45c0095934a96081c0605d3da52b2144e2a4cd14eac4a96a453983ba8f6240b7

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe
Size

196KB
MD5

fce5fc4e16f7e3959e1960882d5bdd7b
SHA1

7668f87fad949ae792ad5b6f33ab052807777df5
SHA256

45c0095934a96081c0605d3da52b2144e2a4cd14eac4a96a453983ba8f6240b7
SHA512

ddd646516e752a1ef24b30dd1384acab4796301569c026c7e11b7dc5f3857928a2fe6bf45905d45237f9a0f3ec50877dd1a43084dc6e4f292960eaa80b2b8b50
SSDEEP

6144:rxXyPeH56rWgPd7BC5hMcsEZej/y160A5:dXfHNgV7BOlsEZej/y1FM

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 684 set thread context of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
1892	msedge.exe
1892	msedge.exe
1432	identity_helper.exe
1432	identity_helper.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 684 wrote to memory of 1496	684	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	82
PID 1496 wrote to memory of 1892	1496	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	83
PID 1496 wrote to memory of 1892	1496	fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe	83
PID 1892 wrote to memory of 2964	1892	msedge.exe	84
PID 1892 wrote to memory of 2964	1892	msedge.exe	84
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 880	1892	msedge.exe	85
PID 1892 wrote to memory of 4612	1892	msedge.exe	86
PID 1892 wrote to memory of 4612	1892	msedge.exe	86
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87
PID 1892 wrote to memory of 1032	1892	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:684
- C:\Users\Admin\AppData\Local\Temp\fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe316a46f8,0x7ffe316a4708,0x7ffe316a4718
      4⤵
      PID:2964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
      4⤵
      PID:880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
      4⤵
      PID:1032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
      4⤵
      PID:1912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
      4⤵
      PID:552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
      4⤵
      PID:920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
      4⤵
      PID:4664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
      4⤵
      PID:3244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
      4⤵
      PID:2616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
      4⤵
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
      4⤵
      PID:4896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
      4⤵
      PID:5108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16240771148203122907,11485537661787888223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3172 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fce5fc4e16f7e3959e1960882d5bdd7b_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:4124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe316a46f8,0x7ffe316a4708,0x7ffe316a4718
      4⤵
      PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
537aad55596b168366051d99adcf3b06

SHA1
5ad702224591a2f7e2ed96b8cfb59a229e11c662

SHA256
624d023c67ddc3c1416fd91a8708ae427805756a55679e6cc0b33633fe2eceec

SHA512
a549bcd6c5cb57b3c1b95d72b824e0bf34c624a2a7d19c8bae99db6e56f3623993bb8d8f248ebb3b99b555e3c1f842d6c86a443bcb7cc0cc15350ac1993781f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af34bdba50f38209f3b001942f68960d

SHA1
0ff96fbb17d477ae04ee994ea1bbee8b47bf98b1

SHA256
d951b737ae4a12317c52526d99a8e914d62d1c46fa79cc08659735d5f9e7e7e2

SHA512
89510d1eb0017b80fe5e4358406ce7a4bd7c6e53b7d32ef01e215abd3d8c4cbef8b1ba73ce1f7837f195bfce8bb20691f79d050a592e1d865cfa6c3316cd807e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3eb9eb4991edd076100184477d4c360

SHA1
286f1a37e82689e55dfdbeb4ea6b9bd7853526d7

SHA256
463f283bf923bf6e3ffd1d11abba8f80b541aa4ab0c03c435ffe27316fcca73c

SHA512
0b59f540bc127b883ea88b03100af38615cb1ab927d08c5824ff5ad74bab67a45ae659243741ccf0c94518f838d0c22d22ba2315b67c9ba825aec20dce5323d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9a216968ef0c87bb040d774d8007354a

SHA1
8fd3b2a18a4b59bf35c5101729c2c8c7ddd9aae7

SHA256
4e3ae2cda72dc707fcd1c000fab9b9ae49d11da325389f32cb4d240c741df4e0

SHA512
d142015b6c9057ce1de0679d1818d515d7e1c83921a1b65aead52166480d6835845ca0657ba8d17280b96e01c3c5a5e10458bbcddc1642d87bc7d6974b464b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f32a.TMP

Filesize
369B

MD5
32aff9b6722169ef23c9d9728723e67d

SHA1
b4824f7314e75b1d758d2d6c3c2bc7909b60717f

SHA256
0dd84f860e22d2d601895a939abf3eda990c1d564118cebe0641e82375ec71c3

SHA512
1ec5a79aea1c2eb7fae55187f99fda20e4beb37fda4e5c998a33fe42aa6b92b5408bee65b8e940ecf2501e768e4e68aef4653e38f5bf2d95e93ecae12b7113b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c448ea5e-1c6d-4ae0-bc33-f151e324e7aa.tmp

Filesize
5KB

MD5
6390e1aa0ddb17e7445814002f24f091

SHA1
b97fbc2c3872f08bbe6209f7093e64ce1f9c50bf

SHA256
8bdd191aa15cbd9457983921fa46be891d188f4a24dc65361c329f1ec44a8eff

SHA512
03decc8e0df1e80ec6b139f7ce220bb6a89b15980f2a1e23bfab619908ae2bff59d68dd38e96333796cc1a299df34e5304eff85a69c36be48467a67e393f81bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e3eb753f7ba9148ca3318b04796e884c

SHA1
8c5f5caa4d66646531ee2cbb041aa2123055b2b0

SHA256
125648efa0e45116bab67c7a1f786da5edb7190753416db9cbb4413a9a539bb8

SHA512
b9830794ccd0c29477743972685f89d4a34a690bd0c6fd33f8f78a7e859dabc275eab6e96d820000eec6ef3ad8933985d91457f9745de85d18b4174ba6de95b5

Download Submit
memory/1496-2-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download