68db98a0675f7459ff2ea76fdb8c2043cdef1d69106cb4b136938be330696e71

Analysis

max time kernel
147s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe
Size

171KB
MD5

18046d6cac2af0571e186d893e2bd797
SHA1

2e96666744a4b1c2549123aeeff4f5ab2c0672bd
SHA256

68db98a0675f7459ff2ea76fdb8c2043cdef1d69106cb4b136938be330696e71
SHA512

a3ca570778cd12c8b1e261ca17d19c9b61a77eec4ec349986fed47ecf60852b7f51d1b05a07d4961d8ee16e6b4a2bdaf6928401b1a952a2772eb7477d614804d
SSDEEP

3072:Dd9xR3G2BZMbBLBaYw0coLujNH1HMgYpYHaOQGw6URKJleIc53uDBN+off:Dd93ZBZMbqYgomH1MY6pGw66YeX5Of

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
79	api.ipify.org
83	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1936	msedge.exe
1936	msedge.exe
1668	msedge.exe
1668	msedge.exe
5112	msedge.exe
5112	msedge.exe
6020	identity_helper.exe
6020	identity_helper.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 2672	3080	18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe	82
PID 3080 wrote to memory of 2672	3080	18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe	82
PID 3080 wrote to memory of 2672	3080	18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe	82
PID 2672 wrote to memory of 3488	2672	cmd.exe	84
PID 2672 wrote to memory of 3488	2672	cmd.exe	84
PID 3488 wrote to memory of 1844	3488	msedge.exe	86
PID 3488 wrote to memory of 1844	3488	msedge.exe	86
PID 2672 wrote to memory of 1936	2672	cmd.exe	87
PID 2672 wrote to memory of 1936	2672	cmd.exe	87
PID 1936 wrote to memory of 4248	1936	msedge.exe	88
PID 1936 wrote to memory of 4248	1936	msedge.exe	88
PID 2672 wrote to memory of 2384	2672	cmd.exe	89
PID 2672 wrote to memory of 2384	2672	cmd.exe	89
PID 2384 wrote to memory of 4448	2384	msedge.exe	90
PID 2384 wrote to memory of 4448	2384	msedge.exe	90
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1228	3488	msedge.exe	91
PID 3488 wrote to memory of 1632	3488	msedge.exe	92
PID 3488 wrote to memory of 1632	3488	msedge.exe	92
PID 2384 wrote to memory of 1668	2384	msedge.exe	94
PID 2384 wrote to memory of 1668	2384	msedge.exe	94
PID 1936 wrote to memory of 2404	1936	msedge.exe	97
PID 1936 wrote to memory of 2404	1936	msedge.exe	97
PID 1936 wrote to memory of 2404	1936	msedge.exe	97
PID 1936 wrote to memory of 2404	1936	msedge.exe	97
PID 1936 wrote to memory of 2404	1936	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\18046d6cac2af0571e186d893e2bd797_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\a2.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://adf.ly/1Bqnu
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff88a5d46f8,0x7ff88a5d4708,0x7ff88a5d4718
      4⤵
      PID:1844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1476,4851399729045105904,2256591738002751797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:2
      4⤵
      PID:1228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1476,4851399729045105904,2256591738002751797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://adf.ly/1Bqo7
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff88a5d46f8,0x7ff88a5d4708,0x7ff88a5d4718
      4⤵
      PID:4248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:2404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:8
      4⤵
      PID:508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
      4⤵
      PID:4896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
      4⤵
      PID:1516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
      4⤵
      PID:3588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:1616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
      4⤵
      PID:2520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
      4⤵
      PID:2304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
      4⤵
      PID:4524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
      4⤵
      PID:1372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6848 /prefetch:8
      4⤵
      PID:5776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6848 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
      4⤵
      PID:6028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
      4⤵
      PID:6036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
      4⤵
      PID:4076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
      4⤵
      PID:4844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14726838845046512283,5388522397965331947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4348 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://adf.ly/1CWCX
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88a5d46f8,0x7ff88a5d4708,0x7ff88a5d4718
      4⤵
      PID:4448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,13320197951290906682,6088040051602581587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
61KB

MD5
02160f15d0eed49199c9930d963c4372

SHA1
8071867fd147b36dac91dec18c403372b2d9ac5f

SHA256
48337043c12b7dd1dbc6847bb532a1d09f3bf466495182759d474e59ce2d0baf

SHA512
1c7106f34fd2bbec660679839ef45a4457d582bfad7c51dd935b749f39b6426247227ceaed148680316ca9e4fb46d6827ffb3e15f897834de0c07e4fcd927d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
87KB

MD5
453d37dc89befec5aa695e8f87019d98

SHA1
b961ec85b4458556ef613846db151ffd77bfa908

SHA256
efb6f13a7395844fe674d7198375b0740e0ded1d419c5a699b58324ccd580d90

SHA512
7e4bf9ab3de93023553b2cc575b003c7f44aed5f5a64d4be85ba85e165aad32fb548e7d3267a4275097a38909ccbd69b1886a77a07ebde19685df630f3c1e529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
74KB

MD5
faa618f27fe80e5f222beb0704347048

SHA1
3ba662fdf34d7adb5281d9702bb7ab44b69b75b3

SHA256
bb6b7b335764c02b651bac407e9d00824e092af380f01005049ace8f3d23416a

SHA512
8246503bbf96f985dfeffda955d551e81de634bd3cd20fa7fa9c27530bae3ef0a246044e4a0e7cc669ce1ab86297670ddfe4cd83b15caddef68fe7334b99d311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
51KB

MD5
6d637af6c121ea9639b7bc2db52c6863

SHA1
cb72e6d9e797cb9ac10bc546d9daab032b1a157f

SHA256
878524b743053b3b32417bb3bba5e8caed8c3861c7685d15c2903d48cf2bc61e

SHA512
9cf6c68702c7e6d57f035f249a79408ba11b22a47601b79ca09d649385c9f9e96d4e5a46ed2ab15bc25ccf85ba07e860a4306f1dec0f992b6fab75b19b2e5670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
19fb2743c6499a973d4703619c5083a3

SHA1
7e9f63894a0e2cdac7d3ed5f756a8ff00f161611

SHA256
56b49ed55e5a4b97a8d01f602d5eb4f257765bbd405769b238ab53161ec27c9a

SHA512
af361d64837da2fc43926c49a30cee487b8914a8217863d3408d0a186f9ac85fdfee6030e1fe4c200250ec0d21e75ba89b26bf2e36167b0b041067a69094b347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
36KB

MD5
eb767cf9e01539b5c1954497e4d3bbb6

SHA1
4b802fe087136c450ae44e32121a8b33ae3988d9

SHA256
ef858666b32f3dee3ecce3934e7b886e430329fd573d5eb842f9bda827d94521

SHA512
c432d505df959c6f757b7ec864dc7ae627e30c60ea6acd9d6b2bd9f4e23e34efc50ed13c0c296aba87972380cca18957c7be14c3323edd0d95b20696f6723164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
100KB

MD5
7aae2dc1b40f521264104380766daa54

SHA1
2e554727a980af51df9ec2aab88e6a59b7647e42

SHA256
07186dd0d096065d29331ce97e19c186e70e3d9e3d783a04efc19320a027fb55

SHA512
eb3f982eaaac7f147bc5ac8e88ab0a58c668d0487be42e9f1d6c813b3377f780babe03c47c425a67d31de9050075d9aa3c006060800cfdf20ff2e39b90f1cac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
125KB

MD5
a4160421d2605545f69a4cd6cd642902

SHA1
aaae93b146d97737fabe87a6bc741113e6899ad3

SHA256
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

SHA512
d2ba5c00c3b6c1fc58519768b0dcd23951e74c00fdd424ab4565e7c2dc9c6b8e8077dc75015d9158bfd12f4573a7feed6bc3fb16eec96785c356511c9551416f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
136KB

MD5
631d83233f6a5e471471105c79859caa

SHA1
f0fd7bc6161a23d8962e4a6d4bb58002adb041d4

SHA256
2554dfa10d2043ae3d23fbcb304cb240eebbfe8f97dd9852aa073d9e319e989d

SHA512
0257147ea077c8a9a31e73643a5ef88d7608fe5598ddf1f20888a66c2c8438bc0ed73ec121d13152041074b8b16b33fc51429d9990512cf26d933885eb6ffaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
131KB

MD5
82b65524f70e92b732e4c7e664698e29

SHA1
90bd1f1500fc78a88716be6ae1420636ec4ad7f4

SHA256
0662cf7ca3e268eee9bc90cb32ab6e633d5f8a4320fff22d8536e4584070d905

SHA512
252fad456cab6f4cd078b3ce057ab52e88e97474f084913a7374fa4a43720dc1827bcb424d34d10a59e53c95522018d6cfac96ebdb0d95cecf3fc5f64c530655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
32KB

MD5
de7f208ee62c8d0cfd385bded659943d

SHA1
512cab194a7293ad6298151fea18e815d4eec474

SHA256
d7287c72608ac2a282f46f45e50840e6539b703b3c9f30fb65dbfd20a08ff7fa

SHA512
9867b2472dd90547dbdce3b181020a04b0f829d9b26c058949780d93cb1a242e0278401d3fbaf01143753fb2d0b220d4922e819924ac76686379d73f8adf4249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
158KB

MD5
21f4343d19a4b35ab8eea24d35cbdadd

SHA1
26d731d18075b442be00af2141971148c3f37f4c

SHA256
ba8ed6bf0e758deb44f23bffe5cbb3fe22d7f87e86d3ce73c010112922c52a45

SHA512
08a0768deead856d025b456e4da5acd1edfeaee2f535f4012ef1809579dbf315f67e7250b3ab14f6e25d9058238c3dca3804cb85d7b819886000da3018bc190c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
38KB

MD5
167ff3da3944786cd518fcdb9be59eee

SHA1
fb9b5961541ffc544ddcad36691156c9d37ae1fd

SHA256
853645d137eccbc8395056ff1758e3b1896e0e8bfb1dfba646ca7643e625af58

SHA512
4f13db4b5bc57429eb2a33b5e9579a66e13312a0944768e3bbc27444e88fe50e43a46ff3fc26533d8813601c34593202e3a19f2731ef167257305da9f340d94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
49KB

MD5
8935d87bbad1665ce48a561bb44f6872

SHA1
8b063e4fc6a415e33fe4cbbec76f4ee67077ec8b

SHA256
774b15b05b7fda9865c66fcc7b8c6c3bc7797977b79da7ef3873b77cc9675275

SHA512
05c14db88f702a382539192de95da927b16b550e0fa7cba4d16795cf2e821fce8260dd09d2c5a2e8b8a430531def91044fa7bb30bb944c6e9fd1875ee793ab44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
38KB

MD5
1b970e679e72c46e5db8a93f2fbc6b01

SHA1
27f988cfc18292473ab2c80aea9d7dc11cae136e

SHA256
39bc4908927263d570065068fd72ebfb303236d37e4f961d1e43a7e2eb5291fc

SHA512
91b4c74d3a747d1a8430dc20513b35b3835792d4388a1c40989bf717774d6447ebca6e0e34e95ebc7d441c17bb644eb1c99af63d8c21b330ffe010fc57a55d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
78KB

MD5
23dd308c96dad453f5f929b9f6b556b0

SHA1
fa944ff7628ca8ad9595d9745975cc2033777ad2

SHA256
b00f8bc7570379f16e7cde9866755125e35dde33071d59453992359cb857d4c8

SHA512
5bb32694807c965cd905b76289a76f8cb15f149b2373a39d1bda438f3082df0f071f75b54124f5ad0cf5bdbf7b3ddc568092885d432f002e31db34de56947d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
72KB

MD5
c877f52f7f2e3d7f5fd5e0b234e64627

SHA1
369f3608d2ace712ce666602db5e2794d24a68dc

SHA256
fb074be962c1f0f70cf721d0c4aa8a81d561c8530d4539cec7f279233fca95f1

SHA512
ab5ce7bec2d9137b614a528fc39e8b19f02135fdcf390bec97df31f53e5456d2b4cc811571e4939c129a621b829d770aef5f7460af86ba4ce1d6fa6e89351c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
79KB

MD5
132d3831696f6d1b9781a2abdf8d3351

SHA1
d8bff1e6bbd1e6198c0f99ee3b498f55111c781b

SHA256
069e6b7a7a51527caef2090dd1de9240f714cd1f9bd07a38d3dd9fb275992713

SHA512
49d42e26c34b5ee264f4e5c31d1f5d2e9b4bcd9aaac2d0f78727e129f723d550f1088b41e1c612c1cafd884cfa579511900f580332cf5e049bf9f0156e7a286a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
67KB

MD5
ca32ac66452bb977eac3cc6251b570a9

SHA1
ade79395fd7c6cbf651c995add9720ea53b66706

SHA256
a74b9a5318fa26e05d1ee8a043e07b11bdf9a816488027a13373e2e62177de28

SHA512
4759b840c4519cb977d80bc567e42b51a9858419ded56cae8be55b4350391fe1e7980b377e5953454c2ef5a17b63de8dfb1b640f0200e3f4f2fb4b74ae8927ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
40KB

MD5
c617b25cd2383dd8112e93776270793d

SHA1
d75ba0117d4d225104d44094ed3cef266e725829

SHA256
c4abc48e9ed95ccdc5f6ccb4993bcda131124034e97bd1c9438274d3911f103f

SHA512
04bdea80aedf581cdbcf5544739754d14ac81a2807b3de669b53fe46ccbadad266dcb377b199e99fe2a56b26a3f18bcd7a7cc97658c70b311ab441b2934b9f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
63KB

MD5
51944809f7a3abcb11ef2a8884325f39

SHA1
bf944ad96741eb472ad0cc6860d31c2b12c29121

SHA256
b10a1d5050d8617b2e4cc5cbee4ed9b7c0996bf63476342fe163a55ecdd2d8e5

SHA512
1fbfcc05768cbf6eb10f73386b5f4fa4c12f5429ad568c66664a612c9c6ff4ed7647d69160fe7c6ec8d4d3538c78d56fabe68e0d3128842208ede11bd79d3ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
38KB

MD5
c624b42caff137968ef3a18d7f6a9199

SHA1
d71c09959f088a2d4e8cfdffbfe4f38eb693b8a6

SHA256
da0c88bffce810eeaea4c53c224b9f78af24d9a089fbe5e4b6e1ed0f384a6163

SHA512
2cc2a306305f804edb365e9c699629efc461d88b6b77cb0181f05c9f9f55ee1b5f1e4da1c203b5f6a57700ea23e9607e3ecec186ce18df817900172346de94d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
78KB

MD5
05de1e814f5cf128ea14bbc5afe1a654

SHA1
a96239c67e5b0f76e986a593a600db4d1f09c239

SHA256
4823dd6546533a3123db41bd22da09fbb00583c812fa6f862d0497bafc1ba48a

SHA512
9c33fc8346b0993b902f6e77124bd54085a7ecf6897191faa5dfadc41ac91eb006d6868fa106b7242086bf96914fa30af6569eef35e95d2016ead6b795068786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
198KB

MD5
ba6b5400e20a1edc0d86da04c6f6492f

SHA1
aa416342f20f829dcfeac8cc2efc727622f844ee

SHA256
f0df79f29e48d8b6722f42da933e3f0f13cc78467b5732a55da731aad5c87808

SHA512
abf966066b0055b03978da1ebc1b5df1c514438f6e4a7a7df32d75a7a923ff81b135caa483ec2082f8ffaa6214b0fcdf5db15a5ef74f99f86dd7801dd911b1a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
756b335fa78d0027dff446041e8a66ee

SHA1
cff2cc50f047bcdd2f0f8b898abc9cb1b5d41a39

SHA256
db4637155a33e02438d8c102a9b9cfe9b6cb137dcb7e79846fed5aa24ba81216

SHA512
aa18fbf75aac98e2de15c41e539084b9e5f9ac7e55c692283cdda116c7753f6ea1b6eb9de01a9133db4498e3085b0c69438c7157cf36a00e7157cfe8460227c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
22KB

MD5
f974d39711a4a06a174f07ed60080a87

SHA1
b448b6299a3b0410e07e476bf0cd2adb2148ee16

SHA256
55718747f0affaa6a5de2876c28e0e6c4a3ad7ba3a1a170eb694d872a37c2da1

SHA512
484c6685e31615e178f5074f24321d126c7fd1309d8bf0a710db24926693e66ee0b78ac628b687b8229a61599b3e5d4b362eb950fe65305864db318443359f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
26KB

MD5
e1fd846710aa5e77add9800906d17ed0

SHA1
2d778c0601d18e7fd3930cbb4b0068b6eb3a05ec

SHA256
00b8d8ad266c164444fb240a4b07d4316020c74c087e95d37547b54ea1051772

SHA512
a00333708ea6f9efe940e8e5ee6ecb9b74063279238beb9cebf4847023a3f94cce34aa497f8a9ed99570a5407eca3adc9f469afd3553c71e6e8a05be83026341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
28KB

MD5
760383af2c7298a5ddaa283caf1520d3

SHA1
c97742709826e7dba631d1ec07829642bdc029db

SHA256
f5dd944f4450ddd6f6038a7ed62de3a5e2569ac19730bf4ce4ea6284036eb48d

SHA512
af3f2598d2d0c2dff63637551cf68e7bf91b285ceb25eaf9a309c4f9ced799acb69f03047fae1dd9da5e61438c03a0f4643dd66bc9688fdc2d76cdc3780f9fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
8891def8c873b799e3d7edfb0212bf33

SHA1
d016334a84950ba07143e9fe7433331549c2967b

SHA256
4acd0cd3a9084f3969614f639bca4cf1c779a56313e2c2f7c76d7a9e4f16277f

SHA512
336d3ad0924e4689786b1d8be81dec468629688c2930586a51de79f5fed3ba394dc9336688432b6bf3c4072d47728ae295c5f75af1c2e3c5b3bee2d41f2ebe42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ef075ecbbad0f52aa96fe6eec3f629dc

SHA1
d165c70d0e390b8ab39aca1ed0d682b6f46277e5

SHA256
9954ae961ee36f7ee33d8234dab7563e080095e18b9f2d46834900ac0ab4cfa4

SHA512
a22a227ca439ac863e198eefed30b39d8fcecad4ee616d8ceea5453f3d9bdd2a4f5ef21e0cac1a892c919b5f902fc350db3eec22f6f1aef56ec88d0833ba4b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb15ec88f36e5afc6e96544a2992bdb2

SHA1
decc00b34552de72aa0a94c1030caf1982030863

SHA256
43cf1874c903b958f1bc487b5ffb8e52e339e9e9e06fd7a6c5877ba07f2bf829

SHA512
8aac16a8d488df37a44c194df94d6fd0446f4945be1a37cda1966d2ec21b244a1db8ea78f063078a8edc89830ba4e5051ce351473a9f46b25f854dd159d3974e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e7d46286877b3c5e7328e2d0c6bed037

SHA1
46337c0b02c7df19d977139aa166ff8c318937ae

SHA256
a45ceb8e82f35af47f4151ebe6cedf960c5cacee52bf8410da0314593d89b555

SHA512
3adffe2fa223568e3385a8ff41e4ed6524d7691721eb824cb21a256c61e1312858ffec888da3ed8fa1f4847cf89dbf5896dce77bd41873389ce4a416d3eadd2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78a44888352cf4e996a3b4cc4997edaf

SHA1
2d985c1c46f0a355fd6cdbcfef2b9c9dd8104d29

SHA256
7214ec233de167a81e5d0506e51da820ce91dcdb6e52a42678568a6a523de962

SHA512
fb1c88534be0b9015499a8f7c011c1245b3fa7b683b224d4eb71a47b89dce842e081da32d549c875887e48c27de48bde918c385ae884cddf272ee4bf84d99376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8be90a6809bdc28746b1063b87740e79

SHA1
84ab1667dbfa4a3b220bdab1687b27c8e8807144

SHA256
3fb8924cbd5e949a144a8592653d1d2465a202cddd36b08db5ab058bf022cae3

SHA512
ea95b17cce1efc78af13494d758aee52ef6484321259592fc8518946a18c4f86c5f64ceafecdfbb7953845a4d180d338531ef5856b3b00c4d9e4384aa63f0937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
173964444397fb61d9cec489ffbf0dcb

SHA1
d70409a9c04b0bc0c8b0b31f4527ea8db4f7620d

SHA256
1946ae4c641cab3ccebaa0fe53a2dcdcb07c8b7d5218e050b8f02410652b6c48

SHA512
967d321a0239bdb8ae5c784246a45ab97e9263af4ebdef7aeefad9565b8f1d7a255cbcc4d46518a6dc04bf32e0182bc00a831582ad2e460b8faffc7132cc1a49

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2.bat

Filesize
98B

MD5
f38feb479735870ba5b1e0fb758b131f

SHA1
5fe1e91b8b378a250850a527b4a1ddc04f6bbb27

SHA256
b176b3f0ee6ab6cc645b0a01b47215d1d2532f8aa1d1fb245bb00592e90e3da2

SHA512
8ad3cdef3460188f967371f04f6c30dbe86268390a7ee821b2a23606c00db1c976c35925c2f387387938e3f77e0a28991cefe614d2c7aedacb2c67f203169d39

Download Submit
memory/3080-21-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download