hxxps://sourceforge[.]net/projects/loic/

Analysis

max time kernel
118s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sourceforge.net/projects/loic/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
3204	msedge.exe
3204	msedge.exe
5128	identity_helper.exe
5128	identity_helper.exe
5060	msedge.exe
5060	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6140	LOIC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6140	LOIC.exe
6140	LOIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 860	3204	msedge.exe	46
PID 3204 wrote to memory of 860	3204	msedge.exe	46
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 1796	3204	msedge.exe	94
PID 3204 wrote to memory of 2848	3204	msedge.exe	92
PID 3204 wrote to memory of 2848	3204	msedge.exe	92
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91
PID 3204 wrote to memory of 2896	3204	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sourceforge.net/projects/loic/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8232446f8,0x7ff823244708,0x7ff823244718
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6816 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6551364362843564085,12308218776525114944,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5496 /prefetch:2
  2⤵
  PID:5756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Temp1_LOIC-1.0.8-binary.zip\LOIC.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_LOIC-1.0.8-binary.zip\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ea49b81-6686-4d04-9055-d16487105403.tmp

Filesize
5KB

MD5
fdb112ed83f1254484a66ad283447960

SHA1
a1e7162e284a45d2eedbcb096fd438fc766dd9dd

SHA256
ae31b21a55bc53e89c3193e4d75b3c8d77f169076ce982386f844d5f7bde8050

SHA512
0677ff52503dc6d66edfba2b49501067b09ba351f3c0cc86f8fa744db18bc0e0a7d4327650ccef50bd486b8faee8dc613a5e93d34bd14fa96945bfcdcfea1416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
91e4d32228040906d4a09411533c81d3

SHA1
d1feca03fffbfb1bacc47ef2fa46ba921dfee973

SHA256
f1e2ec31f9fda6c65b3be5e465d1d9b8098515ac3ad0dec48567d342cf61da65

SHA512
d63e710f751def70793b9df1bf581087c0768c8efb73e9a70ad6b0438f7519872c52527ef23f8f855ebfebcb59918efc54398b6bf26f6bb3fe1e182e698d409c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
f5125411b224e99edcf9043f13b64eb0

SHA1
a8caeccb33606cc962fba06bac519a9ef7e1bca4

SHA256
ce598f99a6d523417f27539a01b182f98d32d3734e5b26f747682ddded9ed6f2

SHA512
69e52bdf9773654aa78c1ad7e1233be0c9c1b76210ef3bfb225c9889b6fcf1b8c89d159baeaccbb3cc56383ac06cd9ead1d09f31d58f90b9808bd8a955d02235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
57f3573a797cf486a5a992d0e87d3433

SHA1
ed2e4ca5ed5b8e979bc680a84bdcd49b8f8125d4

SHA256
aad855ede21c5107e3780834159af4d2adba92a4cf4025b82e24ec6ca6891cd7

SHA512
1f536b41aeb67b27e434bc09282c9d41b8188b808e30d4d74a6e264d1fe886ba77f5d2e15e7629d52be7bf38af152a4e72b1e2ac92a1a1bb6ca88bed43c9c7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
25d76b3b7bf02b1deacbe4d3d807bdd0

SHA1
0ee18406dbe275548fd561fd704c877bb877538b

SHA256
9d9800939b2c22e85ea0b4a872920f75007926f57aa2e5d7510a27f86c63d90c

SHA512
c618b83667e030ea40578fbf415ecc2b7544b383323e8c80d058ba614f821a4db1b18a776962d488c8882b39fa9bc7cb91654f4ffd89a9c995f57c00cf47fe39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9131e0a7af2afe6bbc2dbfe9f7445235

SHA1
9062299119bdac16aac269f4c6785a327e90b35f

SHA256
0065fad5b7f742f17d5005df837409352f65f040f49bf7d560c3dff8db397cea

SHA512
e75aed3b9c3236a3fde2538c0c41c27a05d7b31dc59ce7050d1b41789ecc2487be9f4ae2a4ad481709a2f909253b1de94afe06ac26f6c99c9d151606ea832777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
83c2037be6b1c0b67febce7390b97238

SHA1
d38d5feea3fa5f8b28c06eeee0bd4b17d5ad4e7c

SHA256
8ac721567101a3b262359c1d694b66ff42ef874a1de450de287cca4b654a48a4

SHA512
498a2fdde4343980e7c8627a911a19b9a33276c3081631097d260fc43ab669408031451d8fdce5a509b769d51726a08c7566a86e5adfe1dc9f0b65144444c5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5b3.TMP

Filesize
370B

MD5
a043d1b875bd3f1d486bedb5ffed92af

SHA1
40e4bbf7b0b4193c931f492bc69dc20579461d0b

SHA256
d6a4e51203b1eea30d81fabf91b8ddbf5cb2891204541e0792db762898e4e329

SHA512
7fe46005bbee36f920ab32ac66d924b0c83b5c3f3f9344c4db5d2c0b0d04ab9f2c00103731b87a0dcb067b6d649e4ee47d3a04338a29b3819109f88d3963b83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
787492ac710bbca08cf5bb6d86beb289

SHA1
27e0bb65bea33b5fef609815234ae0f0611bdc48

SHA256
22c8ad60a1a05a0740c5b5cd97cc658cc9e059a37fa1099787be635263daf477

SHA512
de516e5e808eb43d3e719cbea58a81a064e385b84678a372618efc9a8559c83192dd7f5faa0242762690bc4f7a730a617cf3ac4692d875c394a8cab026602a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ee39548c9c6684678d9f19ada16c2b7f

SHA1
1505f447da3acd206bee9c36ea42a005e96bc0e1

SHA256
6801e8926a28af114ed8b9b582302847c872a9ca2fb6d4585d117156dfaba16e

SHA512
f821fc76305438159abd1cf18e34a4278c11ed3ff8a3ef657b2409aba63937c5e34118b9bed6d60ca462f8c1330ab16a6a2d9b6e09b641421d819ef23768d1f1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 475863.crdownload

Filesize
100KB

MD5
c615da1584cf050cf81a08d40309d735

SHA1
ff00f68b03f7bbc785284abd95a54d5b98f7db9b

SHA256
b6d6e0d1dce867836a684a0af278e46ed4a50be49a784ab7bfcb3ed59841c9d0

SHA512
127429a243595b572a3bc9153243f39e4bdb088b72ca5b9d3962fb36c031bd42ae7a8a326aaae76e11bb33df56925e3591a4c07a7cbe2459b336a1074b8e9113

Download Submit
memory/6140-213-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-211-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-210-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-212-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-214-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-238-0x00007FF80F010000-0x00007FF80FAD1000-memory.dmp

Filesize
10.8MB

Download
memory/6140-239-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-241-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-240-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-254-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-253-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-268-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-209-0x000000001AFF0000-0x000000001B000000-memory.dmp

Filesize
64KB

Download
memory/6140-208-0x00007FF80F010000-0x00007FF80FAD1000-memory.dmp

Filesize
10.8MB

Download
memory/6140-207-0x0000000000480000-0x00000000004A8000-memory.dmp

Filesize
160KB

Download