1eea1c59276ec32546987d9ce299729e8ebb89f149e33455d74b1bba8b5ab17f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 20:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0759e56d48c491871c52edcfa8c2ca13_JaffaCakes118.exe
Size

23KB
MD5

0759e56d48c491871c52edcfa8c2ca13
SHA1

486994f499c8b06337c91ed6cd1cec8e6bc8cf04
SHA256

1eea1c59276ec32546987d9ce299729e8ebb89f149e33455d74b1bba8b5ab17f
SHA512

53f298c54e6b711c0fe0f9e4694ef267d49462ad0d55bb32980042db3ea1393ceb115c8c0b75e045a2cf6f3efb81f50be4015b539fabe6e1ae157eb5201174bc
SSDEEP

384:prVK3GT8iBdCmirdvvB/SR6UYPd7XAvICtr6vttqy3ovscOCVOJE4It:dxT8UdLi5g63FDIICUttqdsclBTt

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0759e56d48c491871c52edcfa8c2ca13_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
4588	msedge.exe
4588	msedge.exe
1828	identity_helper.exe
1828	identity_helper.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4296	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4296	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4588	4444	0759e56d48c491871c52edcfa8c2ca13_JaffaCakes118.exe	84
PID 4444 wrote to memory of 4588	4444	0759e56d48c491871c52edcfa8c2ca13_JaffaCakes118.exe	84
PID 4588 wrote to memory of 2776	4588	msedge.exe	85
PID 4588 wrote to memory of 2776	4588	msedge.exe	85
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 2384	4588	msedge.exe	86
PID 4588 wrote to memory of 1280	4588	msedge.exe	87
PID 4588 wrote to memory of 1280	4588	msedge.exe	87
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88
PID 4588 wrote to memory of 1436	4588	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\0759e56d48c491871c52edcfa8c2ca13_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0759e56d48c491871c52edcfa8c2ca13_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://br.youtube.com/watch?v=yG81HKOjDLs
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff815d46f8,0x7fff815d4708,0x7fff815d4718
    3⤵
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
    3⤵
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
    3⤵
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
    3⤵
    PID:2128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
    3⤵
    PID:1816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5060 /prefetch:8
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
    3⤵
    PID:4036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
    3⤵
    PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8475817745442514402,550210277172350780,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4284 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
4c437bea99aab1f89ec35bb1d9fd7353

SHA1
3bb4db47b627f1eb86ad3dcd285adbadd991cade

SHA256
fbb4537ca0e6830d659cee0b50af5025edf2274ee5a7acb2db9eae2ca9eb0f00

SHA512
e244609e696eb6362be2b4e3fa6539131f036d41cc50e2af3a4e5bfbbe2c91f5fa5f6c691590d8ae7a3d311bdc0fda1f0d1bec6e6b87cae0c20bfaacfa249353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
37a5f6731b26b006c8c7a05b9a47cd25

SHA1
e658829e7f0545809a3b2bd3ac89024749ba1427

SHA256
eac1a3234aecf1bf40591d2a8fcb514b1ca7a2cb48ac13f81154c2f862cb26da

SHA512
5ea2e8cc60004afc6b7fd18cfb32bc0b86adeb312793c28e8758fb34664e580dbf268560bededfb185cef4f35bf909b37298a15f8891a7bee633634ed1644179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b580c7026d4cf75836f179855df13754

SHA1
5cd1c5c0afbe6d6ba45455b0c3904fe65982f747

SHA256
72053930baa72f1857b8f8618eb00487df4f1facf78f46ee4a44eeb848c4e209

SHA512
77052152fa47238681bfe2a4fef67139034103798a0d6b78a0a8baa690f2f9629d0ce761d4ff2e70d7521b1df59fa5562cbb91c93b4ba50a8c55691d5c489a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
702cd65c9dd05e1230156aab2e243d77

SHA1
7ed4820b85459691699523ddb60723fa2f3134b0

SHA256
7b1afb9cfccdea6af5163288a4253b3a1dde8404febbf8afe3edeaf44d045ede

SHA512
47a1a93ba0a8331197947b384d62bb11ae5b08192f9ba88d3fa565c51cf7fe8a78281a035fd4819887aa2ed102ea4cb253fc77a7c3d30aa52dc11a26eff4c550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf9594511997a18d2c65e1c009eb4f24

SHA1
fd487c02ebcba8f5e69467b39dc5c643c33ecff5

SHA256
c2b77ca35c5099930f8d9d0ad1b32ed05bc88c74743fee7431a90bf1bbb20179

SHA512
fda1eff1a09bf29988799de8f188e3890727cbb58c88b84bc019de6413489015eb9f4ef9286003a349a49d295510b3e24b3e73a0c500a483413b8f2127235d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a47ab4af-1088-40a4-8c7e-b368602375ca\index-dir\the-real-index

Filesize
2KB

MD5
bf1a7771116382c123afbf649349afff

SHA1
41c7e9e808824ca9880be43d08fdd53250bab4f9

SHA256
d754a39caf8f25df9999735b1931d4ac1a6c811e06d6bf5864696456ece63e2b

SHA512
f3e8fe64d9e9d2afa58b82a2e7ba4f0f0b0d194b7ce5c8e76508140c062af1c9aaa9fd97f1a102932f66105de6df881e9bf4c2934e681cdffc62f9c8b5cdfd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a47ab4af-1088-40a4-8c7e-b368602375ca\index-dir\the-real-index~RFe57c803.TMP

Filesize
48B

MD5
7b306670dddc313816a2dbd4075b1e62

SHA1
94583a606610c61e4c1bef61160ea4a1bbd37dbf

SHA256
c574a8792729126f780ee64c85f87999c64efd696ed74e32fa11d7e98d1a3905

SHA512
93bf19eefa2965527c4a947137e99875d903b16fc06713fe5805d621f037828ce9e2362c4f5561351dcace2287637df8fbc68363fffef7306162d6d990d086c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
b96162bbc3b7635b42d58a5d55601c67

SHA1
adcaea416aa66c1f540c4322f48dd8edcea04151

SHA256
8db94d4b49133f667676616efa6edcb29770b09da33396b45b755e63716e3ed1

SHA512
d6abc135556deb0adc0cc1a274d33ab5e768b3a97b7422d57060872f25243937bd4e9fd73c71c657c215b5d375ea583e30b6176a58d1fcd482e606f521b98abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ffa924937a96505ff7ea404bedbe8e6c

SHA1
295d41a895fab762f56560443afc2729575f3d06

SHA256
411e41458b7822c3c7933d58be6675c13a7efd38a7ca1af1c2814d6f2910a32b

SHA512
0608f15f46f52564a2738027ac90d6633649e95707f0614e55ee313ab308d16c10dfb25109343d4956b750d352ee24f8a774ac0231e2f7a8a7ef6eacb598e39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
781e2c187507bc25f2336404179f19a2

SHA1
0b1ddda1cf2f7d9252bb5e1f43a2e321dfbb3aa8

SHA256
b9bea42dd646f8df920cee8c43efad1f4998a203acefd1e18cafa061aa4e9091

SHA512
7e92c833382e09180a839099a84a251ed087479c3a81ed041a8015d45b1ce6e62b31cc4aac413ec56ad14d578081e57717f6cc558064ff75549417cdda73874c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
5fb9832b1e3fa86634f7ac03cb9d9875

SHA1
de7e65d4b00a0abc0c574277910ab64da7619928

SHA256
98408f1dcd7c7aca5ba0049adb190a2f2433289c4c6c420aecbd44bb676a91c2

SHA512
4f796ca424070e82b4c70ea436996a22a98366683f50b07b51a89ecde8be0c59f92b1c6247986a1556829fa32f5a43e445146955fecb99351f3c859d1cc5bf26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b73362774d5b9006a77fa45378455f54

SHA1
30a9fc6762774a07dabe12eaa8a8248a50d03efc

SHA256
3485aa4efe2a603d7689fe52e83d4d19265eac5ee2c2b36574818438722d3150

SHA512
24cc1847021f7e1f465eab8f53cc47f5c2b1210ab1052b09d559257133051f762d93e0f0f5683bd9957b504edf2617e9d7bb6f18393f7eaf6b54877b8ea66d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bf68.TMP

Filesize
48B

MD5
157372855ceaab1356effa9a45c011b5

SHA1
cfad7ad0af3227fac9671f77b5e43d0815879d4a

SHA256
b219509e403728fd87e55d1be5f3cbab883653a7310407a3dfea55c0781c1d83

SHA512
ab66f5d6cb28ac5eb08617ae544203b1ea5fd2cbe9ca04d04303469b8d13f88829e665d745f7e313b808860a0842b9778768e8ac98eabdb4d2ff63bae4423a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c7c2624ec9e2fb48d183852f0061ff57

SHA1
fe666b2d5f38b5b69474dbcb291bca5509acaad8

SHA256
878bb33dd2045f93d12020265825eb73000655c7a7c5596412c196c507b06cd7

SHA512
5d1cda08492c71b1b7e95be284ccde917c2cd25a4c0930747f7a7625b683a6b7ced38e7980c7d763b1394aa54dbbc95b8feeea9786a9215bcfe321a43393c9b7

Download Submit
memory/4444-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4444-285-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4444-248-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download