Overview

overview

7

Static

static

3

f5f667391b...18.exe

windows7-x64

7

f5f667391b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 11:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f5f667391bd4f046c7435bac708ec657_JaffaCakes118.exe

  • Size

    657KB

  • MD5

    f5f667391bd4f046c7435bac708ec657

  • SHA1

    0eb6f35f833ded86ad6ee3cb032e22a8d4fa97a5

  • SHA256

    bf852e1e4ddd007b5cd89f9c0fef336461ab26055e6f10e1d84cba859adebcdb

  • SHA512

    a804ba475db124582e06959d1b76f622c1b42c0638bb2ee06f1cbee9448b05d3eda261826a3f4e2201449df22a7152d6723fb4c946df1ee4a54fe7bac4e7cade

  • SSDEEP

    12288:TRUFSier1Hwo2M51BnrBqslQ430ctbFmqfvF3Z4mxxnztZLgCqAHnDtspnP:TRUInvRBnrBqgRP3mQvQmX/UeHD

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 5 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5f667391bd4f046c7435bac708ec657_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f5f667391bd4f046c7435bac708ec657_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3544
  • C:\Windows\G_Server2006.exe
    C:\Windows\G_Server2006.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3500 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4284
        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=3004a
          4⤵
          • Modifies data under HKEY_USERS
          • Suspicious use of WriteProcessMemory
          PID:3604
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=3004a
            5⤵
            • Drops file in System32 directory
            • Enumerates system info in registry
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of WriteProcessMemory
            PID:2508
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9686346f8,0x7ff968634708,0x7ff968634718
              6⤵
              • Drops file in System32 directory
              PID:3032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
              6⤵
                PID:4920
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
                6⤵
                • Drops file in System32 directory
                • Suspicious behavior: EnumeratesProcesses
                PID:4624
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
                6⤵
                  PID:4292
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
                  6⤵
                  • Modifies data under HKEY_USERS
                  PID:2484
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
                  6⤵
                    PID:1896
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
                    6⤵
                    • Modifies data under HKEY_USERS
                    PID:1856
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
                    6⤵
                      PID:3244
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
                      6⤵
                        PID:1184
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                        6⤵
                          PID:2512
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
                          6⤵
                            PID:4420
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10810633897692331435,9809846508996703122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                            6⤵
                              PID:1540
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                              6⤵
                              • Drops file in Program Files directory
                              • Modifies data under HKEY_USERS
                              PID:1408
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6f9f75460,0x7ff6f9f75470,0x7ff6f9f75480
                                7⤵
                                  PID:932
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4616
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4552

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\G_Server2006.exe
                                Filesize

                                657KB

                                MD5

                                f5f667391bd4f046c7435bac708ec657

                                SHA1

                                0eb6f35f833ded86ad6ee3cb032e22a8d4fa97a5

                                SHA256

                                bf852e1e4ddd007b5cd89f9c0fef336461ab26055e6f10e1d84cba859adebcdb

                                SHA512

                                a804ba475db124582e06959d1b76f622c1b42c0638bb2ee06f1cbee9448b05d3eda261826a3f4e2201449df22a7152d6723fb4c946df1ee4a54fe7bac4e7cade

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
                                Filesize

                                4KB

                                MD5

                                da597791be3b6e732f0bc8b20e38ee62

                                SHA1

                                1125c45d285c360542027d7554a5c442288974de

                                SHA256

                                5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

                                SHA512

                                d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                8333a159b473f2c320e5b69c141a4db1

                                SHA1

                                cb3c18be15413a888c051bdd958c56bf219e06c2

                                SHA256

                                6d5f31de293f67b598c2dc64a762e54777325f46fbb0decb99694022a895b8a7

                                SHA512

                                ed6fe59ce79e07f98e3e659ce24a6536763f1d44658a14c840d61887671b9f07363147ab2057413e94781460583882b1f6f5e48e199e561d63b67630a63d7c24

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\66d5d8fc-420b-43d1-bd21-a822451aa676.tmp
                                Filesize

                                70KB

                                MD5

                                e5e3377341056643b0494b6842c0b544

                                SHA1

                                d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                SHA256

                                e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                SHA512

                                83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001
                                Filesize

                                41B

                                MD5

                                5af87dfd673ba2115e2fcf5cfdb727ab

                                SHA1

                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                SHA256

                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                SHA512

                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                4KB

                                MD5

                                1ef2938b1e802ddfea3bccd078279031

                                SHA1

                                f83805ea6dc6512c789e75b67cbe07d57bceb6f4

                                SHA256

                                04b9e6a9fe6268651fa9ea07153a1e2a4f3c3018ca7af4439dc90eae5a6e04f3

                                SHA512

                                80a819de8ed552ed27aafec53407bc1a6bff5cd8754fa4d4108d0eafa91ee453ccb0ba50fb7b5252e711b118edec0c2e4572f6649b34aa4977fae5b55435e820

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                4KB

                                MD5

                                faf47754f655c82347850c1565d25bf7

                                SHA1

                                a9200b2b06dacb325df17fd6c563ad1a0415ff30

                                SHA256

                                38fade6fd41d07233263c5f4e2b0cae2b066c3652b41c6498edb24a13d01d51a

                                SHA512

                                6a6b1928f6785da0874e511e320397ce9f107bde31b7334cdf33e3428bce875206f31ad924c6be622ddafc90787a7fa610c48570a8105fe59e1346258c599210

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                4578d81eea2279cac1b471bcd6913d26

                                SHA1

                                065d78c2ade289845f74139b5f1b7ebe21ddc1bb

                                SHA256

                                bfcb7eea10648d3996f42ae1980c598dbab91f6d8221284cdadc87e4e3774d56

                                SHA512

                                68a4b8fa0c4fd78d9be3b889067366a7494e228aff3c233568629e5683bfdb06575cacca6048c8ac07ea6a18d7160b08ef7611b099facb7039a8ad7c96675b63

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe579625.TMP
                                Filesize

                                4KB

                                MD5

                                54bdf1440a68338cf6aba20c75d2f0a6

                                SHA1

                                7c741e72ada8f3b4316689588f42150c4b35e437

                                SHA256

                                60ac8b2403dd24c1828985d08d777c24fa6aa9083de1a8bbd3fcade8ca0cb03d

                                SHA512

                                c9ff5731614388517b1e10a4333c526fcaa955338f7a207e61a689a9df228379492e2b0fab489f3e0614dc2df08d91cdf53ea7c6e08306a32bbb822bbc5e5141

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                24KB

                                MD5

                                af860f4571b0f0c9a31e01c086f848a0

                                SHA1

                                d6afab5cfc4e1e44b3348da1b1653101bd0762e9

                                SHA256

                                2a1d816c004cd6d367518af8aa6f2e5c0d1558affe392d48d177c5f157be0ed0

                                SHA512

                                a006ce1cf7bc0443111e958639d2cecf02433faacce933426c552839bc605d2cfcf7ae02b8d25a3f3d66773c0180d1d91817f4a5ea1643ca47145b5d3e19dc21

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe57be9d.TMP
                                Filesize

                                24KB

                                MD5

                                d8ed16501a49ae5214d0c9a48bcf2d18

                                SHA1

                                eb4e8e8282a7d887330369ed717e255b74d2b0d1

                                SHA256

                                ecd4afe9b50f395385cbc8a3663956738a6437e2608639b981c9c377a3f18083

                                SHA512

                                9fe12f5bdf44cf8e7b018e8382e84b96105ced6175242d247530e045cbe0fd421d6719ee90d6bbd75afd928c44486b68a8d0cbf9122a4d49e95ad754c0a48b7e

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State
                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State
                                Filesize

                                59B

                                MD5

                                2800881c775077e1c4b6e06bf4676de4

                                SHA1

                                2873631068c8b3b9495638c865915be822442c8b

                                SHA256

                                226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                SHA512

                                e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                Filesize

                                8KB

                                MD5

                                cf89d16bb9107c631daabf0c0ee58efb

                                SHA1

                                3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                SHA256

                                d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                SHA512

                                8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                Filesize

                                264KB

                                MD5

                                f50f89a0a91564d0b8a211f8921aa7de

                                SHA1

                                112403a17dd69d5b9018b8cede023cb3b54eab7d

                                SHA256

                                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                SHA512

                                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
                                Filesize

                                8KB

                                MD5

                                0962291d6d367570bee5454721c17e11

                                SHA1

                                59d10a893ef321a706a9255176761366115bedcb

                                SHA256

                                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                SHA512

                                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                Filesize

                                8KB

                                MD5

                                41876349cb12d6db992f1309f22df3f0

                                SHA1

                                5cf26b3420fc0302cd0a71e8d029739b8765be27

                                SHA256

                                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                SHA512

                                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\c7f0a34d-42ba-4fe8-a53f-14fa820e50a0.tmp
                                Filesize

                                10KB

                                MD5

                                5ea6e468ea434f3898f12398053cf179

                                SHA1

                                0fb0a2fc279b727a4b30332503eaacf58d36e2b8

                                SHA256

                                eff4c80a161e07ff93d1d24cfbd77eb7774d6f0a32c6995e20653553aab9086e

                                SHA512

                                0f4dc28415a6383a4b3d9adfb06cf975c53016f46048486080c5a5f11138ed292e4949bd7cd438b5fa45b11ee9fd9acf3abecb2516c201551aa7bd754e5cf469

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\suggestions[1].en-US
                                Filesize

                                17KB

                                MD5

                                5a34cb996293fde2cb7a4ac89587393a

                                SHA1

                                3c96c993500690d1a77873cd62bc639b3a10653f

                                SHA256

                                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                SHA512

                                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                Download Submit

                              • C:\Windows\System32\config\systemprofile\Favorites\desktop.ini
                                Filesize

                                402B

                                MD5

                                881dfac93652edb0a8228029ba92d0f5

                                SHA1

                                5b317253a63fecb167bf07befa05c5ed09c4ccea

                                SHA256

                                a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

                                SHA512

                                592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

                                Download Submit

                              • C:\Windows\Temp\KnoA73C.tmp
                                Filesize

                                88KB

                                MD5

                                002d5646771d31d1e7c57990cc020150

                                SHA1

                                a28ec731f9106c252f313cca349a68ef94ee3de9

                                SHA256

                                1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

                                SHA512

                                689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

                                Download Submit

                              • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat
                                Filesize

                                20B

                                MD5

                                9e4e94633b73f4a7680240a0ffd6cd2c

                                SHA1

                                e68e02453ce22736169a56fdb59043d33668368f

                                SHA256

                                41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                SHA512

                                193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                Download Submit

                              • C:\Windows\uninstal.bat
                                Filesize

                                218B

                                MD5

                                9962bef9c2ea50f58292fdd3d358c6c9

                                SHA1

                                4a16454c794ea22f67853a0fdf5cad2d75c36251

                                SHA256

                                3856a76f3ae0cf69f1a52de547f4946a1adcd1f96d53da67a7fe33e900cc89ca

                                SHA512

                                fe56b5d50e77b7672def8c61fe98963eeafb2f83dde4729eb348fa3abc113fa97b4eac2a70cbd6d10d6656a46fd29c7f4540e4d5e86e61eaf1026c421ae2bfed

                                Download Submit

                              • memory/4368-227-0x0000000013140000-0x0000000013254000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4368-49-0x0000000013140000-0x0000000013254000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4644-32-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-25-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-17-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-16-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-15-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-35-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-36-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-39-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-46-0x0000000003390000-0x0000000003391000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-45-0x00000000033A0000-0x00000000033A1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-44-0x00000000033B0000-0x00000000033B1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-43-0x0000000002150000-0x0000000002151000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-42-0x0000000002140000-0x0000000002141000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-41-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-40-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-37-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-38-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-19-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-20-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-55-0x0000000013140000-0x0000000013254000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4644-56-0x00000000021A0000-0x00000000021F4000-memory.dmp

                                Filesize

                                336KB

                                Download

                              • memory/4644-21-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-22-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-18-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-26-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-27-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-28-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-29-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-30-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-0-0x0000000013140000-0x0000000013254000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4644-33-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-34-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-31-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-24-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-23-0x00000000033C0000-0x00000000034C0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/4644-12-0x0000000003370000-0x0000000003372000-memory.dmp

                                Filesize

                                8KB

                                Download

                              • memory/4644-2-0x00000000023D0000-0x00000000023D1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-3-0x00000000023B0000-0x00000000023B1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-4-0x0000000002400000-0x0000000002401000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-5-0x0000000002390000-0x0000000002391000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-6-0x0000000002270000-0x0000000002271000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-7-0x00000000023F0000-0x00000000023F1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-8-0x00000000023E0000-0x00000000023E1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-9-0x0000000002410000-0x0000000002411000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-10-0x00000000023A0000-0x00000000023A1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-11-0x0000000003380000-0x0000000003381000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/4644-1-0x00000000021A0000-0x00000000021F4000-memory.dmp

                                Filesize

                                336KB

                                Download