bbb582bbbbaa63737332d290eb46c958499105d89605f8e7eea3cfa1a526d85c

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
Size

512KB
MD5

c8deec610d55ac8f4847bc2f4d69e1de
SHA1

9a262a8cfb713b002e69f088c245ef77d16a64d4
SHA256

bbb582bbbbaa63737332d290eb46c958499105d89605f8e7eea3cfa1a526d85c
SHA512

0fe5191f14f8042c827bf9815dd1d4c72294abe0d6fc11e6f117edda68fc72bb427945da241b6acfda85561bb22cfca9137cf910825ea62be5e61285ab95d07a
SSDEEP

3072:JQp8NErMEYAcKNvUEy7YKPvRW1CnqZ5JAVtD:JQmO79nK+CnqZ5JU

Score

7^/10

aspackv2 discovery persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/memory/2436-0-0x0000000000400000-0x0000000000483000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2200	2436	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Download	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1320	msedge.exe
1320	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2540	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2436	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1320	2436	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe	94
PID 2436 wrote to memory of 1320	2436	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe	94
PID 1320 wrote to memory of 2116	1320	msedge.exe	95
PID 1320 wrote to memory of 2116	1320	msedge.exe	95
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 3160	1320	msedge.exe	96
PID 1320 wrote to memory of 1748	1320	msedge.exe	97
PID 1320 wrote to memory of 1748	1320	msedge.exe	97
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98
PID 1320 wrote to memory of 3432	1320	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 388
  2⤵
  - Program crash
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe4,0x110,0x7fff877446f8,0x7fff87744708,0x7fff87744718
    3⤵
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
    3⤵
    PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5636 /prefetch:8
    3⤵
    PID:3364
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
    3⤵
    PID:2604
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
    3⤵
    PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
    3⤵
    PID:2644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:5248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14880103578683852019,1116893591534376494,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4100 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2436 -ip 2436
1⤵
PID:2640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d8 0x534
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
4e26a50c5eb7d54d561ab5369f6719bc

SHA1
19cb7b80c598582f4a2d1a6102546adcb7924dc4

SHA256
00872f974c02951465efde0206e82f83b36d0b6c6698dbc53d4ee23463741146

SHA512
c2142b4a78b52a0c59ed4a450823014d97f7b5ebe9d8960466a029a8c2dbee9c3b319e2247f3861412383322a91dd9d5401383478b8458cb34b5b5bb555da75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b990d3ce73636290daa783a4d6cbba64

SHA1
504207eca454c9bc9cbe00af30e685c003bec13d

SHA256
322c1a4997ae1dbaf890859d8cbc59f2739df069d0764a735604258ec0a2c31d

SHA512
ad4e10daddbd43195ad264e876d00ec2b32c56748ae84220489ad642ec8100bc0fb88fc547468a6f13961eddfdb2d7e28e5f8717f0a8b977d2a7477e449a5ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e371471df69362c889ea0990ba01ec67

SHA1
307d506e6a5cc31f51c4b67d0714b505a1d7cfc6

SHA256
9678c242ceb225204aedc98c02b5b67865a130d0c40787d8ba47423c3fcfdd90

SHA512
80558133b2b0fb89528dbb1b58dce265b9f893fc2971075331d4448adfc272a6f6e1f7abffed5f42c29503d0af0200bb726617fa2a32a895cd5b6a1dca7b6e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6373b955212d76cad1b66767d4c9f2d

SHA1
7eb2e7b76e1f1d313a69d70e067f6b9a63c49bae

SHA256
a08593e78b302294ea8ba6550c5d2a3903e5cfa371a719c73bbd77bec40d3313

SHA512
2cc70df6eb076be7710b1ce92b61708aabf34453f08eef0b111343dfd328afcba7b8e32ddb5dab5c80e928868127d692db525b9a50dd3b3f90baab49c291daec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c656bc5a51b670da355d24c85a64e5d3

SHA1
b818d11cbe730e8985e8b16800b021550d7a4fe7

SHA256
542fbec26f8f082bd0c4e8ecabd4d3bd9111400621702d64a2618854b1623678

SHA512
8e71567406dffd545ef254d93292b6a4cfbdd803547ea46072ad5c534f6b0a9d052dc20bcd0d5055a2464000ea1f76989fa392a422da09d0372265530f46fba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b36922abcedb4fe80569ba697b3e1c43

SHA1
a9f12b183c631fb310fd061ec5b4dc28ff183f57

SHA256
b2a59e54e92d2cfb971f05416a9de5c8951cc18ab08da15d9c59bc4ddeeb4895

SHA512
634c4ff4a15e512ba49dc59b1e58613031f06f2550e500e0e5bf959ba58897487a321d6cccc6f0ca8f53ca91a8c793d626adca3eaa1d1cf4041aeab57e9b0766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8bbaa9a1-3f5e-4058-bbe0-0e445fbfe4fe\index-dir\the-real-index

Filesize
2KB

MD5
e71e4a097091cab0d87452a4aaf8f5d3

SHA1
1f1083c4edcd83b2fceefb29217b541a819036f4

SHA256
c3502246130e8a1ac77e0c081423f772155fdbc0db205bacb5b401dca6337a9f

SHA512
2597d208ece060702b34102ff7efb6a2b8850e9dce9c9053de6f49495d3b4dbdf1e2d6ee1be0e2d9fe1396f588841462ad191b2ee431779c1268f0e23b6c60ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8bbaa9a1-3f5e-4058-bbe0-0e445fbfe4fe\index-dir\the-real-index~RFe580ccc.TMP

Filesize
48B

MD5
c40ef74fa08e4421958e3e08b5fd406d

SHA1
f9e6cf0c3f08ac3e9c274da16b132d9e5f96ee47

SHA256
ad8378c9edd222f0120c74d299cefa715edbdc218c7957809c0aab75167c171a

SHA512
a8806a138453308e86a804d7c6a0a09061bbb08b6cffd23b9bca9628a6e9850aa5f137e32ad272c0c126c3b48e520a815a84f56da97fd050094a57469bcb3561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
72bbf41843768ada49bf15bb2887eed4

SHA1
553536334d5669107ac5c5b814c6e8dc368af268

SHA256
7338f90c478e30a39c0fae497c245545eee4d97e2eafaa39411f39f25295da2c

SHA512
8585d3ed3bfbbd0ec31e9b1f485dad4b3ab7a884f98a0f681c04409c6c4bc72d61cccbe262184bed0b22f0a114b6dbc8ff24ca62cac7f630a4fb5b0ce0a46a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
71f9bd656d90df72b7d57503f063c180

SHA1
60a54bd1e92b7c7c61a1a9a1edec13292902ee07

SHA256
8ed095328805a2d4b72f1fc2c88fb3e900fbeb731fe3ec4f4bf041f65bb7a103

SHA512
5176ae3a99eebb8e964b1f477d08f8c2b7bec5947304972420eb7c4bd2ccdee7ced7148d07cda5a6e90b75fe56d493cd55a76a06d8dce020f4647456fd40d0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
99339ecf1e465eae7d65d7e603052423

SHA1
f8187b8096535cb18c4f01708b0cb4cae51254cb

SHA256
9fa46850ef8f0b7112bb34836ba5c5017ffbde5ef93498bea8012290d573f882

SHA512
3066d5e563885199af8d5207e950ddc5367a84f5d3d068ee9f728df1d6f77966c4a05d27a600c535cd242b06f8a88a254602229c149905000ae143b6c2eac877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b769.TMP

Filesize
89B

MD5
5355416856d24b23cad2d587116c0324

SHA1
29d8545e63dd9ca8d9d830b60480d114fdb6e4d0

SHA256
a6c6da49364ecd43dbc2c7ae635f136448fe8cab9297ac1949857271671635d2

SHA512
6dcd7a24fe7b0451a37802a42d1e4b9c1b28ee771c2c3e867d0a34235185991621f0edda9e15f1d83bfb2488ec095c8d7830e8bfbbf5d1486d8c3e5aa21cc596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2529d63ffb508e06e7c67815fd073ce8

SHA1
371466c173a0de231376bc857505fc0b2c77e6b9

SHA256
10573478f07c30ddc23231069eab41dd5bb810cfa64d634524fc88b7bf8adaa2

SHA512
a8ede7e39f01767fdb14037b104a0f2272722fe2f79141a389fbff0618d28291c93884ac9c5e919d21e5cb7b19024b626d7cc1dac71186a9501e7db042bcbf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5806c1.TMP

Filesize
48B

MD5
2200fed632b50352d8699109d337262d

SHA1
0d59e69e0652e3001bffdde023f71666079d7e89

SHA256
c0370fd88e3c15d38f359117c5dbb3ccd750c0b44c19bc4878bccd6c75cdaa93

SHA512
f458b4ad44e5984188cb74f5b9e6753fe43454471c651500c2995bf4e964f0ac625e8652ec640d4471432db8889fdd1d0c3392cb8481402f2d0773de1f0ca814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
b1989eaefe6145b2b9f5714b36c1ca84

SHA1
8bc8c91f4bf3cde6af886d035936d8d9ccc2a377

SHA256
3ae8ab1c0cf91dc5ed9f49438f761d3c0871887ebe5196e6fa218d374dff7ee5

SHA512
f79c7344d6f18b301e02d4c48b8427343ba4dfb8c252cfaabf4ff37c6d922129cd0e0de325def3c7c4b0b8f2fe79098c84a2e04c71eae6fe6bb443467552bf23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57df34.TMP

Filesize
533B

MD5
1d94a0d9d298543310cb968a2b9d3895

SHA1
3f4e9ff4f1990a24540e616bdc9fee0e10c74361

SHA256
75a1a69424a11ac6ebc48f18c148d3c0f2a85e76ca04cae54cf9ef3ddb4aaa42

SHA512
8286067966d6ab9987078a2d6be0e515184ae3fe88779cdd858eb19adb708ce7adaae60e20d69849a0cae7045835149f6de9583bee3d668724af83d21658f976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
320cb624021ea6fb5e02fd4caa3ef5c1

SHA1
002b29c75c4e07891e4e32e00f688e4c20079562

SHA256
6d7b659ea29be4e49111eb5afa10a5667b434f44dbd07af87719b8b1e994f206

SHA512
d20f3a33ce985fec3da5248377bab63c7542b82683bf5377a41e0f67c9f8c2e60d9029e5729d9af993ca2aecea68eefaba774a5f74b7d090c283bdea8712412b

Download Submit
memory/2436-0-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2436-8-0x00000000005B0000-0x00000000005F6000-memory.dmp

Filesize
280KB

Download
memory/2436-7-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2436-3-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2436-2-0x00000000005B0000-0x00000000005F6000-memory.dmp

Filesize
280KB

Download
memory/2436-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download