4155fbc8cb8459d3397729c25bcb6b15ec7b563264088150b5b8801b4b0e550c

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe
Size

176KB
MD5

f68eb59eafa160073dde400a0a8f3f5a
SHA1

62860f21fcb1b434b5905b712b99aa5506271130
SHA256

4155fbc8cb8459d3397729c25bcb6b15ec7b563264088150b5b8801b4b0e550c
SHA512

bd3f215ad81732d4205664094eb5b9a429518b007dfd88e95fc820e53da72113bff8772b9c1ce0dbd751b1d4de5cbf34b592d290c759a9c271090c22962e44f0
SSDEEP

3072:gPgsWY2pv14vYPZr7A1D1s4hboCUiUdv6R/W2THidfUQnLFmEZ/Z3pMhac90h:GgsWYwaAhr7S1s0pRUdv6Re2THidfU8+

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1960-0-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral2/memory/1960-46-0x0000000000400000-0x0000000000474000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\DSC00657.JPG	f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
1924	msedge.exe
1924	msedge.exe
2732	identity_helper.exe
2732	identity_helper.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1428	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1428	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1924	1960	f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe	85
PID 1960 wrote to memory of 1924	1960	f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe	85
PID 1924 wrote to memory of 4024	1924	msedge.exe	86
PID 1924 wrote to memory of 4024	1924	msedge.exe	86
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 1080	1924	msedge.exe	87
PID 1924 wrote to memory of 4184	1924	msedge.exe	88
PID 1924 wrote to memory of 4184	1924	msedge.exe	88
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89
PID 1924 wrote to memory of 912	1924	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=WliszZ-Yza0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcff3546f8,0x7ffcff354708,0x7ffcff354718
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:3040
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
    3⤵
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:4048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
    3⤵
    PID:3804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3764 /prefetch:8
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6604284844499491567,16167220877620518891,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2776 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2e6f589bc63583ce8858a87abd5e59a5

SHA1
addb108d0c56a5158fe97d360d86709c08c78e41

SHA256
173f8e6b9d144837bdb610928873a835ba8d6735d5cdcf6145753548005e91e6

SHA512
d2807fb1e39b3f9b27ba202692eb8eab36572dfe2a80c2bd9f9b413732d0509f12b1c0985ea916e7e113dbe74beeb2b45175dfa91ab84161163bb4173691a2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d4cad31adc328d466de6b3dbf7c056eb

SHA1
e753f8855fc9007a902003c463f547dd523a0bfb

SHA256
773f5132e838599c88f3c5e996af9dabf3cdbb4d0398302613b7a5dbd56596b3

SHA512
710c548e4fafeb6df46b8413d3773672ca4b53bd6d2c98878fce234a16e8cecb32186f3f6e22d5155cbea4049f2c67bc49627c7312fa1badacf565dda8e2a886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d37b020a2e093dd92d826bf4e8824012

SHA1
0afda53b20312d657c3ab13abf4a747df7bc43f3

SHA256
f5d937f069e14b01544ea87756c2b873d6565214f0536a51c46a2bb507c77bd0

SHA512
6f0d3b6bebfdbcf1f0490aadf51c8b8d463ca34d3f755a1b07f6f88a075c2d2f9884db9ad47139e45b07be18c2e9314493693dddcf470adddd1d69aa02ca14b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9d3c8106808380e57c903a1f3881075

SHA1
5cc593e3818f6780e6f255f6903d5764e7930d33

SHA256
0e76e17da2c9536b34a55d9d5b1bd81c8dd2a451d28c1b7dbb0e3cf9caa2e8fc

SHA512
a3ba5ec8a456c0eb766368d7cad1378e0bee6eb600573b75ecdd273c077c2ad113ca4835d3c58d4869ee089fc406176c37a05efd0c5356e46ecf30a8ddb35c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c733893b50f3ea4769a6f5f712323178

SHA1
160928b9d1676a9016ed6fd8553e3d164bc0ca00

SHA256
5c7baf0e9b7ad3bb7751395a0b4d1298333caed2b17569fe0880f2264400c680

SHA512
b9ce0b0ea225d7f517282194aa851478df781d3c5d8a4e9329ec29e8a4aa3ba40223caa4d17899dd0182b816bf63c924a0db3611d632a9f36d67d85c867134ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80e5ab6a1d88cd43aeff4a2d958441b7

SHA1
fed42c0209c532351e2b466743e6165d8d6ec4da

SHA256
6b379cbca70b2b67effe4d75a6eb16c50d26d134b245778ffcf7921ea8b953a5

SHA512
d535153d08aea5eb86910017f47e12e878a929c7099fb290b1c098d239ea95d2c264fead37349693fafb9f09304224c35e9af77c0caa679367c03f4d1239512b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b2e42589-9a9b-4d71-8de3-8bb2338b8e77\index-dir\the-real-index

Filesize
2KB

MD5
8bf8ba8c2150e95e130584bdce485761

SHA1
96d1bfc28cb4f2e54360cca288845a88819ca7fa

SHA256
8d254ef1f638d60e6f312d481269cf5044cbfa2218b843e734b41b5d4e9071c1

SHA512
54e7623903ab31be08d067cd8e1dfcaad0e83968192023a8aa4f0e3d410e690aa5945421b4cdc20ddf0ff846abc6e5c5819b19aeaf572cee10f6dc9a6b7a5bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b2e42589-9a9b-4d71-8de3-8bb2338b8e77\index-dir\the-real-index~RFe584590.TMP

Filesize
48B

MD5
d188acf6189e8970ce6d4985f83b8e5b

SHA1
1c1669b5136c80501479d2aa86b59b0f369379f8

SHA256
039debce76cf1406e61db25d8b4ce6e97d79f1333ff8cd26050772cd8cadf867

SHA512
4113c00d4e5ac0371e9326dd440f8e2d1bfdcabda5e3e6478fdeea3b9b6dcd55164c4bf67d21141a35d45e493d64822d9edc4b0924b2695e69af9e236089efd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
a7e7fcfcccce8b8f7865cd7ebeb37536

SHA1
2bc3d1ad0a85083e36155b0030aff93a63be81b9

SHA256
a84a0780cca4905abf76df6a0c6af83ec3f107a39c8a209ba16356c73fbe1ece

SHA512
7aac56f58a3facb56e511b6dc13d4f4c120436b74a98f1e9e57f017d191ab439a27e591e7f6f25158cb420046ac6bb7df02e8f99538605bad9b1ee193c33a8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
598405186b7aee390969601da20cefd2

SHA1
833a420a7d4dee3cb9d5fa81fd7cba6c86945846

SHA256
936368231443434d8bd7c07c1eec7286ebd321cdb50970f1611cc368301dc565

SHA512
11148613fae3681174e68244e5bbe883ff5b4733f2e4a48c7fe36ea1ebd43787adb5b37fe5d9064f6cbd67dda48b7c4493bf5cde4ab2ef9db64cd3b517c67a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
4f9e33cb77bb06e1f46b8c4188eaec3a

SHA1
b8cd9dd8939082d4a9e49e6404f3f976bb5a171b

SHA256
12575e696f4f3f5dac820782e55d5a62dba182ad51c542bb0ce585afa720a73a

SHA512
c0c3daf7e61024db43656733af966eed2835105b8ab7824a6abaed4d4e4e770b2f3471082ffabf19819f194fdbce7c7cb051b27f5507143d32fbf39d0f179e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
9e6ba919033b8350c785cca05ff9154e

SHA1
f51e95421542c54828c03f30343b6e7d20666fc5

SHA256
1e68056d006dfd85cd0924de2f12ee930a31976523997b1e8203e44829a2815f

SHA512
c59fd1a5a1bd0c87e1b575e89354f51d8881a76e2fb8259603bda9327b799b398e940d3e1b8b7b757c174983fbb2394821a89c56ea31df835aa0921f4ccdee51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
454224b216cbee83c2ed92d7777a5695

SHA1
c6bcb1dbe4cfbd4d1a1baaaa80c00369c689df9b

SHA256
5784ded67187552cb31053b27051755eca1e08b6bc3f8222a76218d67c0a85d8

SHA512
933535655e64e698637cf4270133f6ae65c9596dd6b928d204a721c7e4c088510970884d10ba918a3fac65d71cc71cc0f263285660b43defd59ae92651f22a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583718.TMP

Filesize
48B

MD5
ace1fe675d30d0f4084714c31db394e9

SHA1
2ff974d6ab8a96b8eb5e278425a047b144ca18d4

SHA256
4600f1ce593d2161dd54f59256c78ddbe38aa4b2d57494273baf68a46ea8de27

SHA512
5c98d5ffe55a44b6d593cab19d1d93caa534dd4c9de01db073944d245071dc9cfc69ab2f70f21926a8e1a7ffbb6c5b74575dded20e8caabfa9b0c9c8fa039f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c43bbdf6ebd680170f5d48831ee2ca68

SHA1
4cfd9e555f791e8d413c29f3c9c9b26b261d0116

SHA256
b3abaeafb9db8359b79c08022ffb38422f21ab745583262de9023f83e852529f

SHA512
d297acc3d098555224d892ce21d0163b169c8a7df1f64cc34357909cefb86686de3e122510ebd90e4cc7ee845e5983c6c252777f5a4acb07de4a45cd81878b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d1e3ace6b4a7fcc45225a6b6c007573

SHA1
325b79ebf89dc046d7af830afe1e85bccb4384d4

SHA256
36f5fadcb3c4d15e90f3ae685d07c900d843efba793d2b0f96ab66a0ba83239b

SHA512
57163f54ab8cf7f25cb64bf2d835514e7a04f10515c4cb2787fcd9ce9ca5a59503a897cedf9c1f0e6062db6649d730b5bc304cb36094268e333d40a8f182eb21

Download Submit
memory/1960-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1960-51-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1960-46-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1960-1-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download