Overview

overview

7

Static

static

7

1647e74f8a...18.exe

windows7-x64

7

1647e74f8a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-10-2024 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1647e74f8a3277826ef5974d999a17ac_JaffaCakes118.exe

  • Size

    140KB

  • MD5

    1647e74f8a3277826ef5974d999a17ac

  • SHA1

    2b96d684f6a86f431226aba81c1c5bbad45f8fb8

  • SHA256

    bfc08a9cd81081ac2518e795bc3b86420a25958b52c5085ab6ba31dab8fed1c4

  • SHA512

    afe88d5746dee8cbaffe8fcf5c61b0f86190ab33a00d2b43771867a439f002384e4e3bcbf68d0c47c18771366768afa37048a41a0786fd33dfdcd469bf0ae40c

  • SSDEEP

    3072:s6r5Ifw06tL0AQzXFDmh0r0IWJsaOMGzw+Ua:s6ufwTtLLaFDw01aHGzw+U

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1647e74f8a3277826ef5974d999a17ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1647e74f8a3277826ef5974d999a17ac_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 388
      2⤵
      • Program crash
      PID:824
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3724
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb022746f8,0x7ffb02274708,0x7ffb02274718
        3⤵
          PID:4180
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
          3⤵
            PID:2120
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1712
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
            3⤵
              PID:2748
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
              3⤵
                PID:5056
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
                3⤵
                  PID:1820
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                  3⤵
                    PID:2612
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
                    3⤵
                      PID:820
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4960 /prefetch:8
                      3⤵
                        PID:412
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
                        3⤵
                          PID:2024
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3904
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                          3⤵
                            PID:1760
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
                            3⤵
                              PID:4556
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                              3⤵
                                PID:940
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
                                3⤵
                                  PID:3424
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2767612066447646860,5902018002541419277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5812 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1492
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2340 -ip 2340
                              1⤵
                                PID:3656
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2952
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1060
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:644
                                    • C:\Windows\system32\AUDIODG.EXE
                                      C:\Windows\system32\AUDIODG.EXE 0x3cc 0x4c4
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4336

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      e765f3d75e6b0e4a7119c8b14d47d8da

                                      SHA1

                                      cc9f7c7826c2e1a129e7d98884926076c3714fc0

                                      SHA256

                                      986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

                                      SHA512

                                      a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      53bc70ecb115bdbabe67620c416fe9b3

                                      SHA1

                                      af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

                                      SHA256

                                      b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

                                      SHA512

                                      cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4161ed0c-cd01-4e31-8b2d-a819a53b0a6e.tmp
                                      Filesize

                                      2KB

                                      MD5

                                      5bdfb716590c222dbc4928837556fefc

                                      SHA1

                                      3385ecebc6da692cb91af2bf9009e213d18b23b3

                                      SHA256

                                      b2c03cf95001e7520ad98267640a38f42eae509ace7e3ae65a537a8565f10fb0

                                      SHA512

                                      aaa2c9b46388971682c2e2e0a5df1b47f749c9a28a95283802c756e0190601628904c0e7a5a5034df12b36213629ebfd0f20563ff2f4425aa877355b499ec0d4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      432B

                                      MD5

                                      37ef62aa2a1534f06007f83d2ab37cc9

                                      SHA1

                                      6167db1d333f0c7b89b827c4c4de09f37e04f864

                                      SHA256

                                      0f8b253406959abc196dea34e8fc11c6dd359afad063c0405bf261413674732a

                                      SHA512

                                      d6c5b26128f78fd988361d4af681e24ad7d8d770ea8506ff965e0355f58a6f2357a77829786b918b7a7b818daeec30463c57ffa7a40fd78dd7141e68aca25c13

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      d75d115991dcb853d6c118aed2ce8a1c

                                      SHA1

                                      e02d9d934d860aacd727e7e9f938d95b62173786

                                      SHA256

                                      bd46ad6ee9e48988da5d416fc848ccbec3bed9c61a74ebc95a076a2d4c2b94c6

                                      SHA512

                                      034a6478875da61c585c8d9065905848324bea0113c0cdcbe78cbd3765875298884d7f3cbc49c387d65e6d7d680fa2bc65a627d80139fdf2b4148cbea85b42e2

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      85f862a786e541016704ff83a6695ad9

                                      SHA1

                                      2e309f5307dda59edc21355dce02c8b6dc4b9226

                                      SHA256

                                      d35398f7f3c23ad858cdf90f9034f8e669667f5869abdc2d3125b7ddae38dcbe

                                      SHA512

                                      a00f0b7141ad56ac8313930e39146882ef239a31e63577cb19df01dfd321d086b711c1b892cdae46590a662daad641546ace5a875054a1003112b1f140d2c83c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      906280f918a784f6635754c8c5e1e712

                                      SHA1

                                      da17ee73635a97e571cc2740afd0bd8301388414

                                      SHA256

                                      9697e69c64054ddb1bbe6205e5c22846b6a85e460ef834f94d0e08c2fad6e0cc

                                      SHA512

                                      cf1424f3d0591aab73f5c3a61297eca2449378a67df8e6594a96dd2a0618a27214577acdfed5f9fa6e1fff74ff53a53c60aadcf304c9d55e39786b27e5a18baa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\af6a2caf-56e5-49e3-96a7-2cdcfef25d10\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      a8da4a2a40477f979f4e24c1c1a9e361

                                      SHA1

                                      a840f794f8ea2ac7e78438a1aca8fcf1477af76d

                                      SHA256

                                      b803b85df8f8a9035cdee44891799cb42632a5b71753749947170e45473d94c3

                                      SHA512

                                      5a02363c9af4faefcdf278d93d6a83e678b6e7646970c6c1f6f5d81ec7bff2543e7d9095eca2d10ddeeda368fcabb16b3fe0b212c900f4fff3203df3a3e46f9b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\af6a2caf-56e5-49e3-96a7-2cdcfef25d10\index-dir\the-real-index~RFe57f8e7.TMP
                                      Filesize

                                      48B

                                      MD5

                                      36609b04bca76b2847240c4440314ef1

                                      SHA1

                                      92478fb5d58cc68c0293931fb499dda9ec4807e8

                                      SHA256

                                      51ba881b7dad57255bc844b00a7037da4c30dcd00fec2124c970ebeedf202759

                                      SHA512

                                      2b837d748f8366b7120f4116552277fa6d087dae3abd04cd4e5c8bbbfe74edf8624481518d749f3352d7a196a1eacb49c45449f088afafdf93f0c6968078c19a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      146B

                                      MD5

                                      1a17d20f1c21343f505405fa43c55b37

                                      SHA1

                                      db3bd51f3354a19bdb3ff7c66930c67f8c43cadf

                                      SHA256

                                      8059dadf36748858f5f03dc7e82f66cbe2644bae58f0f7a2816fb00e59469d0b

                                      SHA512

                                      1f4be64d0710f933fc95280df7a7d0c579110ad9e445ab8b1833c4aed57ca03ccb75cc1c436491d18c7229f90b8b6b35d6b1a0af6dfcedbe578f29834aff0000

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      84B

                                      MD5

                                      358632dc6c9ac29900004183c587767c

                                      SHA1

                                      7301847baa050ccd97647781f8ce3f573a1f089a

                                      SHA256

                                      7dcc8e574bd7f75b831860d9af157274cebbdd712be6a8e8f09b518af33c3d44

                                      SHA512

                                      33b4eab61f8906d985fc19d4f39e7bf7512fbd759964b7532374d535d0f512b33043b3d1e261bd9a56d395e9f9eb9f81777263a6757ab5c4f72738e7dd26a3fb

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      82B

                                      MD5

                                      286a8d7d3c750803cfb1e63622c386e0

                                      SHA1

                                      83f442378bae0058dd08f0623464d33c5d0a7aad

                                      SHA256

                                      ca7cb1e53b1ad7ae02437efd1a790bdea3114b49d312f27d24f80fb2805a5c3c

                                      SHA512

                                      9b7ea35919d9828afa9728c34dfca5f2eb88c76da8eda6b77101561bbfae6309e1e90363dcfefa10245f0999721ccaebf880773767a4aabec3a95856bcd6b2ea

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a345.TMP
                                      Filesize

                                      89B

                                      MD5

                                      2f247144455beee140b374b30edf39cf

                                      SHA1

                                      10e8dd2972d6aa9b71c12b9c7f8f3784ae760b5a

                                      SHA256

                                      ddb6990cdd76b74308819b73eee4df935e23974bbe76dd1c7f1bdb55ad4aec8b

                                      SHA512

                                      5a6e763c1af39e06a8570f82f43be681700cdc877cfdecb7afe64e584608868900c7df6b01ae6e00032b31eee202f8fb8a7e0199df5f255cf309eae5878df483

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      5ecb0b3f1ddadd18490099035e8bc062

                                      SHA1

                                      708d92f59fb17cba8ffa0a5bca469d709a6b0037

                                      SHA256

                                      cecfe6b0d5e42258e071dcc270cdacad492249062ee1e80a57f9cf3bd02830f4

                                      SHA512

                                      26805d15ad66c71153e361be6279dad81783d07081416bbe76294558a9174f98059eb075b49d64b330d49f20c157248fd1d2a264df36cd5c2c10fe3eb80f2219

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f211.TMP
                                      Filesize

                                      48B

                                      MD5

                                      f8db9429306639a88f99749665323c5d

                                      SHA1

                                      ccbd91b0f6b9fa8c0719a64960e463bbb147ba07

                                      SHA256

                                      67a2bba93f4594f7b0b9e0e36a60b0ac367242b121a457a898b9724bd08ed9d2

                                      SHA512

                                      280b48f300caa6f809e0661408590aeb9ab3142057a5913479323799e0fcf2d8a19067fa5725d0aace8c0c97776ae75ded00cda4c5cfbb9f39dc148d4ff32b24

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      6dd2cce446f2ccf2bde3a49e00c0a219

                                      SHA1

                                      2e13577d53febb0d53772622c79e833ee7b153b4

                                      SHA256

                                      e658580b89cad564cf98b68c9c12da2bbfbf7b2d203ae686659c03b2bcd70ec7

                                      SHA512

                                      e9610c432e6cfbbd679fc6c4e54485ec206a04a2c6271714862e20361f4ab1a4f0360b38eb3cec2a42ca243eb0b35b8455e0347d2190e8aa6f7044232f394926

                                      Download Submit

                                    • memory/2340-0-0x0000000000400000-0x0000000000487000-memory.dmp

                                      Filesize

                                      540KB

                                      Download

                                    • memory/2340-7-0x0000000000400000-0x0000000000487000-memory.dmp

                                      Filesize

                                      540KB

                                      Download

                                    • memory/2340-8-0x00000000005F0000-0x0000000000636000-memory.dmp

                                      Filesize

                                      280KB

                                      Download

                                    • memory/2340-3-0x0000000000400000-0x0000000000487000-memory.dmp

                                      Filesize

                                      540KB

                                      Download

                                    • memory/2340-2-0x00000000005F0000-0x0000000000636000-memory.dmp

                                      Filesize

                                      280KB

                                      Download

                                    • memory/2340-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download