c26d41187b0f10951935e32a11c0a46c98354b495714d01f57a9d2574534f51c

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
Size

136KB
MD5

e256a27a14192e9fea00194e31804243
SHA1

9ec9df721ecd19dab81ff332233e284aff07904b
SHA256

c26d41187b0f10951935e32a11c0a46c98354b495714d01f57a9d2574534f51c
SHA512

90965a6bdfd72a2accd2531f03c8a65426832ec3864c5b07d5df5d29c1790f17b09c783215ed7a5385d107304053f19a3715d2c72799f04d9ffb9d7302f63278
SSDEEP

3072:3CdUjHcdA8miE/7/kuZHxAiFFdRCTPvqYP8mj7el:37jH0mf7/kuZHWqFuzvqYkmX

Score

7^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/memory/2832-0-0x0000000000400000-0x0000000000478000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1392	2832	WerFault.exe	83

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Download	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
748	msedge.exe
748	msedge.exe
3760	identity_helper.exe
3760	identity_helper.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4344	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4344	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2832	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 748	2832	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe	95
PID 2832 wrote to memory of 748	2832	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe	95
PID 748 wrote to memory of 4640	748	msedge.exe	96
PID 748 wrote to memory of 4640	748	msedge.exe	96
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 3616	748	msedge.exe	97
PID 748 wrote to memory of 2008	748	msedge.exe	98
PID 748 wrote to memory of 2008	748	msedge.exe	98
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99
PID 748 wrote to memory of 4816	748	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e256a27a14192e9fea00194e31804243_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 388
  2⤵
  - Program crash
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba1db46f8,0x7ffba1db4708,0x7ffba1db4718
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
    3⤵
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
    3⤵
    PID:3620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:1868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4624 /prefetch:8
    3⤵
    PID:1852
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:1976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
    3⤵
    PID:3008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
    3⤵
    PID:3596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,690899765855211493,14301264358286164029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3680 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2832 -ip 2832
1⤵
PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ac 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
d03bb5f179faac4bc82c0edf5e0e6b64

SHA1
79d7151f4b25e2603e08731c342470fc59227032

SHA256
27d02c79750cfac34edc2254242f6199fd0b1451da7d0abec42938af462168ae

SHA512
b0ef3736679805691e1c9016d483d397051f476d1d06dc08500050ef390332fe1e7a05bc2a229fe24f9ebd2665f50f808dde1e6861713298daf258ed085e441f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
363a7f7d17d73b430d40db38f140afa5

SHA1
dfd598e634cb6c56925f3ad91c5bd974b7f60d3b

SHA256
c5d5877350dd68b03ad0af84b73a2d474d4b3f622f777fbff80926f05c609314

SHA512
8f53224ea2e2d5b7843d7b7b22e1d46e407b04bbac3d5e879934fa72b5f625aeb2ae5edade52fe7c0dc0474e1f05bad72a402fa8fb29b6e69b1a0844b5499c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eee0d947316177b639f1ef3d408837d3

SHA1
eedb750399c49e08de2dae485a2a9e10823bd711

SHA256
afa4352db074f6aadc450ee36e0f0539eac9b9ff69926db511072427a283c3c5

SHA512
e252f2b93b41924c951ca7ad5b2f0f2faf267e2630309f9999aa0ea354e25d034608b9b5a9caec0ab12c4c47e2316c5744c0d34a2e83b1948e79289701b6ac09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f794ff4fac379719b5e94ac2a3a97f1

SHA1
d0b5c8bc60a5d66293dec37e2e698207f4d055b0

SHA256
689b739d66c2253af276eb86ab97b9a66c0903ecfe2b083f12ee3bc943f2d408

SHA512
9704bbd90902a81b4ebb468c51748ef3b3dc6341a1f0e90ff855d1f0030ad72488ee32c15e684fa8bc659fe4e2fd0dd7665e01b0dd908dba29b48bd8d0093905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5667854f805abd466a3e0078aa782c82

SHA1
b6ce912ea4b5c38af0108f5cbada1df0d6620f00

SHA256
75b878a7e1560835fad704a6d79f61121e3cf1ede8205b7d72b31fb65600b623

SHA512
0d64f9e3d3a26fe85b143481d2099197fdb83c2b8e26b5c44846a462dfd32284ecd64b85d91d38997a63923a9873a2c49e557f234685b889e62614be656c337b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8780aeca-5063-44d5-ac06-85781c0f4a93\index-dir\the-real-index

Filesize
2KB

MD5
95fcc80f8a90726a9a2163b517c3b517

SHA1
8d8a23bd6f1e32917a110b3d939231d7e01cec4d

SHA256
3e26381072b2c5dd982538c781c03f10fd787383c98f1713d05950a00fb9ba59

SHA512
360e4f032e918098a03873c218b9de9b3a4832c3f7a10388e06918807df78c58c8abfafa27942cdd815abe7158d5301df0e796b9861e4f6fcd4abef16de9e4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8780aeca-5063-44d5-ac06-85781c0f4a93\index-dir\the-real-index~RFe57bd26.TMP

Filesize
48B

MD5
3f83cfd9f6d243deda24c951e0cfc18c

SHA1
4283b5f5a9c4a3c7d3dec5e75fe5c7dbede5b226

SHA256
cb1411d71d9f58d5cf8ace54cb5945e480cd9713e8f86497b145855e6a298856

SHA512
fa2611ef2d26e83695dcec6f5fa5b6df404d7e66fb61d9463d36bd1c5f66291bf779e86688886a0a8793aa149c4e22921991afd76ca8b09d2d1c9286f2935def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
37fef1b822db2811d16e38b9e4da91b5

SHA1
39ec98ef848c74880d38381beb5565bc5fc51db6

SHA256
0170abc5434fe6f87cc8c8abfcada47239374012ad1796ede10a9897566ca8f0

SHA512
8cc2afca6bda0275fc979718e83985bf42e17fedce75e98460548f1ddff452167235bf134d7a2aaa5d07e5a9399c19a1f2c5caa97cd0ac402b044abb2c8b9844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
07fbe06db1dd2cbf4956b37e775e9706

SHA1
5ffc5b426bc37d17f3107f097df5d8660cfe5824

SHA256
eb173b2bae7e4e61db302f9d118cad9d1c4574306db45c3c0110274757bb76b0

SHA512
d68e9a6435ba19b028d56b6957605eb52b608a689386e66a3057dc28a335d63019cc4d889720cf4926d303716ee7ea9d6279731ad2a9ffc83671f86f22771a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
0267bb34b7707b30820cf6514b3ff927

SHA1
a96adfa2aca23f21418b183652a82ef7efb7dddd

SHA256
06419cdb11b7792de1f7a430609999a8059ba5baaefed59073918b3b224881b6

SHA512
f6c57830f6d6bf8f684b3c8be8c8f160c1df7595388ad0fe2a7e062ccb09ee74a76d74bcebe6c5838642d954ce931beb91d548290ecfd5f9b6e93144ac826aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe576765.TMP

Filesize
89B

MD5
0d02020f01b8d7742d6a4f8670f515f1

SHA1
bcc591a9d96703a1f54da9d0b8d3614948254491

SHA256
d554de0d7586c78fabaa8622a8751a2bb47645e7ecc53772aa3fefdeb85b6573

SHA512
d3e1358dcad0566447fc93453eedfaad11d243ea712c5f0d647baa076722baf83d4582ba86045314759cf364d4ad40cf03812bb92ec71aa88982155e268e4a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dcf35f1e3fb7b3e77ffeb67ac2c099bb

SHA1
8b8bb6292e2a3bc3d481e49b56dee77b7dcb5521

SHA256
62ae58ba90d9b69e945c71f7f25fb3f1afd8932418a229b4bd6b47a1847158cd

SHA512
f95b8db7feb5ed5105f8b2fe945f74e91a47d6ff89b64a8da2d268761e4d4c4a993f2d26188b04207984d76a9ca1e37f05a81d587e2edbb33803c451d85fe7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b67f.TMP

Filesize
48B

MD5
904919bb8a981930645b9c5d8cddd5ea

SHA1
a8167a0f7092ce95c967d9ec0e56793b22957c8f

SHA256
3999939fb31b33ec96bb9258cc3e77d6cd368420f4bb99390edd20e6bd14c6f7

SHA512
8e5600bdf9691920d2d54b451d57f28d5ac666d2098c2b0cdc6d554bdf2167afe1b4986720d21974aed1a19ad3b3cd2c9c66a7d69ff515db579e055079e3c363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1fc4924744a12318c02969932c01bbb

SHA1
5352168a73eea2acb6e4395367305fd211a8e3cb

SHA256
87781bc230865ba94dffe3b87a207cc4b705758b0d99f2236aa2cf1524114fbe

SHA512
08e1f2641b1147ba5e03f2763ae46fe2cf80a51773840ceb7494c3e3dcf74bade11013db2104c7f7059af070491212a0122f117cf7ec6415167cd0296f6c796b

Download Submit
memory/2832-0-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2832-7-0x00000000005A0000-0x00000000005E6000-memory.dmp

Filesize
280KB

Download
memory/2832-6-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2832-3-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2832-2-0x00000000005A0000-0x00000000005E6000-memory.dmp

Filesize
280KB

Download