208b9ff0ba32a0bf1047ccccf3ec10df86500ce3bc35152381bfc9f1288b2a38

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03557a3fdc001ee6c817229021b0b39e_JaffaCakes118.exe
Size

96KB
MD5

03557a3fdc001ee6c817229021b0b39e
SHA1

5e28d986d7c692a0cfcbf9597e01e7aaf00f8810
SHA256

208b9ff0ba32a0bf1047ccccf3ec10df86500ce3bc35152381bfc9f1288b2a38
SHA512

4c4d5c9edaf7d1a567de00a75e7c74dbfdf8df701faafb783b85359041b10b78da958dc8ebedf857d51422619e6b4dec7f982770e6ce2b65122c05718303e832
SSDEEP

1536:gSgc7XJz+1R8Uw9atvmCcTJDVajlfnq/FqsfZgrrXqa6BhgVNntO:bggdWJmTJ8ZgXgrrXqy/

Score

7^/10

evasion trojan upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5072-0-0x0000000000400000-0x0000000000431000-memory.dmp	upx
behavioral2/memory/5072-6-0x0000000000400000-0x0000000000431000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	03557a3fdc001ee6c817229021b0b39e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{10E12CA9-6A3E-4E59-B85B-10BC88BF4389}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3384	msedge.exe
3384	msedge.exe
3568	msedge.exe
3568	msedge.exe
4912	msedge.exe
4912	msedge.exe
3656	identity_helper.exe
3656	identity_helper.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3568	5072	03557a3fdc001ee6c817229021b0b39e_JaffaCakes118.exe	90
PID 5072 wrote to memory of 3568	5072	03557a3fdc001ee6c817229021b0b39e_JaffaCakes118.exe	90
PID 3568 wrote to memory of 2712	3568	msedge.exe	91
PID 3568 wrote to memory of 2712	3568	msedge.exe	91
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 1376	3568	msedge.exe	92
PID 3568 wrote to memory of 3384	3568	msedge.exe	93
PID 3568 wrote to memory of 3384	3568	msedge.exe	93
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94
PID 3568 wrote to memory of 1092	3568	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\03557a3fdc001ee6c817229021b0b39e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03557a3fdc001ee6c817229021b0b39e_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www1.gotomeeting.com/island/downloadManual.tmpl?TargetBuild=320&MeetingID=655344440&StartMode=Join&FullDL=true&NoSL=true&cat=DLAppCommFailure
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa406e46f8,0x7ffa406e4708,0x7ffa406e4718
    3⤵
    PID:2712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
    3⤵
    PID:1092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5416 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
    3⤵
    PID:1220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
    3⤵
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4201864147345400032,9084279611080255751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
cd3000468198d946de05d2fc69633ce5

SHA1
2703fc5059c9a2f668b7d2816235f5f6e832e561

SHA256
003740a450b2bfdf7658e2c6209212a0362cddea84281335c0e41856467986df

SHA512
9f13253804ad46122b74eb4c3d49096d306362fd2fae4279694fdf436beb2006e967baf5f4eb57d8e784ebafecb18789245a5e6ae5b0ce61bea65253290690fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
a5f4bce969cbfbe2685f847a49a7ce4b

SHA1
52fba484850611b65408b351212e737d7c2cdf1b

SHA256
08260d9e3b2cfd3564ae91907c4e7c95094a5e2111652cceaed66427bcd54c97

SHA512
e6cf4b51ac64a659f29664fdf2f7c430942e1caf0a37507d7964ec8781d197e8caeae2d52b061dfd2183c0095e49519fae62342ef45594b3b1d3b751c59d75a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
215d39e38900c5fa4a075c26ef494c66

SHA1
a8ea2824a5a373ed4ce21c2129461d4958ba1f87

SHA256
de0e1f079c3b7059320f1ddbce736e0dad5dccd594c88f667a71cf24fc0f3ceb

SHA512
a63c2796f82c90c5335fefea9acb0fd6f8f8a8504ccbc2be916b610340f80b2cbf32c89fe94f0ea79d608f662fa4d63c3c79cc55289ec7e0652cdc3f5900b8f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
659B

MD5
ac4e12ff746bc22401bd8449a7234e94

SHA1
799d04c0f18e2a8ab08f9d8fa88377fc5947c9fa

SHA256
30a95c6744483686290976d8047f41eaac11984d17127149c90d5acd006eff40

SHA512
74d0710d920becd3f14a84f72fac82f519e349380082f5431564b7d6fcc17126d07309c437a83b27b6e67306695faf2ee7851a0981e9f581e3db7a3b57bb8d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c7a5c9153c9af1c0e99c3bd5f71f72c

SHA1
2dbe174a1c9ba74fbe89b04f105c16795c94830d

SHA256
69fb8446332460ca48fe062550568a4c1b77ef95f5ecead6e91e62b9b1cc2f8f

SHA512
f8107316781bff554f2717e0c93eace78742204e8749b2e19c25980ecb363c83f9a4450cc9b593fa7e02e91968355e5c64406dc32b2990d12079b4415fa85661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
107b563ccb6adb024dddcc3ccdb71afa

SHA1
7e69280895496ca531473a7d5eab5eb3505deed2

SHA256
23a737ee00d5c6931c365ac603b390dcd857453925bfb6fe2b0d8e8a53076a17

SHA512
8241e4db5dc3a605726362472037927f0dd64603875d573cd97a5c1bd74c95c53bf2aae54b276e31602a8e6e5a20e2b6b89d2ddfabc3c6eb41cb0117e217ec28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6eb4003fba9582de3cbff295a35b6f6b6987820e\d4931507-adc8-4c30-b962-a7bdb156c65d\index-dir\the-real-index

Filesize
720B

MD5
9da15f5a24f95075adf93c8d6575800d

SHA1
39be37a85fbbe39e3730ad50db658ae5732321cd

SHA256
a77087ab1becc8861d44afc12ea2e2c5cb2781938f53fa43968be8ccd6e91cfa

SHA512
b3ef66fb9fb7dee107c964b07b5bcaa04ecebc9f50e54efa0745394eb61138a8a09bc049285cb832f24d6bd1d11054af3e01579119f7db18b5119c9bb5d92bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6eb4003fba9582de3cbff295a35b6f6b6987820e\d4931507-adc8-4c30-b962-a7bdb156c65d\index-dir\the-real-index~RFe57d31f.TMP

Filesize
48B

MD5
73fc19c68fbc4ca26266d56815209b23

SHA1
173340bafe296c563ad79b906fd0f729ef029bb2

SHA256
a3936c2e1a08168e4216bfb74161ad77a64fa8bff6c66d3480ea9509f50bec74

SHA512
13f0c1a1b6dcfb47089fb891603612dd0bc817e720ea77da1c7f1fca781c6752450da8727cf07ead613ad02d00fc5027337569f74538d3432bb3dd567c21ebc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6eb4003fba9582de3cbff295a35b6f6b6987820e\index.txt

Filesize
119B

MD5
835f92b39bc718e82e12e5d63824a801

SHA1
42b900f68303d8336a6892e9f86267307735de4c

SHA256
228b2a4c431bfe278289042c810fd089c71596352e703dbedb46f78ecd14c8d3

SHA512
8ab7c568b87298527d8b342c0351a2930360ef1a0f2ef4fb2c96edb92412166ca6c489ceee1855cba0925e6607bc2590f56b07a9a2e726f8876e9755c4722d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6eb4003fba9582de3cbff295a35b6f6b6987820e\index.txt

Filesize
114B

MD5
7a28b8c02b466763d11188363cf0dbfa

SHA1
5b6272b84dac18da7fa35909e2ccf94fe2a7ff4d

SHA256
11367ff4d4ebc9349a2531a10180771e149533f763310284953abeba8c254e7c

SHA512
6a8eb3cadb41d1b7bc6667a576022a47adaa88137dbfcb4d6257a875fe974bf5fbf372364faff3632d74fcc8c3763b8a284f8550c0c41cee97ca7ffd12b2fd69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
99241ed04958a2ac911d7aeea7d76c23

SHA1
76200c991ab3fea31fce8a998c1869a0eafce82d

SHA256
1877cef954ee440a48b789986de4e64b037c70598ba4058a4be5c99089a7569e

SHA512
5bb4d447e1c2954bb70667275b19c8140d1c60a9fc9d60f444e17a67614c53d2144ae62d2fedce3f1204965fb970e9f45c9d02b5afa46717e4dbad55fa451ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57aa3a.TMP

Filesize
48B

MD5
0b7998e867cc0f90f63483301e0d9d4c

SHA1
4a99a88412cc5036fd452dcadd3292184d01eca6

SHA256
dbbf4bf2fd471a52c18e4eb40dc4bd83a69768e675bb928dd0b2ccbbe8639958

SHA512
7bee39204adef7ed481a60e1e316780fd8c3135a04898a440bea798b923e08e35826063f87b79345137c1bee2ec13b5606721a6c6896a3a58baa9c073c4ba66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3205a58cea2bcec571e983410ff4792f

SHA1
6ff6f334724e779fa3263e595b0dd1e570627908

SHA256
aa2e9ffb6460e65de84137cf814250390523d220e1222ed19cd2c2ba65514e36

SHA512
ca8c6e3844533be57c30ac3f555b970506ade10cd07117eb3d8d9c95d5a1d244875f9100846a23552e35b7d21d2092354565c258ee6e459475419007a4ec1eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a2b8.TMP

Filesize
1KB

MD5
73c04abcaf644d9002f0e08fb3bbe476

SHA1
038570142ce2192ef8e970a01508a17de9b885bf

SHA256
bce76234d7897ba32fff932c7a54a3d2ef059c2d4ba6f6c2f2e24cd9f34ea6c1

SHA512
827a5d3c70f755da7f56ef473b019bffd82bfb0537af587efe6822874734b25ae0c514bbd58a148363b49247d0ece31cb965e825e8004d33865c59ddde6dd4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd6278bbe0a1762978732b6291cc225f

SHA1
935285a94745cef9681b4aabe1c43c3d407e3a04

SHA256
e777ee3a992b8bef2e0f9dabb75447ad3f362efff1587ff2451d4d9727e0147d

SHA512
9f08341407932df4fbb58c1b7dce04db2958ce3d413040cd0fec70afed03815a0716559832df6ec9ac50e3c2364f14041d43323b17fa63bf8e430fabbda687fc

Download Submit
memory/5072-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5072-6-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download