Overview

overview

6

Static

static

3

a915c74b7e...18.exe

windows7-x64

6

a915c74b7e...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a915c74b7e3f795f4d64eef0ed86363a_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    a915c74b7e3f795f4d64eef0ed86363a

  • SHA1

    dbba333c6495a79e783be7a3c5214c6fc0a21d1c

  • SHA256

    5b1270026cbc261ecb09525b398cbc798cc4943f15505c3207195d7fd738050a

  • SHA512

    957160acfc20cf4c7ef0bceb79a58692c1b19e30b4bf83434010c491583f93203b05d878318afd3c407ee512e2cba7954ffce9fc6ad7fdb0b49021cb96ff7a8c

  • SSDEEP

    24576:4kkBUgnyu4MUEb7wQiSRHW/nSnmpfGlPnDv2QNgGpThSRT/z+mpLuQajkbB:GBvnV4MUkliSR2/SnWsPDvLuetSEmLJJ

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a915c74b7e3f795f4d64eef0ed86363a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a915c74b7e3f795f4d64eef0ed86363a_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3236
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pekalongan-community.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3440
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad95a46f8,0x7ffad95a4708,0x7ffad95a4718
        3⤵
          PID:388
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
          3⤵
            PID:4720
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2756
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
            3⤵
              PID:2536
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              3⤵
                PID:816
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                3⤵
                  PID:372
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
                  3⤵
                    PID:5004
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
                    3⤵
                      PID:2924
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                      3⤵
                        PID:2404
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                        3⤵
                          PID:3496
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5708 /prefetch:8
                          3⤵
                            PID:4632
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5720 /prefetch:8
                            3⤵
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3808
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
                            3⤵
                              PID:2332
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                              3⤵
                                PID:4692
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
                                3⤵
                                  PID:5560
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5812
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                  3⤵
                                    PID:5828
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
                                    3⤵
                                      PID:5836
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
                                      3⤵
                                        PID:5944
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
                                        3⤵
                                          PID:5360
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
                                          3⤵
                                            PID:232
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
                                            3⤵
                                              PID:5736
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
                                              3⤵
                                                PID:5448
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
                                                3⤵
                                                  PID:5624
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10797863956574869197,6057056902551872735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6844 /prefetch:2
                                                  3⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2076
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://adf.ly/6CMFK
                                                2⤵
                                                • Suspicious use of WriteProcessMemory
                                                PID:4468
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xe0,0x104,0x7ffad95a46f8,0x7ffad95a4708,0x7ffad95a4718
                                                  3⤵
                                                    PID:2624
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,9179836293144976255,4018464650698980662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
                                                    3⤵
                                                      PID:2996
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,9179836293144976255,4018464650698980662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
                                                      3⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4848
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pekalongan-community.com/
                                                    2⤵
                                                      PID:5728
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffad95a46f8,0x7ffad95a4708,0x7ffad95a4718
                                                        3⤵
                                                          PID:5752
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:3292
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:1416
                                                        • C:\Windows\system32\AUDIODG.EXE
                                                          C:\Windows\system32\AUDIODG.EXE 0x4a0 0x510
                                                          1⤵
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:6004

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          2dc1a9f2f3f8c3cfe51bb29b078166c5

                                                          SHA1

                                                          eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                                          SHA256

                                                          dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                                          SHA512

                                                          682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          e4f80e7950cbd3bb11257d2000cb885e

                                                          SHA1

                                                          10ac643904d539042d8f7aa4a312b13ec2106035

                                                          SHA256

                                                          1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                                          SHA512

                                                          2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          672B

                                                          MD5

                                                          8eaae74c341ffb1b580ea46c05e4fb19

                                                          SHA1

                                                          04080b53b9b10d2ca2534c4846ad6eed6798dc01

                                                          SHA256

                                                          9339b8c44975494f8445a5d047d2d76f5ae9eeb5b2452096c76d16c3ec3fa445

                                                          SHA512

                                                          38e26616e007db7d11715c96ff7d3693bc3569f3deb8fb214ec8930b5a7b1ebda567d406e9da5bb970f999a92607b811f406345dbe51051f39270944247c2316

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          434eb201dfd7c2ca6c4ac58a19733ecf

                                                          SHA1

                                                          0255547543b666995d8c4efef03840dc9a60a251

                                                          SHA256

                                                          b64886ea18dfb48f2ff491338b828ce6c523630ce8f4119e46702e7ea8a1b5d1

                                                          SHA512

                                                          caa254d1cf5259ba12ac07ad7d40184dba295508e6254b63e6a445a315f578220099d4007e38ca58b0bd14039066436278124aadbe7a7930165eb5c748415c21

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          455baa15cd7e628268f6d02ca0f687ec

                                                          SHA1

                                                          98b90e51f26468e3a027681fc82eda23b9868403

                                                          SHA256

                                                          efa81678dc71d3bd003d0b662634059ae87c383bcd8bf344e190c7178b1b5e67

                                                          SHA512

                                                          e75f1ba81008e98fc456c05c6bd9383b4df8796e43bcfdec23ab9306c70caaa3b1be10078201a0c21d7ecbd634566e8255bcd13e9a6891d4314685b24a580c51

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          187c13fb6ba4ff05a3346fcf3b937a5c

                                                          SHA1

                                                          42804812e4169426ea3369407dcd8dc34a5b0a3b

                                                          SHA256

                                                          d8674a70589cff5f78ac86666a38b169e57b7c2ecac743cb9de750f38fdb7a51

                                                          SHA512

                                                          f4ac4c26c42f81073f0dfd97b7fb49f70e50bb79be84ff3d60901a91602f1fe8d17ec7705ec7a6e5e83d5642be4001ace6cd8d0b5ebd6485b04fff536f8d6777

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          938d2b6053651f7cb1f009c7911d4af3

                                                          SHA1

                                                          89959ef8fd7a8f53ec06503062393600ef8c046c

                                                          SHA256

                                                          6de953462f1e3db6414f643ab47b82bb171a96aee81d33f9d3a717e36f6fe6c7

                                                          SHA512

                                                          5a934606154055de3bc40c3e149e48e366070da353bd479848fc862337cf68859dca49534e000adabf20d426c7c0d60a14ff75c8e0501bb9b8cfb1ab9be41865

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          454a188984382c4eb53bf9064e664366

                                                          SHA1

                                                          0412d8cc7113f5232d37c8116ac20da0fc15a2cb

                                                          SHA256

                                                          75a59c489d13ae466af670c18e6df1237bed55b91505db958250cf4c6abf3a01

                                                          SHA512

                                                          1f213ceac9250c6647585fcb334f11520540cee48ca09686a22568ad76d41f9509119c07f160606f694da69fa05787d5e193ae73dcd49909a2fd10112fa243dc

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          309fdd371079fa5fbea2ed78147d00c6

                                                          SHA1

                                                          eb89451373e6455201947137e22e0e711b2dcc12

                                                          SHA256

                                                          99fd1125268e13a19b41fa234ca29c7b15279e8947e5854cef1c9318666eeb98

                                                          SHA512

                                                          19cbe4ba3eca3e9ffc3724676a8bfce0189830a446f524c8e5e699120dedacc57a90e8e15941328993f2a1f30c2c9adcac08c48f186518a3cea044808f01e088

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                          Filesize

                                                          64KB

                                                          MD5

                                                          3a16ce313f0aedba14943c83ef4a853a

                                                          SHA1

                                                          e3d635fcf3471a638153e8756da3d3e06cf102f1

                                                          SHA256

                                                          0d6943432a32c38e203c1a2eace24145e470b06d9d73bdf3a82a32955124d00d

                                                          SHA512

                                                          a89b9b75ca9a0556eff3ddfc202ac17e3d78c2a5334b61a1f97d9aa802234b2bbcb43b20fe2440d45c6a742e69a4032cdae5e92e491d1a5b79fe21cdf475ae6a

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                          Filesize

                                                          9KB

                                                          MD5

                                                          7050d5ae8acfbe560fa11073fef8185d

                                                          SHA1

                                                          5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                          SHA256

                                                          cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                          SHA512

                                                          a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                          Download Submit

                                                        • C:\Windows\lwagu1.mp3
                                                          Filesize

                                                          206KB

                                                          MD5

                                                          1ff6a54281f66bd35e368d1f179414e2

                                                          SHA1

                                                          ea61ad1b49d710b4782648faf8efd72456de4d89

                                                          SHA256

                                                          074a98e15a3ef24a24d945b0baf23f5b412751e88f7d43f794eeba5e5b84e056

                                                          SHA512

                                                          b50f3fe891cad4f882bd1e506e28744b521ab9e4d491fcf11e460306261d209b9744c1dae381aa2d76fff9649e8dfc1ed1fc302ace269b19e0c740ad2763eb5c

                                                          Download Submit

                                                        • memory/3236-224-0x0000000006A20000-0x0000000006A30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3236-218-0x0000000006A20000-0x0000000006A30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3236-225-0x0000000006A20000-0x0000000006A30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3236-220-0x0000000006A20000-0x0000000006A30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3236-251-0x0000000000400000-0x0000000000540E14-memory.dmp

                                                          Filesize

                                                          1.3MB

                                                          Download

                                                        • memory/3236-0-0x0000000000400000-0x0000000000540E14-memory.dmp

                                                          Filesize

                                                          1.3MB

                                                          Download

                                                        • memory/3236-221-0x0000000006A20000-0x0000000006A30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3236-219-0x0000000006A20000-0x0000000006A30000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3236-167-0x0000000000400000-0x0000000000540E14-memory.dmp

                                                          Filesize

                                                          1.3MB

                                                          Download