b1602635646805de5fb2c4282769e0a8c482f74b9ae33522f2b5c6b1e2e46539

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe
Size

536KB
MD5

44021a7b7288d6216a9bea8b343e6062
SHA1

fefee460b0924c8beefb787985a0d6f5a4091fff
SHA256

b1602635646805de5fb2c4282769e0a8c482f74b9ae33522f2b5c6b1e2e46539
SHA512

e672d3c9ee0831d85486d16f5e39a4262d6d05de15dd4f73d110b952df6f97dc78d445a05adeebc1fad800cea0c724b5c565ee17ddcd4ca2e4734b3b3c04b72a
SSDEEP

6144:2jRuwI2ET+JxsDqBmVg6bHvcu8iIZZVE9j+jHosfLKQNd117bDkOI2XgXx5v3X:8cw/Nk

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\Download	44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4128	msedge.exe
4128	msedge.exe
4840	identity_helper.exe
4840	identity_helper.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4300	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4300	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4160	44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 4128	4160	44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe	86
PID 4160 wrote to memory of 4128	4160	44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe	86
PID 4128 wrote to memory of 1884	4128	msedge.exe	87
PID 4128 wrote to memory of 1884	4128	msedge.exe	87
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4464	4128	msedge.exe	88
PID 4128 wrote to memory of 4076	4128	msedge.exe	89
PID 4128 wrote to memory of 4076	4128	msedge.exe	89
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90
PID 4128 wrote to memory of 2440	4128	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\44021a7b7288d6216a9bea8b343e6062_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff975be46f8,0x7ff975be4708,0x7ff975be4718
    3⤵
    PID:1884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
    3⤵
    PID:2440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:2540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 /prefetch:8
    3⤵
    PID:908
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
    3⤵
    PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
    3⤵
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
    3⤵
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
    3⤵
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
    3⤵
    PID:3176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9780755891122518306,3906614777078983989,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x3b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\530715d8-dd7f-44b7-b1b2-ad7b581ae44b.tmp

Filesize
2KB

MD5
bdf30c107403a5f47b10b43ff4f93b9a

SHA1
847093f457b8e0f360a7f89fbc2c4eac66042437

SHA256
e8c823f6b6858e84419011177931ed0631a44b9db95726ddbba41b255983b584

SHA512
a7783e74b50e3003051c954db57671ad44f8946ffcfb542c19992a4a4a7ff5974a47ef8770d7994c7af904262a1161563d6d9318f9aa1e59197ac7078a263d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6555ebdab65921c98a9fe85e7a540927

SHA1
6e834c4daeab07fa65383383a3126d1b7de65f69

SHA256
3a435ff86264acbfefb79113242afec804f501da0ff2c9d2b6e1611c8d143139

SHA512
4285e8c33cc0094abbc1fff9eb25387c69ac184a00361a923c90aa2bf779086be985cce1f25760b824c54d98e33a5b94468ef5305986dfbe706400106d82db7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
05f0c42d698896fe2d57e6d245ce0cfc

SHA1
928ba6b8d3f91c032dcfbebacd5484580ad35a08

SHA256
ecbfba32b91ead79c87d02e97abe963a6eb0fedd0111ada1aed83c640741b5ad

SHA512
71889f0620dbe691616d3a847d8b547df78f0fa9f5a72873d80f8480f17d8c72ce5f0d7007d8d57bc1ca755339472adf394c38f4483df7959c78715a457646a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5834b4f818b8c77bf5592df283da3757

SHA1
8a833b61d17bd3c0dd098a5a202a4a71dcac5b3c

SHA256
444ea472f8eee116acd49a40e3652434a4dbb8679be78656fa536f4fb90e225c

SHA512
e41f4d4fe0974b166b4a1c47297238ae3b76b06b4f825d500f8d5161dde19612c458107077d4e1f2129e9481880d7988074b430949cf6f0aa9e2ad45d897d57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82014b59a87fbf3c50504738f2b0956e

SHA1
611c5dfe2aa3f027f2ea2c701dcef620ec124535

SHA256
488cf6920a26d2d1ce51d03eacde53232c48c8948a63d8240df647375aca43a0

SHA512
e04cb2082097426200778e773603e397736e222f8aa032f8bbc39095b34bdca140632747425b74972deb13338fe0a3425b732215b2bdb00e0d58dfc265244575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb3d4263-0fe1-41a7-a959-d188abf8aa45\index-dir\the-real-index

Filesize
2KB

MD5
62302c017503c152770be2befd63ff2c

SHA1
c06a5783dc52093688c4cacf8a4494cf35c20dbb

SHA256
317c449398d29f157b35d348493fa0f9ebc4684e14c880c25f9e7b3e4b62fba7

SHA512
bdb870eb4fa288946f045ced4482ae7a3e6b31207924d64842821099df5054cc97ba795f083d9f2977ccd485b18081f289c28d6ca878af7bf8c7e7ea4a7b21ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb3d4263-0fe1-41a7-a959-d188abf8aa45\index-dir\the-real-index~RFe57fd4c.TMP

Filesize
48B

MD5
c9115a3ce272f1b6ef48a85ee6f96be7

SHA1
5f4fe5cd0ec291965dda30fe1dcfe802cf3b7dcc

SHA256
7b9bdb6fcaa24ad752420ab2c02bb9d1796893d18bebe408cbe5875d8cb59c39

SHA512
d484e0756ef1bd1b391dbec7290bf68fc5f1f106b3127af53eb3959e60e4a01ff43da82926cff248a441f008d4a776df42a81aa6a29be54fac410f8c256f9f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
1111442e75f68efa5531e4e15cb70aef

SHA1
a060fa3b81c7fc9dc77b4cb5dab614020d8c4400

SHA256
8be087e735b213278e0206a0cc6c73926cab4029987f2570174ef66b5fe529a6

SHA512
322f7689b9fb82f447083aad3ae045b1a4ee48a05f35240f54611ab371657c7284c6ed18e21611031d082ba97bc30ed372fe17d818a240c53aad4c68e7db26ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
fe40d1bcf558e7e5e6167f9ad0b64c71

SHA1
68d294887dff67f6a2196552382d292897834bd7

SHA256
591640b120b09ce88d44715cb8b49833a691053b200768601058f064334df364

SHA512
c543fa3f561061387c162c2b4630d89838cde35005fe63b2ee1fe72015755d663e845b9fd2934bb68a4d2e97ff384d09901932f6fbefc99d13d404a2f0ff23fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
bfd809ad1b5eedf862634e2c56e25ef4

SHA1
80892e85c44c6d12c936811bfdf823cf87955321

SHA256
7ba476d97ecf49d44370d247d0edfd972e41e38fe124d12e7a34c6b7a1a51b87

SHA512
017da1df2e94523dffc19a81c86061cef901a37b4d047f6955bd91964944871cdb6af9b6146f5de9b42dae73c08e4481259c0a1f1367ee48974bf21b3849715c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
600b207417107be9b54c93b6e03c02f4

SHA1
4e80c3f26b99b770cedd3eb42109c1e66e6453df

SHA256
d0e82fdc9b9a61d0fcde5e3f090a2dc338e0643a8e32773920477995f414e607

SHA512
8fa648f2956a2a47fdfd0cbfdb71c3184d0a5226a6414c233e66a336b55cf805b3602bd6dec5af95467847b1437e8a7e9661d436d1304df1c2039c97770974d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6437d819918f6bf67ecac6249ad4c89f

SHA1
002ad8551b13a727dedb0888d3a55c02936a7332

SHA256
af0099217192098a353275acebdce9a23b212217e5eb49841bdc6df66f90854b

SHA512
35b54c55f35210d9f09dfa00c2947c0a0afd04e8748bd59ad81a8a3b53101ae4b8769e52342be7d0c30028c6080c366b12dce61a7dadd25917bb5d18e5592820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f86a.TMP

Filesize
48B

MD5
29733b152560c61b37383f905d7b4fd3

SHA1
8dd178e7420a00696c254dbb4979e060a6d2c914

SHA256
ad349e2f78675be5f2cd099d6e09b5ab48fd345cb4699dbb1d10feab40290074

SHA512
a02c4d7cef75c6fb08b56aeeb0ac0ad8dc08d04bc5f4fb94ddf6baf544dc92ea4b0967959f0853ef92fbdfb9f2ba82914affc6be328d62d14c2e653df9741afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
65a1569f080651d39b4c7193b3c15744

SHA1
f476f8b1f50004e18bd19a0dcbd7796d5600221a

SHA256
81a4ea65e9c29a9d4cd7a412c4884aa4bf3440afa9decb148d1cb448c8792888

SHA512
fb16a1d48495dbde935777cb8f4470d16c5e665538af4e63bd74518eff80635fa0e130656bd16d071cceff773f9f3d6723e67535931f0d0a19db0278e24684b1

Download Submit
memory/4160-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4160-3-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download