cc34ac2e54f62b9dd65ad1ae05fba1cfe09cd198d3535126ee80f34f5c967b25

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 11:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe
Size

560KB
MD5

5bb8a8e7488e6bb55008e332b957e703
SHA1

819a53b692c55de252d2088c10d7ef85df6595b4
SHA256

cc34ac2e54f62b9dd65ad1ae05fba1cfe09cd198d3535126ee80f34f5c967b25
SHA512

8baa8c58676f0803a383e344c68542469fb28500d7f0003b0908f5cdb6220a9012561ccf56a331b3f6f7e28653bfbf07d8c335229d891d3a1b0b38de21ec3044
SSDEEP

6144:7HctWN+NSF2Y7HU8dbwJKWy2Z53zEjA/nFUcTYafb8D8/XRNYTUI+4+bAid8ChB4:TsA+QNX

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Microsoft\Internet Explorer\Download	5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
1224	msedge.exe
1224	msedge.exe
1832	identity_helper.exe
1832	identity_helper.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	408	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	408	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1456	5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1224	1456	5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe	89
PID 1456 wrote to memory of 1224	1456	5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe	89
PID 1224 wrote to memory of 2424	1224	msedge.exe	90
PID 1224 wrote to memory of 2424	1224	msedge.exe	90
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 3248	1224	msedge.exe	92
PID 1224 wrote to memory of 788	1224	msedge.exe	93
PID 1224 wrote to memory of 788	1224	msedge.exe	93
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94
PID 1224 wrote to memory of 1332	1224	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5bb8a8e7488e6bb55008e332b957e703_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa096046f8,0x7ffa09604708,0x7ffa09604718
    3⤵
    PID:2424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:1332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:2556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:4832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
    3⤵
    PID:748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
    3⤵
    PID:3004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4224 /prefetch:8
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
    3⤵
    PID:728
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
    3⤵
    PID:4124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
    3⤵
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
    3⤵
    PID:3656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11137597151413103680,14905993097391686002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6a7d3f869a6ff14e02900ca82b58d41e

SHA1
b9f5ba4078a849f83ec368323c2092582c66d332

SHA256
5e61c6ca6d5f4cb55871f1660dd95992e64cefbd6306f03a14fe6d283741589a

SHA512
bf275a46f3c52a7879d5b22852afc001ed7893ad2fe736f7637f4906a5bafde4e0a8566644211fd334ea9c270e46a5970f39345718b6a562fb9f8cbeb6160d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
82648a3542189ceef6e2d448de2bfb55

SHA1
5ff494e830b0884e9c56d906e3b5c737320682ad

SHA256
c2ae3490698da770c1eb9991a1cb213ad467a74aa1f1384f6630fc74a287f1ae

SHA512
a2b4b19bba4d78050dda5cfbe3f7d28547e5bdf2507498ec41bf870e69e6025935ba10f9e33d7ea0fe5468e8c82dca8d0015fbff478af7c8258b904e7bbda76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
11e3bcfa665bdc50a9c40c6386a90063

SHA1
952a5e4961e20f4efa6ee0b8c799acbc61359b41

SHA256
4222c43a91fc58bf08d2beeae163ed10afedab11a9cf63c32a7be633e39b6474

SHA512
9d52c1f09d343c9807a60b4e026913b96c3b39b6626e9586bb026255a7637458e4aa4556612604c492dde0e1279335b70283a0f7eb4d617bc2d356326fd60f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46154898b347db9d457b676a7ad785d3

SHA1
212a7880ff198db1ac998ec2ecbff39e1a4fc6f4

SHA256
fd33cccf0f68acc6bee5fbdd628c715de0ba57ee1c25fcec305086ccc62476f1

SHA512
d6f02435ae032314e9ec9609cf126bcca4e82af4e257d3229f5692d60563190ec903362d38261432f1eb18e1a237455b3d7fd710c687b9c2bb32de2ebd22f8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ff352bf-32f1-40e2-b0a1-0f06acc053e5\index-dir\the-real-index

Filesize
2KB

MD5
057b6fe56734a061fddcc6875e01df01

SHA1
83245f5ef9e206a613be37a6310e6a01a638a3b5

SHA256
ce36f41c055e551d7a61939d14a517b8497ae44bc6dd01da95d127370b0e2ec9

SHA512
b02d8ec700fee7825ef60f44164b8c2746c53e9624ba871e2cddc436a60f8a02a9ff8d28131821e805c691a79c27ad447a7ab91ee770dfa252cde977a9a413e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ff352bf-32f1-40e2-b0a1-0f06acc053e5\index-dir\the-real-index~RFe582c2c.TMP

Filesize
48B

MD5
f593c33107c7e68bc51ef98bbc8e0591

SHA1
139751298d247827d4aababe136118630073189e

SHA256
3824d1f24f84206b9e7d339086eda7b797e7e0e8d8ded701d095ffbb5a907463

SHA512
9fe1579566b7d62d6cc31dbccb5e7efc5715295a33f082353050c34acc4b288e735b1632819cb9d217ca2266e63a0c89517bfc8ca3ee880e5d902a92a4e9b910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f61f970e16a52523ccaa98cbda998747

SHA1
4c05988f8ff0ad3d51abe254c2eba6fbbd93b132

SHA256
c24773f17475e7a2e6da3982f2774e4161c3d46464fde2a73316e35d7ba531c6

SHA512
3a31c9a01428d76e61efd05fb753e1a8c27f2a155799000c77b326a7747656568b90b765709b437c47ca28c09b321a7c43c1b33aac8629e5b448d41da2e4a3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
26ca00aab08c881834dab5ab47b18f7b

SHA1
b974fd5ad07a09b9a155522e2c80ff82bcb949ff

SHA256
9f6727cd143150b1caf1a9171c045a3965ed01c8cc7729d58c00718ccc19b64a

SHA512
13ae2f941a437ceeb7d2a682abc78c8d96b21c375dcaec597ac436e0f306739886f513d2fdcf8e129512e51f5a98ca2cc26f4243839c259d3e16f3e41656680d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e6c212bc3f52e773a9d56a8d82e4b0f3

SHA1
38d99e0f7ca0f8ff145454d91c76d487c9f05898

SHA256
d431306d9a083b61f870d4b8bc4447623f20832d07e09832776876a3ef20052e

SHA512
838ca013512a0ba34a8b20c3d77bedd9394e9d9ce7c62f4c31b25a57798e65c8cb173bfff8ee50ada7b26254561f83da7da27f2de95913a6c812c33868cba28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d66a.TMP

Filesize
89B

MD5
ee5ae2b5e46d272f552cfee30a100ad1

SHA1
a2805d32390e13bbba42e7397d828ab983bff5fa

SHA256
7c731babd198a5454270736932e674d50a726aa5c1fc4d985b6717e65ba00c15

SHA512
50db30fb34201020e85a72d3e06da89c1dbb1bd8ce048ae3b42ddc56878dda004d4d394dbe0b08fa2239f38a1260f2c0a3b6128e55792c1c5c91f405c48514a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0bdf06cbb56dfe0f3e197cea80c2c93a

SHA1
5d2fe1fa68e7853ee9fc82794d5577f8975bfdb8

SHA256
1de9ebb5544e93a6eb36f49fd0397a22f56f57038d178283821c0286843c4e9b

SHA512
7b824760521260073fecf2ba37955f5bbeae85ff7261e69582d2cd112a75f4f51bad2c46e44afdbf3f8fe8a295dc1097a29b7f3ecb40347ed0d2e17e42c6f535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582584.TMP

Filesize
48B

MD5
54be17ca6de75e716e6b6df050693207

SHA1
f7ad33e926f697d78fc0fedcfaf8244838f3546a

SHA256
c312ec2bb25dd98f372ad5e3421ca80d299621bdf696e1a6b40593de1574a1a8

SHA512
39b0597827b7e1498e9776bd8e3332dbf2fed7e2b0afa39b56305328acdc7a439ceb930d8ee9dd375e7868562619d4e2c2f020148d49491294d4a35481dda0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d8e73fc2-19ee-4666-a969-eb31ca57ec89.tmp

Filesize
5KB

MD5
30878ced50577092cc80f678fb371c62

SHA1
eb34f2c51c3c92f447a3e01363bef748b9afb1ed

SHA256
b8d94f4b405d851c88261f5b7c08db24452ea50af8a02bfabfe45dd04563e3a4

SHA512
9fe4b89e8f6e604810c5926b978e51c0c42d871aade4ca8ad3c690c65fdd3e6299938e1fcff05663f0f14731f1cef3c9ec1535cc01cf77ad30f394b556f194dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
760dbd173280800cdd424691f5ed97c6

SHA1
224faa435ad2af2ac50eb39552d7260fac6389f2

SHA256
1ed10a880266fd44cd0884301481211385eb0035b6980c41af6900b5fc4c2695

SHA512
bf392aa5be83b7f1bca0e3674e7c10b5c975c6b9d8bacc0b930dddb54ddd0930dcbc3b427c1201a85805ac06af107c7fd0a48efab457884dc8ed1f17454e976d

Download Submit
memory/1456-0-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1456-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download