e9afb4c74de6824360cdc805a33948c83fd3624ea4fbfd61bbf66314eb77a294

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe
Size

1.6MB
MD5

ec25e8234d9cf1388a2d97407d845b01
SHA1

0cd7ab43fc060557525ae08a8b0a91a8f4f1fdab
SHA256

e9afb4c74de6824360cdc805a33948c83fd3624ea4fbfd61bbf66314eb77a294
SHA512

2b870d279522389b281f4db334cc3d1e2b683aa527100d06fd961173da7b5b0124f14de778f38e341efea4f59abca8db34eb30884f6376a761000486adca66f1
SSDEEP

49152:0vKyrl7qkuiN0FnnHMvq/IXxsheEnotfw23SZ:0v/rl27nnn7AXxA6faZ

Score

7^/10

microsoft phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3464	Ko2FuckOff.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
5604	msedge.exe
5604	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 5212	4196	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe	84
PID 4196 wrote to memory of 5212	4196	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe	84
PID 4196 wrote to memory of 5212	4196	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe	84
PID 4196 wrote to memory of 4868	4196	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe	85
PID 4196 wrote to memory of 4868	4196	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe	85
PID 4196 wrote to memory of 3464	4196	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe	87
PID 4196 wrote to memory of 3464	4196	ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe	87
PID 5212 wrote to memory of 3488	5212	cmd.exe	88
PID 5212 wrote to memory of 3488	5212	cmd.exe	88
PID 5212 wrote to memory of 3488	5212	cmd.exe	88
PID 3464 wrote to memory of 5604	3464	Ko2FuckOff.exe	94
PID 3464 wrote to memory of 5604	3464	Ko2FuckOff.exe	94
PID 5604 wrote to memory of 2740	5604	msedge.exe	95
PID 5604 wrote to memory of 2740	5604	msedge.exe	95
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1660	5604	msedge.exe	96
PID 5604 wrote to memory of 1764	5604	msedge.exe	97
PID 5604 wrote to memory of 1764	5604	msedge.exe	97
PID 5604 wrote to memory of 5664	5604	msedge.exe	98
PID 5604 wrote to memory of 5664	5604	msedge.exe	98
PID 5604 wrote to memory of 5664	5604	msedge.exe	98
PID 5604 wrote to memory of 5664	5604	msedge.exe	98
PID 5604 wrote to memory of 5664	5604	msedge.exe	98
PID 5604 wrote to memory of 5664	5604	msedge.exe	98
PID 5604 wrote to memory of 5664	5604	msedge.exe	98
PID 5604 wrote to memory of 5664	5604	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\winupdate.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5212
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy "C:\Users\Admin\AppData\Local\Temp\ec25e8234d9cf1388a2d97407d845b01_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\\usnscv.exe"
    3⤵
    PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4868
- C:\Users\Admin\AppData\Local\Ko2FuckOff.exe
  "C:\Users\Admin\AppData\Local\Ko2FuckOff.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=Ko2FuckOff.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe062146f8,0x7ffe06214708,0x7ffe06214718
      4⤵
      PID:2740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
      4⤵
      PID:1660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
      4⤵
      PID:5664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
      4⤵
      PID:868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:4588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
      4⤵
      PID:1712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
      4⤵
      PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
      4⤵
      PID:1812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
      4⤵
      PID:2640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
      4⤵
      PID:1208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
      4⤵
      PID:3508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
      4⤵
      PID:5396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:4544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15524612918329781237,11757365995357943724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=Ko2FuckOff.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:1656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe062146f8,0x7ffe06214708,0x7ffe06214718
      4⤵
      PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Ko2FuckOff.exe

Filesize
403KB

MD5
776a250f66356e53bd5c094e197a5b3a

SHA1
b37b51b66c8d5300eb8b6671fd9a88d8fa33e7c8

SHA256
cd7768e7c3f1cd83af4d12e6ce1de373ea792d6a0de53f68dd5ba66bb6cec46d

SHA512
6317fe647dec807e3e072ede791a7bded7e32580271fd141a03c3b2a9f31a7766ce82320e5c36c7cd3bbb93edd7c95a44809aa62fb68c30500b58f611700c443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51c091ea-0572-49a6-a1ff-98f28980bbb9.tmp

Filesize
6KB

MD5
f0050254d297ec81adcd45a56e967803

SHA1
4a6210b57d467259303c6a31b40ee49d2c4474c3

SHA256
07baf8c92ea8ffee162f84031578e4c893bfa7e82ca3e7ec2047e0010329d7ac

SHA512
7dd656940fdb7e983ccac344852ff159f48b4845a060e01784cdfbc8bc61e12867408389c74815c766c09ced12a590cce7468b82a550afc493dd837937ecf3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b8815b28baed14b8047b89869b4cadc1

SHA1
77028a7c2c91988fbc60a79faa11b1114dacf114

SHA256
b07d6e026e2b03cd268838fe9aac200956b23592fae93cf6d6d420e97de84318

SHA512
ba73daad62d413a9958f0efd6e058414fbb695eda6ea9d4f732561d12c05419fb5e106e7ba41f8f52abd1af850195b7680dcb38173785ff256243ede43f1af18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
442feb9df9aa825db4714c92fcd658e6

SHA1
0ae3d5d3b881fa17d9c5e12c17474522d50e96d2

SHA256
db86b87a4ef8e8f98430f024330b7c8f6ecf3bbddc50fe3b997f38a2b79b8f2d

SHA512
6ed11610302c3b5581a5b469c6d51db8d177055be95f705ded7f2f0e23a231c715e3fab1ac4f224108137595c93fc1304baeefcf67e719aa7b19c0746fd99cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b60ecf7f9ea19e0d8766c0f214fbb9ec

SHA1
4c45b135f5877dc771f50a0257380cd8ffb5ec82

SHA256
485928b80e4edc8c6b0281f081c54f8171d56b420d8aa7bf3742d701869268bf

SHA512
cc46a0eaffb004a13b3b60aecce674e510accad43b039ebac48d7ac1a276cc882a7eff8a5c7a98453b00f70ca5592e7d08d92783b620e6c208cbab3280dc33c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4565664d76614a3dbc3101d771332cf2

SHA1
649494fe5a6236ea3929a5c60f843e6d09457fd1

SHA256
7d0b1134423699b2234557a109dbea280eecc89813cb345086c78262da44a1d9

SHA512
1cd5c45406fc4336ada53e32b8f844c17eb57267965b7fbecdd3fb2f094c237f9589beae0cb760b544f50680a37cfac6c759e76d2596a355a92f1f3be0abbd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579cad.TMP

Filesize
371B

MD5
fdadd293557103258db2a0561b58dd4b

SHA1
20409aced78203be27ecd7a4c3d83a48628aeb33

SHA256
b4b20afde948b49a080d496ddb5112f90d94474378a78783d61a086c3c5ab725

SHA512
1fbd0662af12d9bc996cf576403406536829795271b8dd03771dd402c7a1f3796f2c571de3dab3fc6fef70d6cb16f4ceda42ec682f8717f2cab25d911a92aa97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3833b411dca442278a9cd65fe68a67e

SHA1
48b356296a10e57f1be2bf522e49ef3e2bc1f76f

SHA256
6eef5e87d07588ccc62b2fb2bd89414f1e8e42665afdc74041fb135b4b7d884d

SHA512
d6a5da4a15503411618715d19a6a54431292dab083b9f06a82f97b5290a2e5dcd00734c69aaac937ce1e2719931796fad9ca17db061b3d4b4716dac0fa438766

Download Submit
C:\Users\Admin\AppData\Local\Temp\winupdate.bat

Filesize
162B

MD5
f4628bd71ad81679e8e7824737478fa6

SHA1
c25c088af824cf653b7a9c9cff7ced4d9f53c3ae

SHA256
eb38a61d889818ad5a6a5d3e229b0fcb8561f6b3889cb1386e9af815aaa1f975

SHA512
afc4f3e1b6b14526620f71ee6ee49412422bded7f0f0afffcd8bf838d7f9a824764f86262b2075745a395f4f5c632bdf2fbbe4d806edaaa8b67bcad995228dfb

Download Submit
memory/3464-99-0x0000000000B90000-0x0000000000BFC000-memory.dmp

Filesize
432KB

Download
memory/3464-15-0x0000000000B90000-0x0000000000BFC000-memory.dmp

Filesize
432KB

Download
memory/4196-0-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/4196-16-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download