hxxp://fapcraft[.]org

Analysis

max time kernel
154s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11/10/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fapcraft.org

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Fapcraft 1.12.2 v1.1.jar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
1668	msedge.exe
1668	msedge.exe
3176	identity_helper.exe
3176	identity_helper.exe
892	msedge.exe
892	msedge.exe
5852	msedge.exe
5852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4764	MiniSearchHost.exe
1356	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1320	1668	msedge.exe	80
PID 1668 wrote to memory of 1320	1668	msedge.exe	80
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4340	1668	msedge.exe	81
PID 1668 wrote to memory of 4572	1668	msedge.exe	82
PID 1668 wrote to memory of 4572	1668	msedge.exe	82
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83
PID 1668 wrote to memory of 3436	1668	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fapcraft.org
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff895623cb8,0x7ff895623cc8,0x7ff895623cd8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,12046256514188275417,3746787423351960224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5852
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Fapcraft 1.12.2 v1.1.jar"
  2⤵
  PID:6096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
1⤵
PID:5028

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5128

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5328

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Fapcraft 1.12.2 v1.1.jar"
1⤵
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\95621225-8ca3-40f4-afc7-9706c558a459.tmp

Filesize
6KB

MD5
865c034224393980662915655979aab0

SHA1
2e770b8202654c7fef8b3dab41647dcb6ad2d219

SHA256
601c1a3c405a7c5a0748dfd6563923ea1a18dbb21eeea2399b2025bc41c7a7b4

SHA512
8a3351692ad0c2ab1e549ea1554402cfe0dd0acfd58eb80a1fdc78e3fe4383ffa7d6511c3f1db1487b8e2f306388bca1e5a9273616c6addbc8b8c9dd20cf4946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
47KB

MD5
b68cc860f02f650ee41f6f236672d0c8

SHA1
7c0061bfde1c8bd8ad7fab7bee3fcdb4f05cb3ba

SHA256
4aca0823538243334a33b2456fbec1a05a5e119f0735e8e006921e74d722f7fd

SHA512
7079858088a73977ac09836392f7d2d0618b1eea3e52a33771b4c32eee6bc8302fbd6132bd65c27d4c6b83d331ac4901b6e0ec66e9ad19e129e6dfceceb889fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
39KB

MD5
b949286ef9d583ff4af9efd5e64457a9

SHA1
3f2973d452cd2f86f782e8e31a015364f785efc1

SHA256
b95694464d68f280b7862b78bd5ffa6808041d7a262a770c254680a0caeb215e

SHA512
370e156a90b09c26fb5f38bd3e696a5687e16b3f3517e17457cc52412d2e26debafeaf15f5f24841008381bab9283dc342c59c1ce88f42231fa8fcc91869fc83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
376KB

MD5
0643d9958a908bf4958bdaa3e1cb1261

SHA1
d5abe9b3ddd7aad296361df4f0f73135544e3523

SHA256
b938728b1b01513f43c63376f5e8c5a1124e6988d283aa9359abcb21ece70fb3

SHA512
c836b9d232b48b69f3ad560448cbe22872085e2a6a119ef6db59bae5fbe2ebb733cca218b33866db0ed003a22f126df0b445ff23df07824819b668c5d9175f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
39KB

MD5
11d99101b08b5031a42bcd5b5d134b1e

SHA1
8f94a8dec914b21b68a8168cbe670c2de8e3cfb6

SHA256
dd8bdb68fc5ed37d54a2fe4406d0ae2ea1892ffed85ad6c0c78324f1bbe3d970

SHA512
0574d47e1f9f04fe8314f5a503ee153b6cce8b2bf74ba7581d187e88292b058550ed93a2f98d9c0433d669fb93cb7b232b315930c6e121c5eec34e167df8e2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
308KB

MD5
616c05d0dcf02302f0869243461d387e

SHA1
2e87f102ccfa4bf87dcf69fe2e69c926b2d454da

SHA256
058e03dc3d61794f4af1d3e0497e49aeb21bb3b2a52f7ad9b88160e261dee681

SHA512
ea8b0dbb2df6ee0f8c7578c621c8398c660439958965d62b6b2ea5f5a6c7d4370ffc66cc651110f668b78786725d632d81f9c55a47952c088f16ec054ac6038e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
455KB

MD5
d0392eafaad5b3971e7fad96735a2e93

SHA1
a0e4b13d83cae19908b5b50ae0945a1927a8ce75

SHA256
1350a619572d6ba98bd68da4f28163f3c5ea2f0d3764bf0d9f4b1816462d84ae

SHA512
bdfdf271cdd74b30453171a7bc47f0194376f81badcac932614390c62e9017a570775642c0b973af9baa2f2cfdb209a5aa1336eb3c95c9609ef3ec248ec3b192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
631KB

MD5
e5dfdcb334aa466149db37866ddbf9ec

SHA1
de74203f9d308b14171dcac66b922dcd6122d1d4

SHA256
67ad83b6936f231fd7dfda87884bafb13f34affef3be13737cd1c04a82f3ef5e

SHA512
6877be6f506addf585c2eb282920bb15414616fcd2e9202cebfc826a1639f291cbd0a2f0a00e0ef3536099d1131c9d88e8c319a3f36f208ee58589708288ffcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
956KB

MD5
a171828377aed23b55c5b1fb2e1c6e35

SHA1
de810692908e662407a7341ad10f4ac2e78dccb1

SHA256
62104c2ec4c802e65691a1fa70a9a063b7e9fc6040b23f385273f2fa810c3ec1

SHA512
d2299acd3fdd99371c2a22460dd4425edaed2a6ad9fe0fc76fbe6b59d525db760d519a1e88a351748ad4ea6c9f90a902fcdc0c6aca4db5eb97db89044f1b209b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6f44861b44b5905a5c5ca110246ad1e9

SHA1
bb5a2825de18587825e6eef4f45a2e5ac793f468

SHA256
63b2aed9432742b88b08162b7d840a2394fd3f8db23cb58476bce1063230ab2f

SHA512
ee4f6d77482edb1c1ad8788befab23f2da8b1d5aa65b16524202847973b548b591fe8ad5340e3e4e4e02e2556ea252302779485a8f27d2cad685f514b4366719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
384B

MD5
eac62ef04ad48c8110f03f49ae43014c

SHA1
1fc138d4baf5258f38d09b6f1dd1fb38eb705680

SHA256
8c14ff3f375dc3ae2c9516eafc7694ca3b946d46b676f06cea45ca6a17958abf

SHA512
8b6767f6c2569a2aa8c15a1a8ffc438b33c61c315e621c678b3d98ad8d6ef2510764dc5bac495bb6885fbfadb665d53bfb9384a55854469072f6ceb5e7a1e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19c05ae6ee4622ec563a3bdf5f0fc950

SHA1
0047de0b292666f9d65b22083439c1a696f13b73

SHA256
7d7b698edf3c38d33364f534edd0d37476f05ef2b117f7d0c0ba61b67b449b93

SHA512
1674daa9505496551c036d22fb61592c4bb7fe7dbf68c811fbc79c1faa2d4f09aedb18483f7d8b281e068386aa01b9c862278148d57bdc00620e5ecf8755f5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b9ba80ffc23d89bac24fcefd9f2dc11

SHA1
23187f638307757a77b2b1bb1d24f268516352e8

SHA256
cd0d120c0d731d18e65873f89a50525f06cfecb09df3c3854704a1778d018328

SHA512
be98a90b95b503e21bcbec40bcd9376a10a6b2c074b03ff92d19605203d12f4331401505eb40dda2843bac5471d9a88c9077927320f6d727d1b88d92119e48e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf59922878a01476c656a8cf50329258

SHA1
fca83ba8a12d10bb63a4da866e1fba358fcc0a07

SHA256
da85ec1fa7397bdf95b1b352edf97ab7244dc47010462f2df07c173b95cfadb7

SHA512
e12d42d23fe0c5f17890bbbf8c38543150f03fad8114cc341bf50bef30bc767effc5b89c46eac3838d45b60651e0eb07a81f9818f296bdd6dc2c7462192f6db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f688e1009f5b7abc07a5132f0c1a513

SHA1
fde8b84da19a09b9e3f0503a7876831b26977eb6

SHA256
2ca060b81b624bd308633f33143a74d866d63c8a015521546aad3e94933481d0

SHA512
5d9d4f2ca6528607dd938efebf0e7bcbaa6f629ec9c09d9f1bf32b393c1790dea47ef8e4f8437b3393bf0c810338c2e3ef6afe0e053f8d259d5ec4c55bc074de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30db4fb7b1d60a59e6c9efd094dc3871

SHA1
a68ca3922f5082c6cff1002559b751c27d407daf

SHA256
fa61fde115ac7017670bc61faa8421b74abce14076399e70944cef9867d9769a

SHA512
6e72f5b237fb4ea7dff5fced7acc02eec6f463925428a6225ea225db4f79d159f22c95e54a5dfba510440d81d4fb2c6fc66fdf7cee1ccee6b2279b2a33c1696c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94781445ccb783745684fa422a563caf

SHA1
7fae4fc54d0c58753158177729f2a80597125d59

SHA256
780005821f445d7f045a47179265dcee6d0f149192faa9080ba22a18713d3da9

SHA512
7d7a798e2500118fc71d5ecff4269d62d86c2fe4e7b1c92befc716da587adfccfaf3e34d6492d4e00fa80b5f60690073bf8d12f294bd5f3ef96e2af65edac234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
939e4a6149106c5f5890f207bc3172a9

SHA1
fa96ebe326a3b4a5715e284e8f2819c931023942

SHA256
f571d347df6352827af8ff29c98f62da24cdfeba9b8c65a0bdf1a6ed818fda47

SHA512
bafe8a0ccb4ad30b15f7287a03f378d4cec2291a791ff4cbd6aac970a2ae5fce9f36fdacbdb8eb963e8f330baf93078c25459e298bc2a346cf79e3cf7c803816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f979527632e48840f09f4f39e9f79ec6

SHA1
5be544a223abba7040f06f0d30b4b061aba75506

SHA256
8d929c77464dc41cbff99afad03221ddb1c28af98ed691d9006c8b5fbbd774ff

SHA512
1b7463e4d3af26948776c73e37f51e7f29582e2885521f42a9823e5462efe3850070e33207290d614e47992e994d798a20d00e5774ff8a3f9c232d961d21d26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b648dd54b40799bd8bca316168ba6d72

SHA1
9ae1ed13657feedc186cfed9117ed21745846e0d

SHA256
5c685a22e80a5f0d9787f89cc94193307055c1ff784a1bee0d5b427bf44b5bfd

SHA512
a6d6d683dabdf3ccf679b94ac783d0481cb4ab34937850165c2aa0dff48fec01d9719aeb9d56564f887fd51771a5ebff39490db9432359e15054edd6591076a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
151a049ad80e11fb7533a407db03c12f

SHA1
89e5eb7f946005dd65b9e7ce8495d1d2c4e57371

SHA256
f46f94339976b66a121651fa747cbdf199baab53fc8a26d1e8b9ec48b770569e

SHA512
cc5f05a1e162f1d420c4ff3152b74c27444e6a3fa20a2fa9281dc6933363ed7e27cea634b32543fcb74aa56ad2fdca2399eb38e46894ba32679e075cacf7be1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9151b82909e0e6354d56b8082d4c506

SHA1
34fc41b22c78e3640a1caab61b3b4ca48b84acfd

SHA256
74b9afc62f1154480f7b7bff8299be9791d07e04dc08387d99daf5171c25ca9b

SHA512
54437ce614b9ac59dffce84f5891acdfb1f42fd1e96d47e8bfc8c9fa5c0e97aabaee3b43eaf1500f4ae5000d79568786408b5f54366f590f7ab113711eb8be02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9411c230b18454dac7a4ab7376fd7911

SHA1
2acc2d290ec199bd73bfcf18eafd9bf07d6269cb

SHA256
ac994c2a6bbf7edd955505a454f19fec65921ee91cb7b6299635460c09a35465

SHA512
5657daa4b17846e9c1f35ca6c88edab6092383e8ed367a7210a8b6b7ac0f9305da06c66cc2d47afe9887009ccfd0b2c4b10a4f2637b72847b8b12d8406c2f02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a77544d4-5a78-4e4e-9ad6-33f82892d2b3.tmp

Filesize
11KB

MD5
b9135af12aed6cc007fef1af088eb820

SHA1
4953aadbaf0bcde6cca5db136b443322e96b463d

SHA256
7ff07f524828ad345a84306b617c686fcb1945f626d3d2b5815e0fd41434cfd9

SHA512
d66851c63c3f74fb8720851f2f372d7f48205e9a72c9da652cfaf9333d79beb97e433f82a51656d6b3a950b4370ec45dbfec8bfe34ac149903fc2f2ee9e25612

Download Submit
C:\Users\Admin\Downloads\Fapcraft 1.12.2 v1.1.jar

Filesize
43.7MB

MD5
f5d9b40d51f4bd60e2bd30d30e4548a2

SHA1
f53e08bbe16f25240af25793600e76ea854b731a

SHA256
0c5cfabb7d64aac865fd6753375ddd856bed12e1ff8f1e0e4164fa5ccc4925bf

SHA512
ea458ed92b7ac80479bee9d68e3bc00b894c0aeba441f0002aae68c83f4c4a6376ff78c159ad4b2152cad4dbaab2453ebe54d42054b74a571bbdd4d843e5be1e

Download Submit
C:\Users\Admin\Downloads\Fapcraft 1.12.2 v1.1.jar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3276-569-0x000001D625E50000-0x000001D625E51000-memory.dmp

Filesize
4KB

Download
memory/6096-447-0x000001BB73290000-0x000001BB73291000-memory.dmp

Filesize
4KB

Download