffd3ab64708,0x7ffd3ab64718
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:2136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:2004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5752 /prefetch:8
    3⤵
    PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:8
    3⤵
    PID:5172
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
    3⤵
    PID:5444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
    3⤵
    PID:5424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
    3⤵
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1286915146278265954,7893582134582538367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x458
1⤵
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
db62dca018f900b39a2633de87b78cab

SHA1
630c49683f1ea4090dbbe2ef9e08cdfa05a84997

SHA256
3d676958cacef93766527633744321818f4170bc636b1ae6ec560e760d5892f1

SHA512
16b138a71263679864391c35b8dc98ef8508e26b2ff6fe09cf01eff7b316ba822b85a70c57d13660cf5cb20d5f320c07bf93f78f3dc4e14aff1b1d68fc486640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
6b9406f5341bf2fdbec69c263945d3d1

SHA1
0e4b2325c2be76a24ba877ba6ad3ac163eaaa28b

SHA256
18268a23b89980de7136347df1c187a38813142d278c64f37ceefeddda01d926

SHA512
105f8318710a2e426fc1768d7885ab2edb87926bba3e531f028aed80dde91ca15e01559f84d1abb21aa78278305f115b747a8c69251785c9e1efa37ceb279b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5672c303a6a1b9c9269e544bf347b5f

SHA1
45b38e1318822ab2603ed3403d7461249c349a53

SHA256
aa3542384f05cb2efb40411a0cc51fde4aed99a7af566a5cf8d61a69f2e5d85a

SHA512
bdc26ab3240399c6d7cee5733b83a6045ca3bbb8c916f36c10dccc76015faf7c00054290ef1692318534dff2f51d8dcd53d69a348a4a9e392217b4ea7b07611d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
32f3dfed03c017f89a90b981a229dde0

SHA1
f3fedd51ad6e537afa3d9f1327d42671057d3b17

SHA256
8817879828fb809ae29daeabc83c46366f113b6e1f0b4ec1d0c96b3a6b4df57e

SHA512
35282698282598adfca0096bf24a380d2c958da03b5a9cbb218b0d0d0c56b194a13855fe430ff30f17b55c7a44006b555b5203a974801f54846bc4fc864fe516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
32818e4a7ca315994023caedfacaa0ce

SHA1
8f091e6b60be1190f39875c0391c3e32432df2dd

SHA256
a1e0e9d202184f0ad8eb9aec29861385c643f6e09374090326465675f4c1f6dc

SHA512
13ac284b222cf35129017418cd70591a6faaab376e86496a9abbd6d5012b8264b40e1960c2bd7c359dac2cd6f0fa338db371fb496eb3920c7eef1a404e5cb73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9f6d1de4a35ab795564fa750d197d45883b48cb7\2c7f2332-6588-47f9-9b78-e3e248328feb\index-dir\temp-index

Filesize
744B

MD5
37d63d0a2a43a5c6bea1b4c830f60c18

SHA1
e410e404f338a3e8d1d2d2e1c443a4cd52dddcb3

SHA256
a0ede4acd2e29aaee5f7a844b05378bf1b94cae759da6c84f5dda0a863c9df76

SHA512
ecb66a6bba09f2dab096ba9ee4a224a8eb23ae2cbe3d2a17bb3d706b0721bcd7ec31ce5c9e1f886897b604eafd3a12e8149ade8feae36f60ea41f583edc3fdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9f6d1de4a35ab795564fa750d197d45883b48cb7\2c7f2332-6588-47f9-9b78-e3e248328feb\index-dir\the-real-index~RFe583c29.TMP

Filesize
48B

MD5
31d6381156f4169707bb5fd1cd4a243a

SHA1
7d73024fb62f75010b32dd74c5d6297b357b6884

SHA256
bb6470b034d3ab9899d82bb712d3cd6482ea9233eb3169d20c4ecc78b72372ec

SHA512
d4987bcd197ce4fb620ada656a9011bb435e54e02af61541dec119a57ee13034d121459e15af50fe6960e5350931e99d5d63d899b35dd4c7e2b4cf1857e4a111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9f6d1de4a35ab795564fa750d197d45883b48cb7\index.txt

Filesize
133B

MD5
df83f062afe180412c34eec446ad4d99

SHA1
0a80516b953781d99fa9e6fb82d136d98308deb9

SHA256
3a555bfd94c06cb447d40b0e43b627df6ff4fd56a8be3365ffb1cdbb8fc3c025

SHA512
df77129703199f0e9b51b1641e74c0161f3297ff42abbc3fad6a43a3f990ac83da8fe79accab15b72df8623d6deaba2fbcbdb7b1a0e9ae0a2cee5f6f30871203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9f6d1de4a35ab795564fa750d197d45883b48cb7\index.txt

Filesize
129B

MD5
d9ad13b4cdcf0bd854ba3a34fd69d919

SHA1
e6fa9adc33d8eba58244a916239fc446d0065794

SHA256
5a97d118d1150b6247b69a046024544d31393de4c7549f7ce438f0d344002c93

SHA512
6b26b5003458754e0c1b125d255a3bb78752f39bdd5c69e5a796d775ee61b902900175fb12ed1a5e7aa3d37cc3f9b058806ac7cf3cb3f0702fa8550f54ff70c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
8ef968a083ad0a902da361a613220609

SHA1
176888c079e5a00c8a8913468640b23f4688745c

SHA256
5ad99a7f14a49257162388746eaf31c768886021e860c6c310f997754fd3a1c7

SHA512
e491d1d2d83284f578ff30e871af9114d1728c29de6981a33560939437d01aa007fbd4f60b6f47e856d60ea644b02eaf7374b73ece18b1bef9f6900bb7dfe4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582a47.TMP

Filesize
48B

MD5
bd27e33430f16912526193e598fab77b

SHA1
4399752ea678b341feac47100126165bb4259c85

SHA256
1d9e78697ccf0c03d32c2aca1a3d2c12964d90225bbfb3315329de17d47b6d7e

SHA512
75603b753a47b1a9d54f0fead3cf222ae3bd6af02a57909e67228defb7f8f4d2774a5ee399aa9156bcfbc0dca00c9bb6ace424830384310692868a2b7a7f2108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
38a275cbc9c7db23f1a8dda6e90061c6

SHA1
8fddeea5ba84667f5f1c1e8f92ee2fc557d016d1

SHA256
e0bcda8bf08ced8c6f30df7df3cd8161988ab9b5e2e49e26651ffc92d5654868

SHA512
0a962160c626ed3a9b22c91658f23b10523bad741dcae8ca73b731807bf473684a45f3aba030bcdbfe8568198822e6e2d2aa4475d4c4cd36cf6913a0c051f636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b46d9a6fe28219bac920a2fa0b364dec

SHA1
7a6fe8de0074332ef2dff6d5c70a5c96ed91cdeb

SHA256
c52fd85be7a54c0cca3a302f528ba7a1c7822225a0180a6bde5d7e04669938e0

SHA512
826d0225f6d4150957a9cfd259d538d56099991a9658b762924ae95d29559b310d2aea8fc708a535fb33ea2df2b71441cd2b58314da4d0b3fb6f0386aadcb7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d8735433a3369f06734f2d2be7728f0b

SHA1
4478c9fb8a2cf7536945e2e51192da1cf4bd9da9

SHA256
60a281cea290af86f84c8a84f6268775225a895a52e37b4f4ebb1205e1f8694f

SHA512
6db4faa67ebcda73844d2c75a43f3fdbfda587f7e774cf7386ba6b16510b2fa51ad453a920a8ffd0e3efc0fba64ed12515368a5a8fa38de5d3656301da9c30c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7b8a2e4cf48ab045660dbf23e39c0262

SHA1
31b7afcdccb5c0a69c4933c17a886c1badbb9e31

SHA256
8b3f75b8315af42afdc6ab1259db956e07461013e67e562a8196c8cc201b25ea

SHA512
667619a99c1e226d144b21c349fbd8632bad0862970410fd13295338516d62fafe26ba94a8598de682d61ec6150781d25ac69b85fe27cd2e20416475d7857182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f65877c5146ee67bfec4722650479c98

SHA1
653b417abcfd7465e801d855aa265dc12168ac6f

SHA256
358c08dd43dd270d58930acf5a87102ec69f20db6e241ad8b24a105c2f8ef99d

SHA512
bd886b6b81a2534bd3257f56aaca5df152f8ec69b3d73c97b49f0f9fcd0851a50192712b1ddd7f07a8187a44bc06611a2e536e3172acde650c662ebf218d8ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9f61ea60234233bd034ce5c3af8b4234

SHA1
6710af38249cd18ab061e3ff1a2cab7ee928390d

SHA256
2edc27c41658a7229c849f06ab991d49f479400eff3b2c964dbc125af6e9e186

SHA512
ec5f12e30fa2c77f4972edfc0b31c0442e0652bf8145117331b99d54706c015dea724a473de8df3173e60373e1eb9a32be1a4c854f01c3c09100b6f3d8ede26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ce83c334af1d84acae0ad6485eb45c06

SHA1
809a6c8a9f3f39372629027954ce22b58aeb46fa

SHA256
0cf31fb75fe8d2778cc0839e9da947f78f0c6e94f3b5ae6807d481fbc44fcb7e

SHA512
2b8b99974f9bb19e29eaafbd6b5f0ad765c1d02006c4150361b186ffebbe9ead1a632ff5c4a80296f4356b84c06d08309667ab97aac719352c96a03654cf1e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3dd4771c44fb714e731bc88010920b68

SHA1
e9a3719fc7ceaf41882d88a8c66fc11daac0e76b

SHA256
fc5722adb957acfc1f9b243210865fcd1951ce239d7ad27ab92406d32d907fd8

SHA512
a455234191bfe55ee9a1e7257f16f75b7c8a782f467850d0dd476717d95110012a44cb5f21842fe95f7a177e84b1169ed850a73901cfa6bdd2dbe8f81f3e87a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58150a.TMP

Filesize
3KB

MD5
2503231d161794e43e05581bdd51d0f1

SHA1
d6ae78d3dc8426870d5792bb3ab03dbdf1180516

SHA256
fa42db7217ff75857fcf2accb62f4c0fe728d3cd969b124c2958f7d1f48a1fe5

SHA512
f6df920bf256234ebf3763fd588433ac95e154d5ba5102227963e492c6bcb267f371a611794fcda225ce878b8295f38bc51881f46967c7d75837871f41bcad8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4add805d943e6af0999f66013b3be676

SHA1
4973f645c57ae4847a5a6ca59b2ad88f1c20251e

SHA256
54ce106e7be71a8b6d95823d24ea9f130bddab6fbb1d59bb53da05d07e863fba

SHA512
6344d055a760d9eef0ef0fd0ee1e9e6c31b82c94e38f10fd8e5d873803fac4f6887a3024c5134b5f999ea80b2d103f549f46d5a18c079d9b1ae65ea4e62605b0

Download Submit
memory/3008-0-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/3008-391-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/3008-173-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/3008-172-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download