4763ea4e901b67d14268d1f1dceb3a1d99e7ce5efb877ae5e4281c7ba0f40dad

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

374e33fd59cf618c4db8f8ce9964ab00_JaffaCakes118.exe
Size

23KB
MD5

374e33fd59cf618c4db8f8ce9964ab00
SHA1

28a335a13b3c92e5d418add4cdcbf36eca9c28c6
SHA256

4763ea4e901b67d14268d1f1dceb3a1d99e7ce5efb877ae5e4281c7ba0f40dad
SHA512

27980cfffe9ceca771fc069f751b7efcdf74c65ddb4036d495ae8ab54acc15ee36171c34efbf1b09c4cc5dcc3281121112ebf17e8ef5b653090f6a8d4c36d730
SSDEEP

384:p8VK3GT8iBdCmirdvvB/SR6UYPd7XAvICtr6vttqY3oRssOCVOJE4I:qxT8UdLi5g63FDIICUttqZsslBT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2684	msedge.exe
2684	msedge.exe
3588	identity_helper.exe
3588	identity_helper.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4064	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 2684	3584	374e33fd59cf618c4db8f8ce9964ab00_JaffaCakes118.exe	88
PID 3584 wrote to memory of 2684	3584	374e33fd59cf618c4db8f8ce9964ab00_JaffaCakes118.exe	88
PID 2684 wrote to memory of 4484	2684	msedge.exe	89
PID 2684 wrote to memory of 4484	2684	msedge.exe	89
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 1732	2684	msedge.exe	90
PID 2684 wrote to memory of 2432	2684	msedge.exe	91
PID 2684 wrote to memory of 2432	2684	msedge.exe	91
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92
PID 2684 wrote to memory of 3568	2684	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\374e33fd59cf618c4db8f8ce9964ab00_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\374e33fd59cf618c4db8f8ce9964ab00_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://br.youtube.com/watch?v=yG81HKOjDLs
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ff9b00d46f8,0x7ff9b00d4708,0x7ff9b00d4718
    3⤵
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:1732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
    3⤵
    PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
    3⤵
    PID:4432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:1340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4152 /prefetch:8
    3⤵
    PID:3996
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
    3⤵
    PID:2824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
    3⤵
    PID:3532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9197754770758553026,13884502843638500564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
1f852495f55ba1f920d9145f86923f41

SHA1
ef8ec9b82e7f54247a4532259657ebb65ec9ed07

SHA256
099f8a3307fba691a3e5294f017c57da63f758df93623aa91d3fdb0cc011b7a6

SHA512
133433d781f0d73e63869502c4dff2f2e4f7c38ed626e8596c245cebd81af15368e8f8a8dbf2c8939d5e9cc40bf33c747ff034529b4f36e5cdde69919bfea639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e84afd6e44cc8c06e26affd391960e20

SHA1
375350cde914bb6268338c967c3e4fff7cbbff66

SHA256
bee4ffbab7fd578915f031c5f946ced5eb33f8be79d3d789d8393f06f6b95318

SHA512
b39c71a474c29b9677fbe95aac77f89a7e519a1f94d59267525f57b5e08762be67286c9317beb38e09cd47e799c4d4122c217c8e449c1f084e3ea7bc0975b8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
751cb7d65395d32076bc373e38fb8237

SHA1
36ae6784106de2167a43d78a59bf6febd6eab557

SHA256
5a5c0ed6922f3d5a8de2f44d6727db7282581b67322aee8dc947ee256ecfbc4e

SHA512
84160c8b9c21d53e1f6e239e00da7228836e762390fe738d6a2514547a751371c699610bda5096db181deee9184ecf6cc09b8eb7eb72e95f1d0e34a3e7ad1de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e725e59ff8d73046d587d351ceed021

SHA1
0a1baf21c1435b752c0311629019efe2d75206c0

SHA256
7ed471a503e2dfcf18f27155782dda4844eff8dd08349aea458438aa0a2a377a

SHA512
14cd112af6f40bd56f01dc9e5fda0040ec03aad4232669a2be5c10e225664fc8a916648d69eada3492965091014ca7c66fce58be32c594ee46a2cf938a769dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
652752d3594d80d09bcf49fc61db26bf

SHA1
427c0e3291cda9b44388fcb878eeb5a80c23100c

SHA256
1a93ea2ef2159672a5226a4b67c85a9986333120694ad6a0ec74b8de8a1d6da1

SHA512
52e1e5ed35d2c9a5e15c1db4a341869f1615438c033b6d02543a81996a0e4c8c3ba95db953e4b7e0293f278ca50fddaf5084b7dce852569288e3e9d80be63c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\26642c89-2fb9-4395-9eb6-0ab099b24b95\index-dir\the-real-index

Filesize
2KB

MD5
986b4e1214041b9b27a11a4fc4c3639e

SHA1
8cb6b371363d6d98249661ec2b0f33c76618e4b6

SHA256
f9f2750c0ab15fa2e5de1770095eda9061007465bb69632437edbe52d36e9206

SHA512
96aa0bab724d5af215a955eda7bf1c94667061b561e8b1edaf8bca5b0d1f21d11384e34ba6e14a84fa512119d67710d2c771485de97cf2f64addb9be680081ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\26642c89-2fb9-4395-9eb6-0ab099b24b95\index-dir\the-real-index~RFe58335f.TMP

Filesize
48B

MD5
5020a067911c6a0f785c9a11485f379d

SHA1
99971fb8a3ed83e7dc2bcbfb6f9ea2f9ef4fea34

SHA256
86397df5d0d4a6d7c9a09bc0ea0eadfeb2f907b555cedb63ce3e7e6f1656bc3c

SHA512
ba5f16dd98a4abf797ed6d592a4fc739186a2380e7eaefc588f6b19ba4243425ec47cd7b747ed5aba578a475c29051f7e09554bae1852dbe582bcbe6f1e910ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
7b28f26865ec270a5024114524b1c566

SHA1
45d5071badf7037f9b5629173f17414586683b29

SHA256
e1a5ff4928b067e65a0dffc38e337357532141e23909cdc28b6c67647ccfcc50

SHA512
179a28fbf277ead6ba07eca1416cac38904182a0345afb8c16f6f81ff8b422579b387ca8d14834f670f27b521aaf14149499718889779261e4f0a83efbf0aad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3b127ef4091f6ccc26e64daea976bd24

SHA1
e631706b15948ea846d1e89be41ee9f8128fc4fd

SHA256
bc63c59fdf9d5075e39480744519bac05d521736e7efe1423e7235759f6aa291

SHA512
d575ff2ddc16c40066b6adb3ad9e6fb9eb510973e77c122675dd448ecde0990bbeefeb97478ce781d565123cd9f5915df26dcef4003b40c1bceea29521812a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
50914d547777ecb60a9738bee1b28198

SHA1
68190ae3b0959050b5f4dd4b2f6a6192d4be76f5

SHA256
22571316c95e7a0c13ee9aa6c6c84da8d5ffe93e815de9ee224ececb2a2ca4ed

SHA512
d15b9694fb1b899ac8abc9519a2aefc4d552d89a3f5c991af18168b9d75dc10974c65a4457660b339da8c44e9d48299fe722a38e5d49a47b866964adba1bab12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
c487962a6e644874107f4180b8fbf94c

SHA1
ae6fcfc2bf9b97c0aa656a8027ec8c2575d89a2f

SHA256
c418cf0046e52aa3989662e298e14997509acaa69f76a5266b9aebc16c8a228d

SHA512
ae81130d1faf78b111d4807061a14295f2856931b1882a3ee0b316e81d88abb2029aecac26d9696a5a270e22f974c1bc6f56c01d36589f8c5f4548ff9b78863f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
82f17da63516ac68aecfbaf837f49f2c

SHA1
b65256530a39bf85abe97f5c32c0215ac964e915

SHA256
5cba10cae20fa78a3aa19b8e40f3a8eed377a9b990aea82c6bb25d4858ab43c2

SHA512
25c9c01578b598b8587ba78a5955466e5298e296a8e24eab166a2b7be28b9d8c4a51daa511e836da792b750619a6997cb711bf11f75755103f2123fbf2dd1765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58273a.TMP

Filesize
48B

MD5
6fbb65b6c3b82e58e4f08e1b604a3e58

SHA1
51e86d7ed5b3aeee6e3869f64fcba3c46ebd7767

SHA256
afd7d67565e91d260d195050840d6b11b87065600f1f72ffdf01d2cfd6a113a8

SHA512
874ffac41ae0cc348ba97e82aa32d47c6140453385d6ec2d011344df8125a282429f33efc2467d5e712fe636cf24c2b12c57f79c29b8f846d3a692879a5ec97e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cef91733ba686ed6a103474d15748748

SHA1
71aa3e433a2995e491d6578570e601cfc0055e08

SHA256
e152d10f07f77d431d304dc90cf20ea5b8d64dec3f4070e071a7a9fffb3d1cd2

SHA512
af028873f173e82983a3fc7b1598963cd018820a6d1c21856b0a131fd77897a1e18f85c65733e082501aeeb99b1de2d6ec9b4bde77661365582ef26b2e6d622f

Download Submit
memory/3584-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3584-273-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3584-245-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download