Overview

overview

7

Static

static

7

aa8afa8f36...18.exe

windows7-x64

7

aa8afa8f36...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe

  • Size

    144KB

  • MD5

    aa8afa8f36da9543e143c392962f7684

  • SHA1

    43b2cf52c0671d9f1d393fc519c07cb2ef4b0f02

  • SHA256

    c5cd472b829c614c4c0ffd36ea083829cc6762f5efd65afe9fbd2ae5f11c2e58

  • SHA512

    e4d6f3d888a54f0e711307beb127b066dc5401a3235fbd7933edc952c240fd55e1591842155f74900e943f1b01d95b8d0ae7586b6dddcaff25edd2e02df65e3b

  • SSDEEP

    3072:6B7jZhyZJZ1+5z/V+1cY7J1jSJQolyNz+xez:6RjZhysz/o1ntUe

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5000
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 388
      2⤵
      • Program crash
      PID:468
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs0
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1160
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8006946f8,0x7ff800694708,0x7ff800694718
        3⤵
          PID:3524
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
          3⤵
            PID:4520
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3168
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
            3⤵
              PID:4288
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              3⤵
                PID:3816
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                3⤵
                  PID:2640
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                  3⤵
                    PID:932
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
                    3⤵
                      PID:4452
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4136 /prefetch:8
                      3⤵
                        PID:2344
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
                        3⤵
                          PID:2364
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3104
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                          3⤵
                            PID:4296
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                            3⤵
                              PID:1200
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
                              3⤵
                                PID:1496
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
                                3⤵
                                  PID:2064
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16842340542464748569,2025984420483058942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4184
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5000 -ip 5000
                              1⤵
                                PID:4924
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4088
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:632
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4908
                                    • C:\Windows\system32\AUDIODG.EXE
                                      C:\Windows\system32\AUDIODG.EXE 0x4fc 0x31c
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4416

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      38f59a47b777f2fc52088e96ffb2baaf

                                      SHA1

                                      267224482588b41a96d813f6d9e9d924867062db

                                      SHA256

                                      13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                                      SHA512

                                      4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ab8ce148cb7d44f709fb1c460d03e1b0

                                      SHA1

                                      44d15744015155f3e74580c93317e12d2cc0f859

                                      SHA256

                                      014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                                      SHA512

                                      f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      456B

                                      MD5

                                      c10a4b637e77517cf2c5a347839e67aa

                                      SHA1

                                      1114a0070a00be92b0f6c86e38c881a4e4db67ec

                                      SHA256

                                      62814f80e253a464b38e42e86fafa51fc3013b2e9c1577fda4572220faffad24

                                      SHA512

                                      5563dd2e61e8998efdb07d83da1642e50b10dbf7dae3ed26685eedf29bbd63efb2eedb0bcf6eac48bff3a8f31753674e74120d3c5832cfea3900851cf1cbceca

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      8078529039ede592b0763b19f9b4791d

                                      SHA1

                                      13b303070ee8070bf4951dbe9b61f480af094fd2

                                      SHA256

                                      9c03264feafca0b12efbf244286fc671d7974893064593695167ee3668233742

                                      SHA512

                                      4f02d612840e4553356aef644502a42efcc5828868afd3fbf0e5c0ff79a5d93a32aa9e709adcbbc39e3efda4f108f116031675a54e16f3ece2e8623917ef8140

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      11701820118ec8a11f5c429acf9da484

                                      SHA1

                                      4c609573ab0e35bef49bce35fbb466b2d8152872

                                      SHA256

                                      e62cd1528c3f32c31451303aaebd7f698df478653cfbfdbe839d8105d450a4b7

                                      SHA512

                                      95c77838989149c4a80359e618da8a10a70f3c386e7b78be54bcec3efd15ad510af4482ee88a71162bfa799f82a035b036540048ed6422e72aa1b1788ce91308

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      28b69753a6176c873dddc90e29d3688a

                                      SHA1

                                      2ab34ec3b3f832ee5c155a4384bd533a56e893cb

                                      SHA256

                                      88d0aa55926b17d167a77227be7ce4ff388024abdfd5ea66d223a19ff7f4acde

                                      SHA512

                                      f4484758591b1fbd81f26d417ac315983a7754872b23724a57121cdffc5086fb4bcbc35e133941a4ac381a6d3a0c46fcebe3ece15c9b6516b75d9473e756fbc4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      57b8117b037f26f91b88188055d7770f

                                      SHA1

                                      faa9307bea7a1ebec17609a6b2a87638fce05d1b

                                      SHA256

                                      342cc966ad7e475b4900a98435ef18d7a8ce252b62b7910a4d2704a1df43b550

                                      SHA512

                                      965b97edc328d167f65330f7688dd25d4cc842dde292b57943e78b78cd99bb3e58cb958d91c26eec0ad93893c2c981b4fb7511848597df8851c70ca4882f2e4e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\55a8aada-f3c5-4391-8f9d-192393985f0c\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      f0d0125b6fcad6beaf633c0fc424da14

                                      SHA1

                                      140f8357128ca90a711161fdabbb81e5e77ba7f4

                                      SHA256

                                      13ca8ccc5c97162f4929b4c3f15fcb82d14ce4cbc09fd61d1ada7aa2a1636f01

                                      SHA512

                                      42c9fa56226895641d337c4a3a241c131a797a394b8e2d8284a74c5dc4e987dcaaa1aa3b4a2e9546a556965be3324819fec40191ee781b28729e4b54df56d2b5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\55a8aada-f3c5-4391-8f9d-192393985f0c\index-dir\the-real-index~RFe57f06b.TMP
                                      Filesize

                                      48B

                                      MD5

                                      5e26b7a1366ac91f80cdd257c6989aac

                                      SHA1

                                      087b12d1bdd819d3beba981d288266e751c8d213

                                      SHA256

                                      3d8186733d0e8a062d120ab2994414c83f553de5d72bf9caaf849f383bdcff1f

                                      SHA512

                                      58ca7f95e10b0f9e3ba0aaf03440f390030ddceb6e09485d0df637b20cfd40807f092bea6add405d2013031a34bcbf13ba702604d59d2193c4c7fdc89df2cf19

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      146B

                                      MD5

                                      1ef37509f3e3d4efee565054a2c1605c

                                      SHA1

                                      a953aa287485bfd4da6342d31eaf2eb8b15b2dd3

                                      SHA256

                                      9b8bbcfadc9bbad6f3f7ab311026d62954877f503fb48c24fc142a5ff6983f27

                                      SHA512

                                      dc0b85d02e1112f2a67f5917491078e66f46617b2bb4ec71550fc06dab4a90606a90facc38ef6188a04c20cebf13ef464c6e89033128f63130d2007ac6c382c8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      84B

                                      MD5

                                      4f6735a7e2306d6674022ef8e19e19c3

                                      SHA1

                                      9b71e6d9a6f601c9080b03925cda1102e139ad92

                                      SHA256

                                      a77bdd0f37e58fc04f27fb75d06ad6cf3f517676050171cca1fa0b9537bab2eb

                                      SHA512

                                      bca5662c46873be37272fba6a09d76babb892099b29f85b65ceb167da6b02e9bf9085f725ad11b2cceb6810083096ee3dc8c34efefd111596202106084a12621

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      82B

                                      MD5

                                      758f0b215e6372436e7a4f92c178c9c7

                                      SHA1

                                      3c86fcbb133f5594b7e08d0030c31d71a35b3d25

                                      SHA256

                                      bdecd9bf9eb2c299ef8a65449a5d5a2d70f935fcb67500a043c1b883a0d5b202

                                      SHA512

                                      6e80ab0299192918d48411815710528b014ddd98619c7584f640b0e1357ab9e8b1f53b3feb6619cf462b7b8d2ced7ed2319cdf603b1c645b5f28562637e2fe03

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579a0d.TMP
                                      Filesize

                                      89B

                                      MD5

                                      c7f059afe42b92f6f7e03fbf61de08d9

                                      SHA1

                                      eb8f29133d40f6ebaa27c65b81342b7959a056db

                                      SHA256

                                      7a58bb436404e2ae16bc7a43a1c09b61c69165df65496b737eff4331b39f8f44

                                      SHA512

                                      46b62a133e02a4002be47f230aaeaea683331da8e658655995dc81d35ab3a1403fecaec9479a20f21b10f7febf7b3a06dd897a358bbe5d17848cf07fbae4689c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      b1dc6efcbb0f66fe063395d62e1f30c1

                                      SHA1

                                      a32e6a1aea84d6c115b357a1c21a252d9eb43bc1

                                      SHA256

                                      f8822e793a16623e0ea1c4b11e417ae2d3e711740ee68bf76b1a070be4169745

                                      SHA512

                                      2b607f82c29e5ba818962cf62f9587f9a163a02dc73b9c054e780585b995367ad04996536d38b897a0b0003e02905ca7def08d4399c14e4ef6b88881992c9586

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e918.TMP
                                      Filesize

                                      48B

                                      MD5

                                      d5da38cef7cf4a32df60d1a2543eee16

                                      SHA1

                                      e468deee34dc588e680b3be2a0d28ef4c66b8112

                                      SHA256

                                      e9631ae7b2d5d263563ad1b0e70894c5ec38b6386e42b9d81066a068c8ddbced

                                      SHA512

                                      b5d57334d0fa1e82d499571e5a2a59f43b0c2283210ff19b2d18d0426cff23a51969a13e79fba17268d7fc37c178dc1133509ef065e272c596716105fc5e2dd7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      df96990dea113df62297e8bacf45c948

                                      SHA1

                                      32a72e7429360414695e143f239f6708efa49cab

                                      SHA256

                                      e0222029cf21f9999c2dfb88da48a386fc854e8e38d83f10e7c21783218930d5

                                      SHA512

                                      a13b55bc16cb0f391eeb2645b9f0ec5b7302a28ab6a48e235daafaa75494ba0411d2439e027517ecdba485edcd82460f1a84a3f24603719378a97150e0726ed5

                                      Download Submit

                                    • memory/5000-0-0x0000000000400000-0x0000000000483000-memory.dmp

                                      Filesize

                                      524KB

                                      Download

                                    • memory/5000-9-0x0000000000400000-0x0000000000483000-memory.dmp

                                      Filesize

                                      524KB

                                      Download

                                    • memory/5000-7-0x00000000005D0000-0x0000000000616000-memory.dmp

                                      Filesize

                                      280KB

                                      Download

                                    • memory/5000-6-0x0000000000400000-0x0000000000483000-memory.dmp

                                      Filesize

                                      524KB

                                      Download

                                    • memory/5000-3-0x0000000000400000-0x0000000000483000-memory.dmp

                                      Filesize

                                      524KB

                                      Download

                                    • memory/5000-2-0x00000000005D0000-0x0000000000616000-memory.dmp

                                      Filesize

                                      280KB

                                      Download

                                    • memory/5000-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download