3f5f1b481b1c67a040b338dfda264fe8e29279cff0eb37d57d0d430d4a2923d6

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 17:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

daddd22070d3164720eb0175130835aa_JaffaCakes118.exe
Size

141KB
MD5

daddd22070d3164720eb0175130835aa
SHA1

72c1c0a245e8c13cb4374e8d0b564a8835127631
SHA256

3f5f1b481b1c67a040b338dfda264fe8e29279cff0eb37d57d0d430d4a2923d6
SHA512

31e9a8182b58d0074c9b7e9fbf73144ba7da0fef62873b5525ab5bf670dc32bcff96a9007e34217bb2190ba87b4040ad5bb84407e5a4bc7b4a17b743c8861f95
SSDEEP

3072:W+wwISuJEVx7ajm2lsD+Impq/Z777xW1J15kSaKP21wHS+fyE:WsUqGjm2P6eJ15kSaKrHN6

Score

7^/10

aspackv2 discovery persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/memory/3436-0-0x0000000000400000-0x0000000000483000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4984	3436	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Download	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
768	msedge.exe
768	msedge.exe
4732	identity_helper.exe
4732	identity_helper.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3140	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3436	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 768	3436	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe	89
PID 3436 wrote to memory of 768	3436	daddd22070d3164720eb0175130835aa_JaffaCakes118.exe	89
PID 768 wrote to memory of 4800	768	msedge.exe	90
PID 768 wrote to memory of 4800	768	msedge.exe	90
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 5092	768	msedge.exe	91
PID 768 wrote to memory of 4980	768	msedge.exe	92
PID 768 wrote to memory of 4980	768	msedge.exe	92
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93
PID 768 wrote to memory of 4784	768	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\daddd22070d3164720eb0175130835aa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\daddd22070d3164720eb0175130835aa_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 388
  2⤵
  - Program crash
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed2f046f8,0x7ffed2f04708,0x7ffed2f04718
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:2616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
    3⤵
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
    3⤵
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2308 /prefetch:8
    3⤵
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10212932841908163905,5042513804969504440,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3436 -ip 3436
1⤵
PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414 0x490
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
76ac61b0019b2d6d6ac759027f99f83d

SHA1
1bace8ef8e0a48d3d45ac3afbaa7028e65d1a030

SHA256
3e120b81c2f4fbae6bffe080e81d843522b9c4f064a94f5c8808a717984e643d

SHA512
4cbd4f7667b4f44d934a9525e2d65208936af9ec888c6452cbb60a3ff8e47c05277018a52e6ab673c2a62cb02b82745f67ca959f6554563ab9ae3a4abb3e241b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ea1ab8ddd1707264624ec8a97201692c

SHA1
cfbf715fc8e3fd0376c0d0d52c7d48b972962dd6

SHA256
03d70566fa5301e0d1c7e653c76e067030889217c7d43fd85f283ef890491cbd

SHA512
9e346fd7023fd4bc2402127a24df343d0b782b701789d80bcf05d4f0124fed64bd27cc30301f429cd6b8a29092eb5e6ef2045c9d83a14eed330caec1be022916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e6e38df9b5c3c2499bae7b9f316c57cb

SHA1
85d2f5c224607f66e6965e28ec8ab48fc39d36ce

SHA256
92ffdaab0dd2e9b50f1e149cd0da5c3dea9d5e8b859e3b09136238b340f90608

SHA512
0edc378c2a52f9d23131fae89424062788c9a5c97935bb6b9f1221bd52d1f13bddeb367b864a7939c8f90a5335d86c9f79ade19f906e973700f0ad455a3c8c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93a0470e36232a847fb3efc02bbbbf32

SHA1
c6737f5e116c7b36e0fd98783e871e8bef40b3af

SHA256
7fc8ba5802e5d70546f498debe339b73118b041fb45f111c5a4b0704249eddaa

SHA512
9bfb70eaea3457ead611f0fab2703ce4b56d29aef4701abd82e082fa470a8e64ac2c3be63b8134b4253b931e266306b9c2d70995baa68500a3b7ea8a9b9acddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b9cbeef2289c5160051ad2ced43f458

SHA1
102c07f9c48203991451644731504b63ade2650f

SHA256
72d5ab09e9657b13f11436f2388fa680ba536565ebd2fe07996ff74d3e2920bd

SHA512
3e7b5e7acac34d5b4b1317765b5d6ee6339bccfdabaa26623dbff1e3f99d066c0c7f91e61c95bab6c5e75d64ec12f2bd2947a6d98f385f63cd8e2682d67aafbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\937ab1f5-2fdb-48bf-9fd2-d31819ae06d5\index-dir\the-real-index

Filesize
2KB

MD5
9a070955b5839a02c0bf8e623c9e1e51

SHA1
70c19a1ff3c2c871874c325b9d767dc1df1be32b

SHA256
d530591de2199cd345393302a8999eb28d3f63ee578e3457cf100039ed6ee187

SHA512
a8bcc8c45329e3db4b486f0ecbc54e4acc241d5767929deb1be9f75472d8b754ec89866044bfe5638cdf383047f73f106e085b47431c01b3d79480c19b42a470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\937ab1f5-2fdb-48bf-9fd2-d31819ae06d5\index-dir\the-real-index~RFe580059.TMP

Filesize
48B

MD5
c38c29322dfa30e093e525586a51da62

SHA1
81cf51a717bc96b59eb695915fd0c12e28b8139b

SHA256
cff271e31abc5ca582adf3b01b9436708c8fecdbfccd575a0e8d81f5bdb31571

SHA512
345af3b65353e0d7345252df2e331970bd3627c4c221eb6ad6f3c53e6293eba58f45cb1e82797cdc01c902e75e1297a70ca4bd690d60aa65bd6878230ddce50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
234cdaa537b0435ac979e1787f809cc2

SHA1
aa2ead04636067bb0f8a34d62b0ea567b251eb8c

SHA256
8f932fc08a91e350058229fed761f153b5c57fcc5cfaa3f12ed6c32c944aabcc

SHA512
d17061928f5b33d048c8c992e7719c3e0ca933d2171bd404f1de3113d3f9fd6b25ed8a880cd143cd549345bd28c3f9962153ca11f47161e5b6b0c4cfc672b0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
44c6a09674e866db04c2dea9a6c4123a

SHA1
dfb1368fac4ee6c6a98d904899cbafbfd02d2702

SHA256
bcceb22eb5ea5c48671ad8d425fe8e0660729bd7d46a51a2e9f28b037f5269d0

SHA512
b8e31e3ab6f0d9ab677ac56c60e72ff8c37f20c5c0e7d633b8aadb8c150e03bef571f7198c7ec29c40a68e6a923a4cd81466bfe035a0379c0e1040c1b8b525ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
7197d8c448d13d0a0f303d6019f45ae8

SHA1
370e6e0480b1e945afa841f70c971d6fbe7edcf5

SHA256
a4f883187073ee99c279723d786bdf3c316a92719826912b9f016df4127686e7

SHA512
b213da918b16e8285c90fa4754d0699fdb05c17fa1ee34fdeb47af84d9e17461caad50b69a22b9b1e62c5d10ffcbe6c40bbe3e6233c8f64e54a7b4b64b1f66b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
637cc13a4ca799683d87042b675511de

SHA1
689aa52fb24b046b2a272fd85231aaa0bb17a267

SHA256
5fee74c21af73fc4dc0b0bcc083ffeab4c23fa29cf054d2acdbcef09c2f76943

SHA512
573105708a772c278610b18d0839d0ec74ff1d93fbaf49a105db07dbc74f4323c423d1cc99755ddf67551d9620d0d9f5d511118be708b1774dc1fd90d1f5cd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
11b9bd685f62f6b4ff3587cd0a042329

SHA1
5000c12083b0d21f6699378739e1716edfc955ee

SHA256
11a87032522163b7f7d6f7604bf82211ddb6962477e2578d227997acebb29a03

SHA512
63eb1971d663daa8008d0a902e11cabc67d4367d33cab7bc4025c724e8fcd804772a93f15137ca55e3abcbbcbc2e033b1a9370c2e03301a902d4a491d599fb9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f9d1.TMP

Filesize
48B

MD5
793d6df11622e2710257d749bac62808

SHA1
991edd2222975cacae5fdb9651b0f262accc4dee

SHA256
70e241453782fc37df76ac7666c40e7d3a7635c56aede398dd2dab59f5b26861

SHA512
37d716ce4cc057e71901eb5a5aae6ccd7a59d23cb5dd4ffcf9a20d5eb3fae6c760607bfd9f2101d95a83448df133caea4be0e78cc5f554f6caf2c34b4d7297b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff99e2f8348006f9dbcf4977dd5684f4

SHA1
0d4f4265d033a0d9a74adef44e46d972a0759c90

SHA256
d47ee2efab3da45925b495bc58206dd6f412dd6ea1a5c29840aa706a1973ea2a

SHA512
122557484b0241e71d41dbeda81b639543d33a781ce49d012f32f239af9c91c8e122fe26eb9c60b3c4fb3e8cdd1d619ffc51e834387bee833c78f99a67a717f9

Download Submit
memory/3436-0-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/3436-9-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/3436-7-0x00000000005C0000-0x0000000000606000-memory.dmp

Filesize
280KB

Download
memory/3436-6-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/3436-3-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/3436-2-0x00000000005C0000-0x0000000000606000-memory.dmp

Filesize
280KB

Download
memory/3436-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download