59cb0ec2266dd284bd304e5057ab0d45bedfce95124e697bd2f7195c8f588199

Analysis

max time kernel
131s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Size

528KB
MD5

d3d40f73fe8e32c7c7d285759de0dc20
SHA1

507b9adbc84fb9d0632c60c90bee9015cd809d55
SHA256

59cb0ec2266dd284bd304e5057ab0d45bedfce95124e697bd2f7195c8f588199
SHA512

351f62a7a1c55ed9351bddf4377342a67779a2330fb70508ec5fc26b0a166d1aeab10072486f19e505d48ece4d5536d4d22b1eb39c910b1b2e2579efd75bf2fa
SSDEEP

6144:GGosq68iEbBJg78BJnW5SQrL/eiiX9PFat+X:BosKs

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Download	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3348	msedge.exe
3348	msedge.exe
3224	identity_helper.exe
3224	identity_helper.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1640	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1640	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3224	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3224 wrote to memory of 3348	3224	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe	92
PID 3224 wrote to memory of 3348	3224	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe	92
PID 3348 wrote to memory of 4644	3348	msedge.exe	93
PID 3348 wrote to memory of 4644	3348	msedge.exe	93
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 2720	3348	msedge.exe	94
PID 3348 wrote to memory of 3896	3348	msedge.exe	95
PID 3348 wrote to memory of 3896	3348	msedge.exe	95
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96
PID 3348 wrote to memory of 2020	3348	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe87646f8,0x7fffe8764708,0x7fffe8764718
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:2720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
    3⤵
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:3440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:2892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3176 /prefetch:8
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:4112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5145384029950377576,16409892960018630069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
b48462bac0f5d881b5ce6d1628b96270

SHA1
9d525bbd8a8d3731a427a82e7801d5315de4e53b

SHA256
e865d54a54244ef943da67cdb97329f44b921e6330639873670784417f4919a7

SHA512
16718b082dd558c53351242af1d8226599c46cf9852351165df74da8968ae540b61d8f5099c5ed7adf2fd4e4882cec470a627fad8b380ed5eceb1ab1e5ab46b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e7da1267bf96ed395b2f6ff4fec40bb7

SHA1
9799ccdba78c8e3c376133b6fa6247bba0ff7d22

SHA256
3a36625c7756ab353d9c1739b91be9f36dbd683420fca7e04c900a66a176d080

SHA512
6c693ef3a240d94ec62466f486fd0cd18182b4fde6b7aa384b860f35f74feec7968a8262860b78afb211917e36ba958b1a57a05098240fa88081213effcad57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8a6bffa66723715e5152e05bb208300d

SHA1
c4147e7f75d395a3d2bd70f89f8f820f235617ab

SHA256
294ea0574bfcd824a8792e24f0455ec3cb406590314f9a515100c01322e2b78b

SHA512
e61c8b9fc1365ea93ea8e89803804cbe454d52b0fd253264a38d3de55f1047c2999f25ba5e0603bc195247ba30bdbe271ff5bcabf4c012273c30294fe5a7bfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5db60c8a16554ec6906ff9c132c4e11

SHA1
77425c1499a35230736cd99c03afdc37b3e665ad

SHA256
68cea3bc6fe4f35ffed794bab79180aab115ad0a7902b7ff9230535831aaf74f

SHA512
330b9a222bf751ed1995aa13758a6e799768ee87abc0ab5e9166c6937204260145e832f67c7246ea7838fd61b86b01f2bccf0d15ad45579627277d7eb8fe5093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d3066650be46ef5c509c63b535358e8

SHA1
3e62d24306ece27ac016bf020901d9e63ccbedc7

SHA256
7287b3d7aab0742518e869e821e108c94a707f2d8175276de096c0f6f23adc1b

SHA512
504281f0ceeb176ab28cce7df9550d70f4f453ff582cae1591fea4d73d0d49cdaf1683db43e6109690daa1043aa1c6962c6002679046f87c6a7c6fb03cb87054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8743f668b0adb8a8d2f0a052535dd9f0

SHA1
22b0a391a1baed1224ea9f323e0fbd11d635baa8

SHA256
601dc72b588240002221c017efc60eba17c7bab4cf2abc285060b25d1a30fff0

SHA512
35b7d1f3f16aedf0a6969d8d2a10d3b15ace97e3fd456ded854bab61687d53ca866f0f79f43cb6a8765b38c2b62d284ba728ff6e3409abfc3681fb640b7b4f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\abcbca52-92ae-47d2-bad1-3d504896f690\index-dir\the-real-index

Filesize
2KB

MD5
88f537c1dd0a8a80ba57e55acd3ec456

SHA1
996ed6d31e0ba419a957ad28c0b35f491aae919c

SHA256
728aa65fcaed2dc97394209b948f1c5d183bf097828c924a13865cdb3cda6120

SHA512
f64d320f229bd86f0e775542f7790a37482a3a3da3aff100862ffcd0a21cd2ab5e7b2aa9fbf94d6f8c0327e26366506d041585f74a815f3302c5d9d29c2dea7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\abcbca52-92ae-47d2-bad1-3d504896f690\index-dir\the-real-index~RFe58b3bb.TMP

Filesize
48B

MD5
7adf8eadc5cdba76e04c0ee026d5e039

SHA1
672c0596ac0e5267390535a835e88895af311f8f

SHA256
f184362158d10367714a285e908da636866e01a8585b2d7200edcc26e5969e9b

SHA512
9661156541b1d1817079651039c04e62720118e34556a1a66f49f3d67078cbc1f01533af8dd567edcc6fbc4a95498e9dcb41f3a2a8c2c2bd97835eb65242a780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
7e6b0737ff477f35feaf84c235300bc2

SHA1
7e55aad8c88a42072f0c969e0a13f296e84825e4

SHA256
2f088c75f917b14788e1509c799b95f340b07ab62a830118fa679511e307a74f

SHA512
0c8ca6e00a61ddc97e56052ef4f40035820c5281a008be5ea05194e569c5628b6eef55a3a77d05e9797576e2ed70d289f138e5c7b12f70365c10fbb8862c82cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
1d21955b946fc921e236bb6381826fc7

SHA1
7c9e32e4b3d578a4486e0de3b6133e11d3527b91

SHA256
ff828d099539e6a0a21a69c6127164631994b4680a635cc0d98239aaa2a45325

SHA512
74f4a15b570226177a110c3875411a680d0226f9687b545cb877644bf6ce94f67cd7fd3417ac8f9e9f485214be5245f23c5bf0c35744848c3f7ae330ecbfd49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e71ee05f506aa5bec034e001900f10aa

SHA1
1c8ddff51b9b018400c4171fe29c27ed44c752d6

SHA256
583d08849f284d60af943acaccdce5f86ee7de41964ef78ddfc4043226d07fee

SHA512
d485b53ac11cfb463900d82f1b9552d73ed23445f905299955245071febd756267eccf08788389fe393212c4f4f3d4d7b7c5a21f50571bb61abb2aee438c3873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe585e19.TMP

Filesize
89B

MD5
43509a4c3ff1c00f188e9b9abccd40e6

SHA1
7f6c984661aa9db92d4f03baf1d49f26f2537cf9

SHA256
4133ba666f8579b88d6317420aa808e97106fcb9573e1528b7b5fa1a8f52f48f

SHA512
cf2b89bcb0cdefbf40144270a84a0bc6a19536e4585e978e3392c325a859d788f42c8d6304d05934f746801c6375a1d962f2a3fdca6a394fb41e22d54b79f65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
23fbd7c0342e302796589948c3015590

SHA1
d724618eb0972144381fdf7cfdc3948fb9e5caaa

SHA256
94ad2fdf4414112119e7ca67b12c5b98d565df1f456723736e3c94af9d67bd1e

SHA512
9e56305791af6198a60aff5807a94a9aaf0ea014b084a73d226719729d1532eb073d6645937c584c9bbe7bc6a83eac0757ced591731eb503d481bb78b607d384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ad04.TMP

Filesize
48B

MD5
0457c571900b2344fdcb19ca12339d63

SHA1
f94d8440afb71a611244bb6e74d6b54b9dc00b18

SHA256
c22b1e02124ae32307d33e3d81b787f4fd4b240d550ea8d144d8860e75fb91ff

SHA512
139136e88081d3d758cb1fe909fd0a1168858a0d01a68804d7c71a4035759443c3d1671e5990cd4fa84b82529dfd41f36198a3da35527515762b40cd17da73e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0c2ef3fd4adb4a0dccfcbf47563fa805

SHA1
ce6ae298015a54ab2e00b7361b3809379286dedd

SHA256
c718c0ded85bdfd225a9f9abbc63df34db84b50a3fcf133361cd10511d04c23b

SHA512
70b9ae666c7f92edc8556ea5a5ca2adf9da15d4fa440d7ecc6a07437a9534f1206d2b5240e037d024a91b01ad2a9f87f53e45a3d5bf1a1ab4c9de0fb96d89e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588604.TMP

Filesize
539B

MD5
56d815a6de72cd6698ed90da403ab9b0

SHA1
a4889e56a24006046c2b640da8ec56dc21da769f

SHA256
d54e614a078c44c8a7c57ead36104fcf53cbeee3a2ed140a6930ad56c7c265b6

SHA512
c58fbda9b0e939ba781315e851d0014b1d5dfe523e6dc6a8d2c6e2c7f23b37bb3c0906a19e00dfebe7aca922ac4e73d900d108a6f41c1d0a39fe47721302d7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d32972c64f8f23eeb14da32a140df9f5

SHA1
5cc63152d6f27ce7a606d55297c5dcb223c1df91

SHA256
02807875780cafaad673d17ea7f3aaea5c46f71327c3c6a605e4a907a2c52c77

SHA512
7f16fd1efcaba4a931fa7dfe0affc44b5bcfa4534f8e3596af14e8770e26f4847274f5a23cabfda2ea8b7e22eeaf157b2400cdf519ce66ae790453f760115fc1

Download Submit
memory/3224-0-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/3224-3-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download