67dd007fcda2f31d183021d1b0cf65d7a1a1c3ad232371dc3c2d38c05213ba96

Analysis

max time kernel
141s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Size

140KB
MD5

0ca57fc7a6686f0d256062653f314a8d
SHA1

ace8f5fac4eb409a45c4af92b5867cdff4041165
SHA256

67dd007fcda2f31d183021d1b0cf65d7a1a1c3ad232371dc3c2d38c05213ba96
SHA512

d2c62232da88608184d021eead18f7561555f7b71f7bfe15751c80e1663891618d2efc08dc3abaf40b8735c396027f5f9b09bfc086e61f9458b83f7ea79da9d8
SSDEEP

3072:am4bH9vTQbR76mS40PidJW63e3g4qjRz6DHzg8X0gxyUgawrxVj:DyvTb4lcAlsHZE5X3tV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	4568	WerFault.exe	86

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Download	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3940	msedge.exe
3940	msedge.exe
4876	identity_helper.exe
4876	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3272	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4568	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3940	4568	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	95
PID 4568 wrote to memory of 3940	4568	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	95
PID 3940 wrote to memory of 4076	3940	msedge.exe	96
PID 3940 wrote to memory of 4076	3940	msedge.exe	96
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3944	3940	msedge.exe	97
PID 3940 wrote to memory of 3184	3940	msedge.exe	98
PID 3940 wrote to memory of 3184	3940	msedge.exe	98
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99
PID 3940 wrote to memory of 4616	3940	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 388
  2⤵
  - Program crash
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81c8146f8,0x7ff81c814708,0x7ff81c814718
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:2944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4704 /prefetch:8
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    PID:2944
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
    3⤵
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
    3⤵
    PID:4304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13777946568110200337,16757645597374190070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4568 -ip 4568
1⤵
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x158 0x294
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
203e05fd57d8c2983818aafb42305597

SHA1
c7913172e78bdb2559ad96b1febb80f0696730fe

SHA256
de39a33474477fa24f74e8c3a22ffab691f2cc61e3bf7f02a8ab9a6e3f3bf078

SHA512
12ad2286ceb269b37e2ad65ed91ddbe51b36b3f0fac1a21ff7e96f52505ab5688825c69a6e1d39e3b6d560d7e39d442b31bc19ff46d686bc5a7200427da03649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
abe2061b6ced8f924b4a7946c629503a

SHA1
0aef6f3ddcc04861f483bf9c0a2d25fc3886fccc

SHA256
8b4328e619e72dfdbcea2575c2992e00ec7e75797fc8a1c3d9210c5216b8b688

SHA512
7af4e2c1fb1f0d202e4114b13303ef6aea9dc9b8f6a9bbcc5d9fab96ef9ac42c23fc24b4c82ccd0cc6c20bd9de72c6e864fe5d98d876b88ab8ed5f064a6fc181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b1478e3ef130678a3c5a76b1097cc74d

SHA1
f27507b86d6300e41f9c2c600f6c32ce18b8ba9b

SHA256
6cbb44b54a10bfa6267ab33948db814394d1368e0fbe378964b87afc0135de3a

SHA512
0b79da887161fc9718b30b5456300171c16569f4694973a3ce0648049bdacf533ec42e35e8ffc574419e9981842d2103129dbd955abf2dc35539808dfcea08e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db49f3b0ce39ec8d13cfb943a17ed4ca

SHA1
30bdfe68f8c8f95dcf1fec23fcf42ef2e33babd8

SHA256
5b8718e7266fd03ec6bb777846ef5fa3fb27832d9ef016c6f04623ebf3878ce9

SHA512
b9ba63a138aef936dd493a18566e067566c38f7680f5580944ca4b53c0ff29ccf89ce3183df9b0a2cb5a7604484d6aecf469a084bc9a331209f7c25acdf9d38e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2110e4b6dc4d67788d6645da4a8232d2

SHA1
1f48d136a9db57ce8d077103560d21e642d27763

SHA256
4aa575dca29c9a9a45f16ae592a42cf251c93f1307d708f4f29566769f4ce2f0

SHA512
5e801cd66f377cb85680a9b1ff2c0757cf8c271006951c068db77b69db513d11c500efaa1e031ed049d4b6dc3985fc34393e3bde4a25eab654e5a768d2708eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fc61588-84c2-4029-ab96-17146db922f0\index-dir\the-real-index

Filesize
2KB

MD5
e006cd2cb86b69e3a4523840e6b95e3c

SHA1
f29f5bfc753a8c2c07d9453aca319e3f23b7535a

SHA256
43eb969f7a208dd465bcf0982c571883c5e561f9948c2ed8277f56367bea78c0

SHA512
a804f34cd1cb68b0c608a8983691bab9f595fcec5d571788b6f68ec774e962ad19a7173c342b2048c97e9d02a3429338341147fe0a936f0fd12915f424f35782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fc61588-84c2-4029-ab96-17146db922f0\index-dir\the-real-index~RFe57fef1.TMP

Filesize
48B

MD5
05edf82913e524dfc20cdfc2c71df8de

SHA1
286b02ff7d5ce72c07925a82d1bf880fb6874610

SHA256
79ffc388ef36ee176de3e02c2178ea4c8990a9b70cb42adef13cdb9e2488c02e

SHA512
065ee6358c61981f10bdd42a0307d25c619418fd2a07b849c0304410d112307e7be1099e948c770188a6a36228142062577af895d81f6cd2ec2b504fbd0e7302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
c095b811e848294ce345115a5c0aaa8f

SHA1
ae1643a02e1e96e1a402fe3b769b1696abc8749d

SHA256
f5608640e6633d1e063b8ae6eea73157c6bacfe57f6869596118f2b8d38f909c

SHA512
9b9a2fd29ec681726db3ad6ebb31f80f8f88e51a978c8c8dfaea66280fa157027bf5efb7c4effcdf4cd0d0e612fd66b7e92ade57cdb9624817d022c4d874bdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5b5e8c3509bdb4d753de85e887018d77

SHA1
d948386c2f9c855d7f5581b51b335b4cdafedae1

SHA256
8d4fb857f7b31ddbe54d541892bbf7e813bd39a7873a6fbf2ad900258461cdab

SHA512
69459d85e39429a3ca88898a0cafcc2b08960f543b4ec2391401e738fcc133d8827092c7ebb6581a0e116d16c91732b38235d38415f7074991712a894e53d3ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
c85a4daaf0283b9f9ca870fc314a5be4

SHA1
8a1b9b34c4e5b77104393921cd40d7271026be2b

SHA256
721e6358338d1baa790473268b8f6ee75c41ab16217ec4173f1b97d1289c0684

SHA512
41a4e81dc1b4f6bbe8793a20221e505d6bd9cf266599a71acdfb244a780b97488ed2259709b427e269a0dc91945b98e8b8ab61079307522580f5c545bcc02d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c798618e02863c62524859607b17c577

SHA1
201a7620f96463d50f5a0d886c09ab2f075b5912

SHA256
4a70cf1ab1abda8f0c8c496eb420c626333b9a7996e1aea6edfabf9e2ceb7437

SHA512
cebf3b379d91af8b89e8b1519ddf39d341656686f0ee1e588c82baa26d3c8e091d680f9e9924cf56fc7bdc6a9e3523be6771c000453d6843f201807f9b055988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d6eff7d57a1f5c246a8c5ab45fa0f60f

SHA1
cf94900589c19efaa716f9dbd8e9939043874349

SHA256
1cf69c109ad6999a6753d0fb3cad3820ce0958fa03381c3b298009eb244a9373

SHA512
7738b8219f306904b31642609b6b2b21d97c5a880e72b0ede23d74e5fdfff8d864ca71f8385ec6359ada8e1968020f466ae22f48e99a8364b4b852e81e8263df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f906.TMP

Filesize
48B

MD5
8d8f6384d2a5bdaba0125c2eb38ee17a

SHA1
9aa66617cf1739a978f230870fa073b2700107d2

SHA256
bcebd075b3ecdefba15e17eaa7d00e947dfe5b9ae2395c4901b1144a313305ca

SHA512
3f00508128a340cba68c33c5c1587dc6ea13d7b6befb411aabf11b448660de2b79b80538e02df57fefbb89042a6fcd30f9389a8b10681b1bc3da03e20b911080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9252f021bbb66b50367cf5ea9268c3b

SHA1
6676a4b9cf81b7e533f9f340bdc208c176dabf37

SHA256
1df4260ff52d39ec9e01f3e1b994ec7b99456490800bccd4778c6a7955e94b28

SHA512
d7f754630a7ab655b9fab33329a14be5f58bb89e6083c894b3fab6e8fd4c99954e8204f1fb64dd727bb772f8c6781ce5335f3b222f8668b668ec41919283a7bc

Download Submit
memory/4568-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4568-7-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4568-8-0x00000000005E0000-0x0000000000626000-memory.dmp

Filesize
280KB

Download
memory/4568-3-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4568-2-0x00000000005E0000-0x0000000000626000-memory.dmp

Filesize
280KB

Download
memory/4568-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download