5164bcba58d62b772865db0850647c2f9288a17290b7f9bf0d5742767dd2b6ae

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe
Size

973KB
MD5

5c2e0f6fe9ae677d204515257c1ccb83
SHA1

78f361024ae382cd1845814782446d4d44048190
SHA256

5164bcba58d62b772865db0850647c2f9288a17290b7f9bf0d5742767dd2b6ae
SHA512

6e12f7b8c99f1c7752e9c0b763c1ca2e9c433a445a11224a43512d704ae5e19aa07b33a25a48b4e45233192050db9cd8108f642e3564fe387e309c9dfdb9be7d
SSDEEP

24576:WP8Fc6z+WDpvI7hOvA+3RRcMUqlZQTYs6U:WPaztBVLRPUi6pb

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe

Executes dropped EXE 2 IoCs

pid	Process
5040	CookieEclipseStub.exe
1420	RBLXFPSUnlocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe
5040	CookieEclipseStub.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3536	5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe
Token: SeDebugPrivilege	5040	CookieEclipseStub.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 5040	3536	5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe	85
PID 3536 wrote to memory of 5040	3536	5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe	85
PID 3536 wrote to memory of 1420	3536	5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe	86
PID 3536 wrote to memory of 1420	3536	5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe	86
PID 1420 wrote to memory of 4780	1420	RBLXFPSUnlocker.exe	102
PID 1420 wrote to memory of 4780	1420	RBLXFPSUnlocker.exe	102
PID 4780 wrote to memory of 4344	4780	msedge.exe	103
PID 4780 wrote to memory of 4344	4780	msedge.exe	103
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 2908	4780	msedge.exe	105
PID 4780 wrote to memory of 4000	4780	msedge.exe	106
PID 4780 wrote to memory of 4000	4780	msedge.exe	106
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107
PID 4780 wrote to memory of 3028	4780	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5c2e0f6fe9ae677d204515257c1ccb83_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Users\Admin\AppData\Local\Temp\CookieEclipseStub.exe
  "C:\Users\Admin\AppData\Local\Temp\CookieEclipseStub.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5040
- C:\Users\Admin\AppData\Local\Temp\RBLXFPSUnlocker.exe
  "C:\Users\Admin\AppData\Local\Temp\RBLXFPSUnlocker.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/axstin/rbxfpsunlocker/releases
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb65de46f8,0x7ffb65de4708,0x7ffb65de4718
      4⤵
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
      4⤵
      PID:2908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
      4⤵
      PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
      4⤵
      PID:3028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:2088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
      4⤵
      PID:856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
      4⤵
      PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
      4⤵
      PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
      4⤵
      PID:2212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
      4⤵
      PID:2456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
      4⤵
      PID:1148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6808019824625852117,10242709958518940081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:2
      4⤵
      PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
a7b131770791b58fe90a1186abb62e8f

SHA1
72b0fef4549737ab00ba534b7513dd97e06b6dba

SHA256
94fac9fc889bb22bba4b0db7c144b87ba12a29f7e148af5bfd017c09ee1cf80b

SHA512
d6b3758d5fe3d3b81771f498996a34a3cb849a47055b3a5601281bc1ef39c885f1a008379e3d03525c2e0c8af45d9969934938a844c74de9f716cd500092ff00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C38AC6B0EBDA4044A36E2ADF650F8E22

Filesize
282B

MD5
dbcfde6952dc744f13cbaf111274ec38

SHA1
35e25cd7d2755b7fd29b392c8b0004c15d4f9332

SHA256
3dc8d1d6730f1be03fa2843c9ddf1ba1bd92747bc81bbb94b08d6994670c9143

SHA512
46fc8eaf698ccc67fb5f12c0c9c7699fd7f24dc783b4e68611007c9655ac66714a0a1e7d310255829d9b6b923c7ab56e9c7a568a1310ce3382e96189af0e51aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
6f78c82189354eefda54e26116fa17e0

SHA1
2033b822b309c8aac2898766d3201db89885d703

SHA256
50788f1b1b8eaa6ba6d5f2d206573128e10a403290b907969f892d4dd0f47edc

SHA512
7a5cd6871a6c84c02e148ca44cc1f56048b195bc0d8b5578aff2e01744338b65eae36530fd97346432d9ada97dbbcf655a3d598630753d007f10527abd47e5a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
d87e9e057d7616714000da74e98c705b

SHA1
b1ce1a64129511c782a1db231c54485f0b63a559

SHA256
0a4824c767290f56551efd137305b8d396fa71fdcf8acc19620f42d34f33700c

SHA512
a72c9cd5524329736f8d82b12ac42954c8bca0c2c7f8d04ecd1543f79ce57fbd26f833609dd73d8fddbe5ce80bcd77a9f2cf7856ffda38249036b06022441740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C38AC6B0EBDA4044A36E2ADF650F8E22

Filesize
484B

MD5
3783fdafe8ed1cf5db15af79a16d2bc6

SHA1
dc6c2c989499c005ef0725924fd1913294e96a93

SHA256
02e8cc2d009ac7b200510d9a73ff9aa583ab360d58eaf4d870d8b30dc50e7a40

SHA512
ca70864a45e25a7642c333b15c0e97ef0d5368dcfdcc9114f901aac247ad4f82597521327f3824cd9d8670c9023c7c5ff5e223e1a6eb09c29b81489ca2c36783

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
dcdfdb55c8b4207828af30fdf89f7fd1

SHA1
80f6ced96734f60c579dfcea214abc9e1802480e

SHA256
ab8735f9d9b498de07ed51aebae49ddad39d65097a6c8832d475432e5efdd090

SHA512
a6e9bc2ea5963f3cf6d1858d40017d15f4656dae4ef4e74ee7287f4334fa3f8c96ecc853a8f4ebf6855473d641782610a3c5f5a32179221cc1e0586ac0cfb3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
662ab7a547c05f2ae7b43903fe99c66f

SHA1
4fe0bbfdf1a341b5d27084eff156d18a2c655a6d

SHA256
7bf9f1fc9e4a12696166c318c280706e7a63d55712e66f67137b0878ec827947

SHA512
c8064e6160f21db9444e6345dfd10b4ec845f03b15ddb531b6d80e0b395c274d1de26d2a2b3a6310fe7ec0978337e6a87400c4ab0c7a18c166ef04ad471f206d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
c55a0ff379cb32458fc626336461c1e2

SHA1
f2fbbe8ef773c99501d14af0039f1c15d1f94bbf

SHA256
4044f309101531cb3772e44d6fc770c314507eec5c37336e866b8163a54770d7

SHA512
0d7230502968d7c5a4c1c5656d856e035ebf71599b42327f3f440a0117044f101c572709d48fb7773169f0f546c4ea4af8a9e6974b14159db602f32f55948cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae411cd0e7699963fac70bc4dd7ffccf

SHA1
659c62bac73722b7f3f38d86d1043aa5ba1becc3

SHA256
7cfe049a1b3d5e3581026700750073c43564bfb4f6cf6a7bcdeffb2f8e873f87

SHA512
ed4f8300d06b8412f3040028d84b83ba4f5f00e908263169550964b175d58c5d1db417c209eb317d7b37055d08ce054a21c4574dec18c8e64d2b02f04583be62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f6ed859138b9eea9577e77bb7826811

SHA1
1791adb60686c3b83c8edc7d814ed87aa51c4cb7

SHA256
f1e9d9790dbc7780308c2c13099abbe7b917a1ddfa2bddac6061d690c79a0b9d

SHA512
25085a37851cb763fb90e02b165ce65c54e3ebe61f92813d010bd53e929d5f2312c100d942e7141836165f9a0c9f7792d397e12d8ef84289c5c36d628eac3b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28c23138db4e09efbfee9d8068d0e5e8

SHA1
e2d875405202088da2751d7443ed7ae719d832fc

SHA256
d2fdc83d6a66ad8a6823f8ad60c500d0a6fc1c2d107a5efb9c312d96da1b0097

SHA512
d29c5401261ff158808b8d12379b0a32bdececb53e13e8f9717426c67bebe7d8005f78737c87bf5fc786e6e72513bde96eafe1501a9f887d2ea54e785f53628b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CookieEclipseStub.exe

Filesize
240KB

MD5
db3f4e8a88fe05e49061e9750a80bbfc

SHA1
9bba5a0042ac0628ad16126f651defc0f055a3dc

SHA256
c063a9a1726d81fbe1ba1978800f2ba4174e1fd64756b7baf21338d5ed255a35

SHA512
542380f465817ce298b36e5a7214afadc0ab987c9878eb704136e2c84ca7e116b8c847f302a6cdfcc1e43822477921e6f06e0535921f2bf9c045cb743c7ee833

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBLXFPSUnlocker.exe

Filesize
483KB

MD5
da45e01d4c30d079316b1a41affb6918

SHA1
7c009ffb5bd4653a877e130d2bd70b281947e5a2

SHA256
f40f3bf2ca61ab5bbb9940137d457be1c0f5177df8ff8f7377e7f363a3de75db

SHA512
65a6d550cd021ee9ecaf5eaa974f3678d86fa8885ace5a1fe4e7909db23d4f6f88689566c7a21ee5a05e9d1f7a04264130debc226151d997b37f86287c7f5f86

Download Submit
memory/3536-2-0x0000000005AA0000-0x0000000006044000-memory.dmp

Filesize
5.6MB

Download
memory/3536-4-0x0000000005730000-0x000000000573A000-memory.dmp

Filesize
40KB

Download
memory/3536-5-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download
memory/3536-3-0x0000000005590000-0x0000000005622000-memory.dmp

Filesize
584KB

Download
memory/3536-1-0x0000000000BC0000-0x0000000000BC8000-memory.dmp

Filesize
32KB

Download
memory/3536-0-0x00000000749CE000-0x00000000749CF000-memory.dmp

Filesize
4KB

Download
memory/3536-29-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download
memory/5040-22-0x00007FFB56213000-0x00007FFB56215000-memory.dmp

Filesize
8KB

Download
memory/5040-40-0x00007FFB56210000-0x00007FFB56CD1000-memory.dmp

Filesize
10.8MB

Download
memory/5040-30-0x00007FFB56210000-0x00007FFB56CD1000-memory.dmp

Filesize
10.8MB

Download
memory/5040-26-0x0000000000970000-0x00000000009B4000-memory.dmp

Filesize
272KB

Download
memory/5040-28-0x0000000001160000-0x0000000001166000-memory.dmp

Filesize
24KB

Download