c05bc1809a4ec81c5bf0113664296db29dd086a4da6e8b9faa49cfb9fba5b0b9

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Size

536KB
MD5

b4edbedb8d7a1237625fa90f6b9450cf
SHA1

7dd288f4f5dd030e7486f9fd1f77fbd6bce6a4f8
SHA256

c05bc1809a4ec81c5bf0113664296db29dd086a4da6e8b9faa49cfb9fba5b0b9
SHA512

2d55e1cf2759cd162c54783c3fc5e8efb19bc962698971b0f746741ac5f22a9d70e8dbc33d58d0f8f69cc1d9e591e974d8e1caf6e0720cbe229dc0605db169b1
SSDEEP

6144:45ewZXoTPcnS0b9VqwciMwbr6IQJh5URGWHcy0DV5t7gAHL9txnwCjrc5O1AUwRH:45PFoXHA

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\wmplayer.exe"	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Internet Explorer\Download	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3524	msedge.exe
3524	msedge.exe
4280	identity_helper.exe
4280	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3936	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3936	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3396	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 3524	3396	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe	82
PID 3396 wrote to memory of 3524	3396	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe	82
PID 3524 wrote to memory of 216	3524	msedge.exe	83
PID 3524 wrote to memory of 216	3524	msedge.exe	83
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3068	3524	msedge.exe	84
PID 3524 wrote to memory of 3572	3524	msedge.exe	85
PID 3524 wrote to memory of 3572	3524	msedge.exe	85
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86
PID 3524 wrote to memory of 4824	3524	msedge.exe	86

C:\Users\Admin\AppData\Local\Temp\b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=tkFQS92d6gw
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff998a446f8,0x7ff998a44708,0x7ff998a44718
    3⤵
    PID:216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
    3⤵
    PID:3068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:2316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:2076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
    3⤵
    PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
    3⤵
    PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3324 /prefetch:8
    3⤵
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:2028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
    3⤵
    PID:1384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
    3⤵
    PID:4204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,4200064976301075744,7271872174820751196,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
19da6f078d1bb35ed33dacea6b5d4598

SHA1
651c456eb33c79bc7b495f022505266a252284da

SHA256
1a4bec554c41d21fb838653f4649937dbac3a10bef29dbc4406db83d8f09d76d

SHA512
525834e2b9a96a9290b36a09b4c94d708d7512d98e08256cf55e2b6639d4ca39125c45d31091d4d144ebe6d7c83a51c99942a4577676f7f384c673ef9f409ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f24b94b5a1630c0f58c953e6ca449de3

SHA1
3d74b1b0a375da728888dc942a51660a8f4092e4

SHA256
20b460521fea870cf106775c95f6e86fac23634d6df7a6d37df5d443c069f77e

SHA512
aa1178f2aee57771324ae9bf1f6d623653b8d520024d450b2f952df9cf688ee17b9210982ffad407e4ab5782328477900fa01307cfcfa6120154679c27d921ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5d7084b0e903a3c07d38934664f33118

SHA1
3d66502909fe71074f1b814921831c5748f8678a

SHA256
c09bddd149b40896f99d42a13ac0da3bd684775c7a8e0ce7788212c7503344ce

SHA512
c89f8a24c8c81c34b80448061492d61e5274ce07eee49731c73701b3a70c710192e9e12715c917da33a8f65f5b5d23433cb61374b123d7ce64cb890180449e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dbf84ca1a834749af809e95a35a829a2

SHA1
789d71cfbc66c753e2a1e4f5836015f19e4f2b07

SHA256
7e7c314585402caf3dba840025dfa7df3cf40fb64cc0103755c8f04fffbee28d

SHA512
dc71aa39d14e66df4bfabc961f5bcfcca26eeea1bff1ffb1905ba6394a69b702ddebfd39f7d2af9dfd267577b7c209c3f5daf90ff642537a1d1f88b679adcaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33a0a0e6e08c123190aab13c2ea38f9e

SHA1
4419ce1e8977662b516220498cf0d15e2d2da961

SHA256
b8c8c17bd4a43d1fd4bff5117871a296c0ab7943a6d9bf7f7299aa2feb826b4c

SHA512
d3e78d5f654d83855e8c716f6114a6b928c36a705b4007456b2981b98f2968f3135348f3512abc27ebc0a45301cb450bd1df90e404a92ae52888febcb412dd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d67c305-b767-4999-ad97-24e125588d54\index-dir\the-real-index

Filesize
2KB

MD5
5e15fe495949cf23b71b713189e85772

SHA1
0805f8763389cfdd1bb81b45c6d10ff3ef0723c3

SHA256
805686dd2110ea830bea3e1f178a69a71f4cde1019a7d0debb73a4f5fadde3c4

SHA512
b2f58fd111422b1c6eb3e4eb570edfcae17fac4fa7383808a64de20f83b0afdf9f0cc9c75562373b5d8e347c1a82c8a3d5f7051ca9184c21125f3c6342c50b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d67c305-b767-4999-ad97-24e125588d54\index-dir\the-real-index~RFe580c7e.TMP

Filesize
48B

MD5
734b8d980d38b5d7dc5bbc132eb0bf55

SHA1
c5ffa2dfe8358c49b41b6b939b8f6248a58d6cdc

SHA256
426d8889eb6b032c7943de99e3f2d9b0e91589c5f13d37143b31c28a5fb43ec0

SHA512
be91618e509b3d9037f6a35e54309b9763c72486a9718e2dfe80bbac13cded46bc3c5b3ce523d1adde28515ca4c0b63ee6112e59eaa3d3a4adcf6855905864b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
24ebf74d63d4b90a0b9e2aad3d00ac09

SHA1
ffdeef90bb6dfdf402577e241028813a8dac3b47

SHA256
ccbcb541cb5db6f7996e681ed0bcae3699bfb215a064d4cbe1b5c5cde8e9982d

SHA512
d8fd7579eaf87d8e6ea7ed72ff1d94be7935d95c93badd6cefff5bb3d724de0acf02d5f647588f623811ed1d4eebd8abfe9e7ce37d4cdf457b4cf1de7b964621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
9c9a100a8a164ff9af5ecb331ae692c8

SHA1
3a16b4da4a369ea5afa29dc6f5d6d2f4b21c6155

SHA256
ef28334e3619cad1ce2d639e4efb815b314bfec63236a9a0ea5a71347b3b7d47

SHA512
ba8d15a290912ab65cbed352a48d4abbd202c84de850d672e328cc88e95aa78878c02f385c12f078dfc16ef0afcc50630bdec1fec90285df17b00da8037818ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a64404e1073f884349786f260be95c94

SHA1
378b452d10f81a2574eebe7a213a68331ecc180d

SHA256
0504a786a049970928adcdc00c44f2847b70a720100b6677ae51bfa7315e3395

SHA512
6287cd1d50eede36c012c231f4355108c7884a63da8a0c11829787c889738eda492e8c13a5dbde2adeb3c67578f7e9a55f2bac2dd822115b11143a633d793383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b47b.TMP

Filesize
89B

MD5
c1599fa24e44a0362a1d6654c3e89896

SHA1
e5629e3d5ff8eb488406cdd5b479d5d255d450a8

SHA256
8deeaf68105bf2f485a66c6d28560151dc12b8a8927eb312336a06cf4ac8969a

SHA512
f018d7781e7afb66c3ebe77e21516da63f310914cfc573a63d856fdbee2ecd861f7ceebf9d5dcb20b0ff185bc9b24d9683f40d93c88e765cf973a2a284ed20bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4c10c876304e5a5a293b8e15ec166556

SHA1
e962fa9ff0a1fb893d96d58f1ebd3fdf7a47d41a

SHA256
ca2f848575c743eb86ecf83aadfef6ec617f9408e067c4e14c83c587b5b1be1e

SHA512
51b342cc3a5ca4b7257817083429b6dff310dec99c7ad95e16e1db1472bbc9bec5fed888f5e1ce2ad12b9698a1202dce34d9faf28d551568716a2ca061a6e01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580376.TMP

Filesize
48B

MD5
71aaca20dd1984842ea52fb91a53ddf0

SHA1
47245c0ace8202fb50431e03b954da26b00d3372

SHA256
79c6b58c782f8e711b227da8e4a5bc64e505bcdeac9031b392b2f00fd98a4666

SHA512
ddf5e58070f69f22362b322d7844356db5bf9635c4a07cd24a7704836c68501870d4c7881bd0b8a390ed1da94a00e1c7a87ea229a568e487c3249a015726a844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad91f457b48f9040f8b728d2a058fbdb

SHA1
d8789fb97b25afa6930fc158090a9cb4b15c0939

SHA256
920126f2ba3458ccf2824313d535e4ec605d3be79cdad68180fa565a259b2277

SHA512
488fc899bb90abc770718758716fb5ef5584519a06212275e5292726ca99ef422763c40c8c987bbf51d28377270b8cf50b272bfcc3e2d26660da8eef94d36187

Download Submit
memory/3396-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/3396-3-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download