b4798f1f38feb89e08ab516ca10e2f1713672f5e50acbb36794e2a3d89e1cbd9

Analysis

max time kernel
146s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3872d5f78bdab62d7f04a9a387acd178_JaffaCakes118.exe
Size

14KB
MD5

3872d5f78bdab62d7f04a9a387acd178
SHA1

91b7e5da78e2ed7e6df3dc76d1a2c12d99be607d
SHA256

b4798f1f38feb89e08ab516ca10e2f1713672f5e50acbb36794e2a3d89e1cbd9
SHA512

a0e46fa6f6a8873055afaa9762e21a4011d77a30734f6abd71b3df02eb7fe50dc538400676ce621047c659dbd484f01b87e7893898ea61111992586da029fcef
SSDEEP

192:KlHiwXu9Z7PERYU6lO74NB/6OkVDzh/0qo0CusK+lg5gNp8nt:KRRe9Z7SOpBOr/kuEat

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
752	msedge.exe
752	msedge.exe
832	identity_helper.exe
832	identity_helper.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1516	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 752	4364	3872d5f78bdab62d7f04a9a387acd178_JaffaCakes118.exe	85
PID 4364 wrote to memory of 752	4364	3872d5f78bdab62d7f04a9a387acd178_JaffaCakes118.exe	85
PID 752 wrote to memory of 1696	752	msedge.exe	86
PID 752 wrote to memory of 1696	752	msedge.exe	86
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 4572	752	msedge.exe	87
PID 752 wrote to memory of 2348	752	msedge.exe	88
PID 752 wrote to memory of 2348	752	msedge.exe	88
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89
PID 752 wrote to memory of 4436	752	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\3872d5f78bdab62d7f04a9a387acd178_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3872d5f78bdab62d7f04a9a387acd178_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://br.youtube.com/watch?v=BrqwPnxfDow
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc1d646f8,0x7ffbc1d64708,0x7ffbc1d64718
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:3092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
    3⤵
    PID:2820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5332 /prefetch:8
    3⤵
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    PID:3844
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
    3⤵
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
    3⤵
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:1704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
    3⤵
    PID:3440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9405641666991130614,5763740323101174174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2852 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x314 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b815822c01fae2cbe9cba7225076286e

SHA1
572f83479b6dd0e0069c458f92942c6f9ca0d9eb

SHA256
5b0ccd1c487140883b75b6f4f94e211c6b857370e757f57a46c03ddac30f71d8

SHA512
46ab61c14424536376fe90deca1ed615d7d1295636dbf869ce88a86337803e4aac91a2fe7127d1af33996151b2becf30c4cfbca527cba1e9d1d4429f6f934bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
75151cf301daa35e9428730cfc481d97

SHA1
73001e074ab6beaad7a8658c84ff1c15d76b4bb8

SHA256
65e35f383a80e987b77e086c198587733e16f34f86633138c6771cf425ee4894

SHA512
f3afe5c2205123932ca0023a6321c2c7d783e4be93033d2bbf1ded36204daae3dd70d539cbf42bae759a74e7576f55bc35c63ea1142afb361e19454780ff2a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e21ce415a2f7ae5681f432b3d4604e12

SHA1
1d4bff1da2253c42e840e68a405c985164681c6e

SHA256
2b6b24920b71d30a5169a08e4d5431b71295308fcf891caeaa42b08f1065cb0e

SHA512
5ed32a6acd72ece92999a235ef195d11e7a77abc1cf1ace03be048515b29d34ad2161baf1d79874c3f988c775a85a3ff6ae321a682cfb191c2b36fea83f40ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8aedbdb5701f516ad9fa9d088802c7a6

SHA1
b434d6cb03c8a44963549cc9021a110d2210776e

SHA256
2d33e6acbe65a8a0cd792b22ba76ad20d3f4eb1f1331214afeacbc61e4e1b292

SHA512
6c5dddb46b2263b4ebefdfdf9e493736549a1d445c51aeedf916511e023f194c2307771db0afce52f8f198c10dfc899161c9e921edfabf6104e4d7b98df8a9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a18b2e6bf67e5e6777be1182b72674d6

SHA1
25f5ef8251dbf6ce954a2d477dc383e951a3af3b

SHA256
ecea0800bbe72d347f43052e70a9b0963665b9462dce1c71eb9706cfd35e03f0

SHA512
5f4754e76ec65b83e51e5ea0b68a5fc6e39a8e95dc3b4f93146e53a3eb3b9f5efa1c8c6dd538e91a40b6b23eaae82ae8391f120691b347ce247fb06c17c004a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b24f3ef1-1e07-46ff-aba6-ce769a75b65d\index-dir\the-real-index

Filesize
2KB

MD5
02084e2ab6428f0b1d168ab0d7f4a71c

SHA1
98004a5fb7b59f924e3f1b9eecb0afb7eaafdeb1

SHA256
fbc636ceb3beabd23a2c9fd768100ba6c1886c951360165f532c600c653df7ca

SHA512
f53c33f9c9c0600a37dab3f4367c738b8ce3cfe1381698e6a2aae4fca3a95dde01f3788a6a7bdbade76cc762a343dfbe1fab7e6fffd18129253c248640c7689b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b24f3ef1-1e07-46ff-aba6-ce769a75b65d\index-dir\the-real-index~RFe57fa1f.TMP

Filesize
48B

MD5
ad94a3bd26b16ad6fe535a0470b84baf

SHA1
6ce141385f90eca17dc6e4d9854693393fd4407e

SHA256
7729453aa04956275a9598d686f5d30278619074b389c584b8ec7b64961cc805

SHA512
32728e6045720db4537697ff6055ce7203938de16fb82c375b69b9d9d4f775af15c0623578dcde0884202fb76a445cd472477b9a87b874416579e83c8ded85d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e27e641d004b50de430aeba484d73547

SHA1
87e9cfbaa3abc782f7f3e7e03856fcc30251e3f8

SHA256
5bc165f9d0a9d7f92a18ae72dc7f01c56553dd8619f5afae0d8ba82d84be7b60

SHA512
8b02eccd0059aa6eaa7a994734b6ef96dfbb4ca940f31db92e2eecca45804c1ed0ba2e1ca00b66d1d1489ad1731861b5452231da7713a4dcc75ef249999bfce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f56fcfd89477b17942f9cea09da0d5d0

SHA1
fca5176082d13611e589a75ba38de29dda31f55c

SHA256
1c74c56c016bfb6fddd2c26a05dd63f809c94a101738497aca56538ccd01ff5c

SHA512
de6b7d743f367628f6c564764132e6659ef54bedd3c11b64209058b2e7f4da73d156f9da0bae245763b9436875f10f468619bf4d460beea2e24ade6a4001578b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
c4fbaac1b2d7f42976ecbd85c9c8514b

SHA1
c2d64f9d6ce4d7563043292ccd2723e29cb831ba

SHA256
891e11e1ecfd8b3ad3f213ed2a1d0c435095d216da8d7512c022baa425c481b2

SHA512
e0bce70e0e6e6cf29061f3a98a1c7cbd736e68a4675fb93362682588cc3eed176e948db0a6e2ca3ba579ed0d4955667fff6ffbf09e66eda5271f042dabfb52ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a27a.TMP

Filesize
89B

MD5
f37692acbb654b608e121bbf1decd8e6

SHA1
b665142b16af728013873984fc3bbc8c4638a7de

SHA256
007cfa81752a7646ec820327f31e80751fc67d68465ca105dfca3cf8a0540041

SHA512
ab2d3fcc103167ae3a6a8d32d24925fc3ba23adc657608ec33f28cad1245862ab81b82d7fefd0d8758682de7d160335d78574407729e160b514af867bf793066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
43598f13a7f63569c8248aff127e5d1b

SHA1
ff798953e939c4c594fb016cab8a34dfc88e5f7c

SHA256
c71c12cf322b167f4e10c8916c88d94dd0157f972b45597b11e5f43f98d02da4

SHA512
6376f08ce4818ce7e9a2dd45ac5c7889aa4aa53a0279376673e52e74632adda280176bb0834004d5da3ce36611a62cb97bb0fcd12636eafe5a25a5890ea2ee48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f1a3.TMP

Filesize
48B

MD5
cf56ce71aadf6b3366555081d3e910ea

SHA1
1f97ef5d6f8c8c29a1f0d074078c129246957c16

SHA256
9af12ba75d8809e2eaa2c23c8113456e2ec3a5e0e96807d58dba9db1bbdbf775

SHA512
12c244cd753e848e32f8e6857d5f6775b4081b30566499ec2e03ee604b624ff860e3a2d106088f571756f6e8bd47ef5310120800f774fafaf0a9e3e29ffe2b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87b379004658940ffe01f6d4e45e919c

SHA1
ab4c839d18ca7393d0cc60fdfcc32f1c54b449f6

SHA256
ac58af1e0577331c8d9eedc15787f08260dc0b24e2f9b92216193a3a0e831916

SHA512
ba8c47816f808ebc9c3dc9f5b2a1fb7f177108be011c6b775442c9bd0682160cbe8506f3794009e129d3fdb4777b997b2617c32d0ef55a8996a4918e80ae5221

Download Submit
memory/4364-111-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4364-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download