245923bf2845ee1354dd955b2c6af24002c7de785c8f10a42989ceb3562734f3

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe
Size

142KB
MD5

3e4badff2ad5982fbd21f7811efcbbf6
SHA1

ea665d4243327abefb17b28c1a23896eead7afbd
SHA256

245923bf2845ee1354dd955b2c6af24002c7de785c8f10a42989ceb3562734f3
SHA512

f039fd795bf85241d8e06563372655be3a2ca5d933f22093452b1c16908656009e4af385d2af7209e7039e895bd839a39a7f3ab93fb41c7edd5d497253dfcd15
SSDEEP

3072://lDPV8+JfZBJGhaul0M/A7QTJXc7w1bcn6px8AdftBLh:3lz++JxGaulz/AYNxldVB

Score

7^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/memory/952-1-0x0000000000400000-0x0000000000483000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4728	952	WerFault.exe	82

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Software\Microsoft\Internet Explorer\Download	3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
1916	msedge.exe
1916	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4300	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4300	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
952	3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 1916	952	3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe	89
PID 952 wrote to memory of 1916	952	3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe	89
PID 1916 wrote to memory of 2456	1916	msedge.exe	90
PID 1916 wrote to memory of 2456	1916	msedge.exe	90
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 408	1916	msedge.exe	91
PID 1916 wrote to memory of 4580	1916	msedge.exe	92
PID 1916 wrote to memory of 4580	1916	msedge.exe	92
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93
PID 1916 wrote to memory of 4608	1916	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e4badff2ad5982fbd21f7811efcbbf6_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 388
  2⤵
  - Program crash
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5d2946f8,0x7ffe5d294708,0x7ffe5d294718
    3⤵
    PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:2536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
    3⤵
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 /prefetch:8
    3⤵
    PID:4156
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
    3⤵
    PID:1248
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
    3⤵
    PID:3268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:3448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13938864021318569559,10661622325652596371,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 952 -ip 952
1⤵
PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x468
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
a47a0d7f2d9b2ed84d0182042dcec91a

SHA1
d4189ecbe21343de15bea935fb20890db6b7e56b

SHA256
163e64d9cddaf0466b13e3bb5150f64c2aa45c29938695bfb6c5ccb25e26bb52

SHA512
f49d967bfb96401ce558cd8747492e29cf5089c2f77e468036582b9ba472e5e234fc08c1036054cc76abe27a7be953cf0a2cb7162b79e2e4a3252e32d69bfdf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bb357b047568d35ba96952d1fc1d41d8

SHA1
bd313a866ac72596a5ee10669217c042d95d7987

SHA256
f9401a84c72625abc3d69407e00771e8bbcf819a58f200b742b17c8c4a9fa9e6

SHA512
539c4a2704b1159e8548f1a83f09ffc723576162307569a491fff1fa1721a904ae70c80da41e9816f9979d4eeaa6410a1cf874f0557460bd0cb76ba251fa27ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c883df956ec88e6629e415fdb92272e9

SHA1
b11c2182e8bce471f27522b864ef4a1afa9fb1ca

SHA256
f247f2f3a7306398c4d79351fe72a710de94563691af59f18dd5330884dd61c1

SHA512
1696641830254313aa3a3b4bd7a65887b011c8c7adc30fcaf500b55bd11e6c51603483222e1352880db46fa7cef9991015007107f3ae78e6888a84b7b215aa2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8dba80516d210cf40af808e61c13f940

SHA1
dd2f5ae4c8e04b6955ba19ff95083fba42518828

SHA256
addd78df8425b35f1f125071fc783cc48ca1ae8ebaf7e60e9ba91df7ce5b1737

SHA512
f82ee6d72331d089d45ef5db2a34d4276f3021b6b48061607c14c8a62a14ad6d5b66952d9b2e4deb065f9e0c800fbd6af2dbe04dad7934b810f692ab20fa9b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f58d23b3da7e2ba7fa17f1f21d1bde7

SHA1
256264ab8aa489af864f4c1d0a0e14150b4ad9e1

SHA256
2feaefdce1c63cc99f740b1d4ae55e347381093dd776e2f2ef1ebe2de54a9abb

SHA512
840ece163af2f71779c1a5544e748059ce9bd5026b3c5f33a271a56bce3c6cd357113c1a2a166cc2c98c3f90ba3aac26fe7028f34193f9d10f4d3c62ab5b6fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d47a6eea-0217-4071-9069-42e6be5f90b7\index-dir\the-real-index

Filesize
2KB

MD5
6df8afefcf949fa88647d666157233a8

SHA1
8c5cfe036a57f5b44d3c1bf35048d1c3b667f728

SHA256
2e41a92e39e918f3c195c340b6389e59e47b62400d377de876ab6686664c5395

SHA512
adc820bc1a2cadf25093b9c96b8334398e7bdadb271fc6e53a20e3e183444a91f6f1cc72ca267b4085d9c554d2a4727693a0ee78ffffb8d9f19c4818395eec10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d47a6eea-0217-4071-9069-42e6be5f90b7\index-dir\the-real-index~RFe5807ea.TMP

Filesize
48B

MD5
1d7d4f7c9588ed1425939b2aa7652739

SHA1
47bedbbd38aef7bcaeed81a50c38b5447f78a7b7

SHA256
1ba14fc97ef75c5675f6b635bc55fa6e5ec7646c0d1ed47b06a6675d37905b64

SHA512
4854a51a25d0cebedbcb5e47705207700665d3b6a4928d3d53bed03b878d58b1c9b7e1264a376fab5c1f88435a30f824625068f5a259346071bfbfc86266a904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
497130d34d65ffb8959094a619038227

SHA1
4fbba908aea03f5cefe6c002e84285e57464ad38

SHA256
378593a294957a5b936ef9c3452475ac0e7e2b5c5646a51753bb63b1c820e1a8

SHA512
f32d0e08c32a6653e289710ddcb2c08f95cd1bacdd0e746f8b8c799ef3b1885ba1a7f26241a21d4d2d758f82fb5ac697902bd19cff5723a2864184b189e7c03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
098fe057681bff68ea62ae283d8d0779

SHA1
0847e38b274ac778ecce50061ae9ff1217b1e557

SHA256
25a14e3ee1d8ff49a9adbbdb0dadf497b12ecbff01b273f22247ae3774724758

SHA512
b623cc0d44ab14013e7e7345f983e3e7946e4a13fd506f1cb34bf4b57662352176ca4cbe6537a3a68b20453dd7732db49770c2e0fd1c8992080490b9062db49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ac529a499cc79c3625f0048ce10db1f9

SHA1
6d84b7db843b1573e08372dd8358fc7386565c33

SHA256
4f918bb981236dd65d7a3d53de41cccb844ee64bac40fafe2bdad54fcd27dd3e

SHA512
eb7385dac815ab0bf86dd2607efb0d6e4555a2712522d3ff067156b409c1e9f606827f1c3122bfedd6435c9bc7988fa79be3b68fcb7688a6ac58fc9ac9880e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b1eb.TMP

Filesize
89B

MD5
098a6bba8c7005437936d63172a5e6f4

SHA1
6475b102896dfac9664f8ecf79a4358d50e2a439

SHA256
bbc89de41df6e19937b7f2053fd942f0c3943ffbf59a5f5ffbbba3638cf5c0fb

SHA512
f8f1ab434b31d6ccf33c721b5a3b889c5e408b29f4f8918d0eccbc5c115bdce3bddcb1cd363928f4f5920a8b037b681ce005d82245f089e3dc6a7a3a093a11a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9e2307063d438b24a6a9c963ea2bc367

SHA1
67b044209e1f7a661f60fe2a23de04158d3107eb

SHA256
5358b4cd678a6d27dbef2c272285ecafeaf815d0eeaeeaa7f4b58efb7eb678ed

SHA512
2ff88ad309256d4fb93d2aed0af6e3a211a6d8870026ac92087837636e61e7c586b6d6f7aaa984d9f91c70ef1fff0d70a6eef84de85561d79ca68ebe048d468f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5800d6.TMP

Filesize
48B

MD5
ab89fd999eae95b59b99086296aa9363

SHA1
a4a8277844f9559ce8c52f74a75996e9da74fdbc

SHA256
bf447611b3dd81ad157e4bd279c3286666db4c8781fd3808f2c9ae7241548bee

SHA512
59c6cba4fd6e0c91a1e8c424fcfe6f2b46ac38f3a17c88bd605d09f10fd15ba6e64b92814513dce169654072864893ad51d5b5155a8a76bec230701e9e5a5d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76db66be3f3c82d2ba81728b703b4f38

SHA1
ca5cc82f8c767e757e823c7c6ef08c26b5c83c05

SHA256
c398daa33c53f600a65a7ccd937b14f2260ac6e1b27f4f00ab17c3dd26e1887f

SHA512
ec40891e2631534d3f26bdf40cc3b4748405b5276b46d72d433a21ac44fd28be4453153ee300b0832c551b2ae044d6dc539f23a888cefa45b8d6c1e14a9b77ed

Download Submit
memory/952-1-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/952-8-0x00000000005D0000-0x0000000000616000-memory.dmp

Filesize
280KB

Download
memory/952-7-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/952-6-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/952-3-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/952-2-0x00000000005D0000-0x0000000000616000-memory.dmp

Filesize
280KB

Download
memory/952-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download