563cfe59e2d184267a940e1ea7dd84c7423b33d31da05dd0e93d50e098db34db

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Size

327KB
MD5

53ce3d6cd13d8f20b5130dc471c1193a
SHA1

f9ee3dd8777c69f2da388deb9e595127bea56975
SHA256

563cfe59e2d184267a940e1ea7dd84c7423b33d31da05dd0e93d50e098db34db
SHA512

83a3ad6b3fc4f2376651759b4ddb76c68100f0845576dda00b157ea1c35d48417b1394593195d1b7d2c3583c9361445928d2249b20598761c072400e322b4b29
SSDEEP

6144:H6MPJyaUMTgAUZjwK4DVVnQnsJqfxbEh9O12I/HCT0H+hGcZhrHJLqW6ZWI:aMPJ9gAQcK4BVQvEh42I/tH+hX3rHFqn

Score

8^/10

discovery evasion upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Wine	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Wine	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1840 set thread context of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 2088 set thread context of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2388-0-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-4-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-2-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-5-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-8-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-9-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-7-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-10-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-12-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-13-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-11-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-1-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-15-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-16-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-17-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-19-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-18-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/1868-27-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/1868-30-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/1868-32-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/1868-33-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/1868-31-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-35-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-34-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-36-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/2388-37-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/1868-38-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral2/memory/1868-39-0x0000000000400000-0x00000000004B6000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\",0"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\",0"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\URL Protocol	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\shell\open\command	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\DefaultIcon	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.torrent\Content Type = "application/x-bittorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\Content Type	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.btsearch	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.btsearch\ = "uTorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\DefaultIcon	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\MIME\Database\Content Type\application/x-bittorrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\shell\open	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\" \"%1\""	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\Content Type\ = "application/x-bittorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\" \"%1\""	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\shell\ = "open"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\shell\open\command	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.btsearch\Content Type = "application/x-bittorrentsearchdescription+xml"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\ = "Magnet URI"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\Content Type = "application/x-magnet"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\shell	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.torrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\shell	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Magnet\shell\open	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.torrent\ = "uTorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\uTorrent\shell\ = "open"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
756	msedge.exe
756	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1868	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
1868	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 1840 wrote to memory of 2388	1840	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	84
PID 2388 wrote to memory of 2088	2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	96
PID 2388 wrote to memory of 2088	2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	96
PID 2388 wrote to memory of 2088	2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	96
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2088 wrote to memory of 1868	2088	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	97
PID 2388 wrote to memory of 756	2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	102
PID 2388 wrote to memory of 756	2388	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	102
PID 756 wrote to memory of 3960	756	msedge.exe	103
PID 756 wrote to memory of 3960	756	msedge.exe	103
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 2828	756	msedge.exe	104
PID 756 wrote to memory of 1748	756	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Identifies Wine through registry keys
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe" /PERFORMINSTALL 4545 "C:\Program Files (x86)\uTorrent" 3167412949
    3⤵
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:3960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:2828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
      4⤵
      PID:2516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:2052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:3132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
      4⤵
      PID:4104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
      4⤵
      PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
      4⤵
      PID:2432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
      4⤵
      PID:4960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
      4⤵
      PID:3468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
      4⤵
      PID:2480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
      4⤵
      PID:3884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
      4⤵
      PID:3888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
      4⤵
      PID:3612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
      4⤵
      PID:5268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
      4⤵
      PID:5784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
      4⤵
      PID:4996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
      4⤵
      PID:5720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
      4⤵
      PID:4436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
      4⤵
      PID:5496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
      4⤵
      PID:2012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
      4⤵
      PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
      4⤵
      PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
      4⤵
      PID:2956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
      4⤵
      PID:3792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
      4⤵
      PID:5480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
      4⤵
      PID:6560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
      4⤵
      PID:7040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14557500693506506865,1642192004748982248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
      4⤵
      PID:6776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:2484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:2736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:5188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:5204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:5732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:4792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:5656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:5672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:5988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:6020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:1444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:4936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:3096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:3900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:6480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:6496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:6972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:6988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dslreports.com/speedtest
    3⤵
    PID:6712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d4cb46f8,0x7ff9d4cb4708,0x7ff9d4cb4718
      4⤵
      PID:6716

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
- System Location Discovery: System Language Discovery
PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
19KB

MD5
a3faf6e65ecf89b67e97db0f2c12694a

SHA1
e4dd78af64c9478fa4e913829558121366811262

SHA256
f1ad81c05374897baa5d1d1f28da4113f5d8aba4bdd8a87c6fdf7706a73f3ff1

SHA512
e285d72b353d56ccf61f168e4c8664a92e52dc0d2e53b8b032922095de42a69f943ab10855800b2c77ce9006db81c62e1ac2a84cd8dcd58fc40b1745ee7bbb2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
54KB

MD5
ad2c009b6cc87e763a71691d6af7feba

SHA1
b63b1e2b9102e1ed75b32d9075fccd030cd89eef

SHA256
19ab7a67e10de7bf8562c4d703bbe0c78465ed6678fe191aae4954b0f5f1e474

SHA512
0476b5540408bb80533c4043ac5187ebc775bf3c97592ecf0bfb8192d3800323b7522dc7c61e1aff07773ca83d852a0a4d769381fa25821f1d84ad06e78089fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
140KB

MD5
1ff5e73c13f2530252254b17c61f2368

SHA1
4ab1eaf59696853362e02222bd203f9c9a3e90c0

SHA256
160ae02990eb1f91c9d8d483d311fa89689f57f375175befa6383c588a29b68c

SHA512
1356a2a18ae6f347a216af24b0f03e539dabca2839f84d99872f6b0b5f166a05d59adb7603ec88dd3bb2181ab8209777c3508f0c40fc28eebd33a1c202db3b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
99KB

MD5
a3c4a496821926fbc1aa26a21098b43a

SHA1
5bb14295111610f374d8fe3e359c84e08b7e325e

SHA256
de288ebea11585daabea238023f6e9ce934cd930ab88c23327f87fb2ccd1abea

SHA512
7ac4ce052d6ddd004946eb340d759bf445700ddbf20d69ac7808785e2df831a2bc862a3f120d74338e1a247951fec22926944c46a56682e5ba34ec61f3c15b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
79KB

MD5
c21134572e734e3957b14af1c89abd54

SHA1
39e6df8e68157b3cc599796ac0b6adeaf60b8d94

SHA256
a1ebc3f9c98eb4e4f41e5339400430218636eb8e26ecaae257579f22b7cb4b90

SHA512
abb3216cc92666ffd41f037f5e3a59574c73601dc3c531f2e0e3aba1d9d1706af7288620c89ce7aff3d120e97fa559500baaf243f2cb8696bf34fd7f3bfeb038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
78KB

MD5
95b41219dc8bcdf6183fe6401bf47e21

SHA1
ce1d48a02885885d52255f35f42f0a59d9dd468f

SHA256
4a0403cebca312982d319c5c7b89fad1e298e41668d6f97b187b6f85972ff1b1

SHA512
0be704ee176f0e60b47f53398c89a81f2c397fec1f15c2b4cb70b4a765760acfbea6e645b67a4fa34bd2b0c37fb1002be6bb972ba78508b1f3b1810417ec72ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
57KB

MD5
df2bdae1840e3cda31aaa52ef82ab206

SHA1
80584b83dbb5221b6b7e3e697b5d2507672338f7

SHA256
7db23c916c0ed0240c5743484b75ef56933c4110159c8cea80c58eb498ffaf64

SHA512
077995c1e6b6e0171fd28fa3680010cbbcfe236ba95b4cff4bc55580505e0ac31db7b6a65d4598c382acb55b34469eb87cb72d426bb754fad43abd1c6aca16da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
68KB

MD5
5e7c0b3ed8f6382840a62155d68f0f6b

SHA1
fa21b16a68b17a362af4f640bcce72443d510430

SHA256
5e508ebfc4aec47bf30f77ef4aad13bfdafb820e8cd7a27cbdd6a2e4a02c17fa

SHA512
4b08a84c83a422f973dd1ce5b6a0911bacc94901a009cd10edde1f89e4e323c371928fc0f2761542e998427ff116587f59e2e0616d4cd2524abd207e2f7190d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
da93aa5083d4a8a231142493c28fdae3

SHA1
7ec3646cb8219a1e3f4d2bfb9b80343ad4ad0fde

SHA256
f953d546d5c0159ed38fb748e442276e47958eb0f95f29c6af82b7e31e3667ff

SHA512
4af42d49043a6d8d193ed491a66999fa5d57942b6d1ceea33574eaabd53bb7cf86573980ee9c4aac98b3e039011634c2450041343872de503661416cad2616f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
2fe7405a4420e49de7f164b53638538e

SHA1
639a77f012d78abd40785cac617736e29c0892ff

SHA256
d9dfcf2fdc9e7c77559a573501799398adbd7a5e91701e73c35df027350102e6

SHA512
9edc1d10e6abaf24aa41a3fc34e31918b8fc088433ef454ac304a43da23fb78ae302d72158015c02f4090f784adb04a32a9a0ac3231440cb660d92423a0baa77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
18KB

MD5
d600917bdfb5f74b8dd27b5bd5e5d855

SHA1
405439077decbdaa5e435409eb43e2f32eedddce

SHA256
84c1b8f28932052470087209ed733208da351503401395a50b411cfff71e21c0

SHA512
f5726ec6aacd934b2373105998154101e25d310a8f91f911ece5e3ff99894e08276dcc63cea95d555f9b4774a0e92b825a57b5de9e1255b4f0ea37d14d2e8090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
63c58662612777fa382947b3f14f8ac4

SHA1
b0d7ff86472ff49a50a563c129dface063e0897d

SHA256
25ea4362789685ac932a8bb218c53f5db717f75db8230b0c568c5ec7e64eb3ca

SHA512
317834a97ef4ef7d6b14619213fea4fdefa57740176b068f3803d3d0dd6e58aecc6ed58bdff57ed725f2f8a68049de904cdfac40c7ea89480d1e62b07029adf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\00c09bf799376010_0

Filesize
23KB

MD5
ab7956b52b1f621780b7b8736c756bc7

SHA1
527d8021e634e970400197cfbabc6c752585a53c

SHA256
507d3a4dd9b060354117c8703075fd893e231025eedcabd91f9d20f314bd7a6a

SHA512
87af3a9d11c6321dc069c092cf1da3308b9203b8140c812411544bdbb76f3ec061e4ed82648a1ad8b5c0c7ac561a67eb7bd9497ef903802d3cbe2b5079cd61e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02053cd9b07c9a66_0

Filesize
276B

MD5
1598bd964ff1f593ad4a529980641d0d

SHA1
46da4b8a4a9b7baa19d6384369b3881a4b712e4b

SHA256
9e583235fdd994f14666184233fbfac9036e25b1b43a035b81f5e623b701e9a5

SHA512
72dabe6bde67c7631013c03ad63560dcb4748e9b418ec864e1db1ceb62ee316bf91f6c11fcd9b92576eca7d4b995695c05c7bf771bfa55d24efe0a8327881fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25a9112c140e34c4_0

Filesize
250B

MD5
cb69723a1cb0415311d247c712286113

SHA1
51d5adbb804cac1302e87c960ff0ec00b02a7235

SHA256
2cebb06a2cd0ad7ea548e3fecf82ac24cb5a25ed3b68df9332ae92d3bb113f38

SHA512
9c2c425095e5e35947ceead3d48f483b7a2ef04862b0e035bb98b44f16d29f4c10a5d3a31e5e42988fb269270ba164e96b6833c7e94898c383b9dd9952bbf10c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27b48fce5ee8dade_0

Filesize
3KB

MD5
05081ea5a4d40ee7d900ee4bd2ce9e55

SHA1
e47ac704a9715241ad5933ada276d23fc495647e

SHA256
c0dc4d19c06e4eaefc87455fe8998110dbeed3e01b374e3faa7e971309d7522e

SHA512
60be7b26888766f6efc7ea6f2143181abb0d18ea42b8e6ddd7ac3241fcc0136223e1f5aec5f0706bfe3a6be37c5f7db31d31619401fb0101d8b0c36dc812118b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2be4b8f7b3309847_0

Filesize
54KB

MD5
b62266dc7adb2ea61e288ac719498da9

SHA1
e9252d84b8efd8704f5450640eabb238b5a66c75

SHA256
6bba2c65a99187f5cbed97212b80259cd3b14f6528d81d916e53a2907fa1aef7

SHA512
1ecd789b9d1813fd1622d577554af8b35e91ba82d20ae9ac1c38531c07bec3fe6c8fc3efcaf988cb3966ae922390fdfc4cae7fedbe48e141ad509b84a8a231e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\353907cd74c453b8_0

Filesize
10KB

MD5
e8671b72c66bd327810769c313be5226

SHA1
95d6c388a1114200db9b1719a7ec200b1b7717ec

SHA256
1b465d7c973379e8c08c4ed14acfd2507f011e93f9d50a02c2b1a8b9b52a72b0

SHA512
390e572a6ef162732a5bfaf199cc9d25e7d3ae62975d198d48e042feb06ecbcbee174fc430d977aafa7f045287c9db69eb1bd2f8c75bfd56c21cb256864588e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a67afeb7a64958f_0

Filesize
76KB

MD5
7b75d3ec4f8c07a755d222c87572dd46

SHA1
604a33e7968d1e9c59f9b5bac6aef19af90026bd

SHA256
6789998db89874a900f178985cd26584c2872246d451887b296eb101a2195ec8

SHA512
975b0406dc010790e4443052614bdf123385e7ccf41d1ea8aa8dab394adda935ad59fa612ce62a4a48f77fbe75ad32925e69e14a34baea12cd92952d13c656ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4968e59638ec56b4_0

Filesize
269B

MD5
3b6d917b6fb79a1d35efc141872d9ece

SHA1
42f31762015db3823482d6a5eb119157a60778ca

SHA256
7552fedb56ac54ab558c7fd6eebe7c0614ff35535d89dfe10d5f4e970c80f27b

SHA512
13b89d9498cc2e17105b741353e801fac2b9a6db02b0f087e25c7f08f9cd4ff8ea5b1fe61d51c571af5ca0a99b28c40ed5d683005c0341e062d231dfa9d776ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49ee5b60031f6f3f_0

Filesize
252B

MD5
f67078e6b1ecc02a79f91284a244b0f6

SHA1
e30d0a9dcd807796369ac0e57070247b5f55d02d

SHA256
99e5c7bdfce04ad7e9fc1eb0134799c2e9a236e239b8bc2819a41e0a1e0b561a

SHA512
018d28d4bbe141234adf0a451dbda986ea00537b6954f694d0918d26012834dc0f58277abf77e129d4d4269487c52f96520dacceccd303b191e83b10f0b74f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58bd5689c1bfcb9d_0

Filesize
32KB

MD5
fefb1155e5b0088b0911da8782cc8306

SHA1
575484bad5ac29baa1d53ebaba11dbad046957aa

SHA256
40de20230f954b3a1175933aac72b086987cddf4384c8d8a81cf6c53a15bdc60

SHA512
662d71079998dbd716757049e21b3fbcff8ae253677a0a291428d09cb7c9f3f1e8bf1ca0f54ce52ddb4889ce0e28ae909109cb13a9b7fee3c31fe061659c8e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b3e1b1851a5b88a_0

Filesize
2KB

MD5
20af6c1188b0e59da37e5377d2482ea1

SHA1
9f4af52ace8986b01e70e88f569ac58e1e78d84c

SHA256
8a25fb371897dcdfcaf83293e207f41e9c9a4439b178ed338e992e8c7b29a1a1

SHA512
b68660a2448a24629f153d34e128d87e84b4f9ed3a283e6079f8863bc122b892fe80d3c922d0ba8c6604fa00c34b5888cba5af965b630a869c93af4de1a92751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5cc19be5f9cef7b1_0

Filesize
54KB

MD5
77219b03fb324cd3709a3209b0b4ab2f

SHA1
f8e00e2ce8212af2d60487bc7b241b171ffc68f7

SHA256
4d235b49e083a798775f459f27b2b5dfa739ed0273969f1dbaf1a36eefe36e29

SHA512
479786f22c4b7d7697ce016a42c585357d9d18ce87100ff6fd636291ee36dd3faf355db0e9232699e1b9bfe951da11cc77e54c27803404666be76c8393ba127b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61f59e56e80640ba_0

Filesize
312B

MD5
afc3439131bb81981521ea5591863941

SHA1
82d2622ea47e51750838a56c0678c8a83ca16457

SHA256
3ff0780a926c3e15e09bd3946af5b254a9c59e2dae110d77cb9a1a848f8a28ef

SHA512
5131bb30a2d4993b5d5644ad1673e06ff17f691d4b23263fa4642f33ef883e4147d9e091d7d46c34f0ea14c35e87ab0c7e9b71ec43adf2beb170e3c03d4993e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63509cfb085d7656_0

Filesize
236KB

MD5
89f17e166e6f16a0b9cdf923900e4d79

SHA1
51b908f3058d778194b16dc91df8c40bc4c21e16

SHA256
ad699f1f3ee25ea838e66fe4d2280578c451867f821994ef1084d8eba2bd3d7e

SHA512
279a1d146cf660a1f7ff2e50eca13a9ad1974aa421489e48b595d004310b47a8e2261db4840f8367473f742f1e8a7ebebffedebf87ab1e416653e1340d7f47d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64f9edd98d135f01_0

Filesize
50KB

MD5
962d361cfb1e9222ac29d4411f0c7c19

SHA1
0186c90118a7ecaf111944d9585ebe0eaba127e2

SHA256
c5de1f63bf37a9f03e10dd33a7a287fa6c0c7992a0ac64c1d91db4bf802e1341

SHA512
8b50b7fccaa39acaf58d2b53b9043a5cf39a28c2392182c1af6d1e9c738ab67353ccb62e074a545178acd91d156b064043b421d12508557fe342690487b25ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8787f80084fed757_0

Filesize
64KB

MD5
b94f1f7be76bafc121fe9c8676e0d40c

SHA1
5888982527e46ae1fad1680d66fb571ce43ec6f2

SHA256
102e06721dec9c12b1e3f63da7835562449ac222b015ce00f312b080322aad8f

SHA512
5e3bb64484d2838220605d70632e5b871c2eeda6ad47e388cddbc8a0603a3a8965bfec671452033d899534675e53d7d7b7ba41f5ac9aedba0836f1bf196b9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96fadd289243b097_0

Filesize
95KB

MD5
3f466607542cf5323052a6c20521efd5

SHA1
2683e1f17d5c2b64f8faeee515d8c205378a0864

SHA256
10b5d4cd2bd94ec3fbc351f92396a9e48b966b11de2db68fddb19a00a7df6fa9

SHA512
05e030dd5173c1cecc31b8ea5881a5467ee877ba97f888dea3065c337e0334c0049b6df53aadd0614b3ef9687c3e755a1a30bbf84afb8c64e7fb35525a6618ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f0ccbc0cec4dc56_0

Filesize
6KB

MD5
2556b6bae7bff891f85ec3b0f3ae3ec0

SHA1
4f35bc8b187c85ddb0b035a9ecf271d7bd938bac

SHA256
bff29c069ff5cf69b2c5301d647c1e7a3abf8c79513c9909f5f8d3588eb99b03

SHA512
453aadda3533650214803a2589a3d478b84fe6c9a4a1e6e12b18e3b98e6d09a8100d11c92cda1c67bdac8f53ca1b612e03283e34c326764385c052c2218b4578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9dc2d8e6c71eac6_0

Filesize
373B

MD5
5b302fb0f66227f8e2c455a0cfeb5757

SHA1
063ac38d1a56d452c93d4e80bee3a92219bd8434

SHA256
93a712942100b85af351004049f8cafd86c5bb13eeaed646ba7ad49820e4f5ec

SHA512
ef543a4483e85a478a22c9ba269b69abeeab971c1d76e3ae96efa1a17678b3e8719e8ddfceaf3c494ce7329a9f24b8e5187a81973cbf83f9ff729f45a7a879ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf7fd85c96778a21_0

Filesize
3KB

MD5
7d220b2c7fd8d4164865ead08d256ce3

SHA1
1af345620133ffde3b2db59e54602d9deecebd80

SHA256
faf2d95db8b9db0da93fb705f050be05b5ae35b21b4e1abc44fdf3af54c2f0d6

SHA512
da51870dce3a24ce840b29e99301ac01422a5479173a9481c263e8cc518e6e3a009152f9fec1eb5056e27e8b850c066d2c483a7416d14016df497b57568a8f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c092047f4250cf86_0

Filesize
172KB

MD5
f8296260161c7812f3a78e692bef0eda

SHA1
eb9292bbd8b389dc1769d1885b8145fa0a7a0b29

SHA256
3e4a186b81b0039216f4848faecd0059e28189773c23888c7fb7bb8c69d687a3

SHA512
2415fc23138cc31d3512b319101b625001f44eccd07d8a584bf29b22fff8c0362d1c6c7b4f73a12132aeaf6c19c109f37da3f5635d780adf3227aa6c99c1ce37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3e3640508abd91b_0

Filesize
464KB

MD5
4f8239207be27ebefb7d1506a79fbc63

SHA1
faa620ad02aaf5f7d11839f5f94a79809cbc7903

SHA256
d3e2ef4cb65dcf429d252e55ea989865a908e4befc3ca2177a616f14cfe6a028

SHA512
d7fb9c5c06afb11a5c9cd8e4ba92a223bfaf6473b36cc64567fe4ca611df3b99208c2787ebf1208f873f65b50caa2c972fcd61f8fb6620728c6b104ef5a1f01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c85cd94d0c1fc827_0

Filesize
261B

MD5
90738e4e64de6989c6390c7a703f793b

SHA1
ef6037acd8a3d1c8836dca796dcc21da6c813b03

SHA256
7a67c53b09a87d992c0b246dea9215392da48cb3694e6b45deec0692fd410bc0

SHA512
b077e921377e80ca58af801cfc3060eaa56b91da9e09fa15ea44a1d69c57de41245334e98841b32949b70a2e22fd7dc34b0b10c704b6b8942f7163a0d2d60214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cdccc4febfbc2ff7_0

Filesize
38KB

MD5
8be242f5c505519175ac79e60259dc28

SHA1
99478e9e0767e519381d4963457a54512c022efb

SHA256
fad0574cde1a82c5e60887252cb49714cf5efb13f5e75dea5002ca6402e4cb94

SHA512
ed53abcd115acc78f7390f3b1283301b596c7f5f76c7bc8a6d5ea43cd31084e5d939c0b8c8b2842d88330e937e739bc900ef7b3752c8de66609eb07980a09b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf6ec3cecf9cbc57_0

Filesize
163KB

MD5
1f71a8fa7cc50edea3ccc2b3913e568b

SHA1
7d236be7ef9d29dd845039f12d324a33f23c254a

SHA256
c43106581bbab36b9d693ab493a06084098feee9d68fd5e3941faa8ff8cd41db

SHA512
f5e55cfefc9be6f6d2068c3bdd16e1842a11dcd756b60f68e45d6b015a34105a0e4f57fdd32b7b568674223c82fb18905f5394571144c38bb520570f19ab5bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dc5df82a3e02da4f_0

Filesize
256B

MD5
ced278f049a190d67171c7395a184f7d

SHA1
8b1139bc26d63110e83a11f3f79c8f51684c8ae7

SHA256
978505ca258c7b8c8da2854199e879a764557d5ed22a4e361e833527836751d1

SHA512
bcb2579531b830f1b80e345a3038da19d0cc6a50b858990fd070831d92ec8a11f68ef99779af9654a76ae50f9b0fcce1d6e4d0c3610386b64d9b94b02cf60e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de3d0ce6b7df6e07_0

Filesize
425KB

MD5
10658fe46d9ce4a7a8245b301be5d680

SHA1
fdda3c36e7e02de385eaf0cc9363a5266b5ffcfd

SHA256
d221f6b731ebd04b41a515139bfcc11418cfbd9d2517dbe622da5534c6f5e6cc

SHA512
037fec9bcc87f4314cb57b2aa04ddb3479bf037150b07b7210ead974d3e433ebb6733455db7a2efb5038c3f7e89c5a11c56c0f041149ec70c0292953f032d87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec47912131fcbe9e_0

Filesize
140KB

MD5
77d3811138970879a52a4db280c049ac

SHA1
d80856cc6dc1b8622844789511751d47da036ff1

SHA256
20d3eb2320a4207a78c110d8edd9e604aaacddfa46eefa6b0c0254b034e5db84

SHA512
7e639796797c3e2aa4d69a87ca66f7f7d9d81be3c44f29d4945ac7a0dd42b64e94bc2ef35867236d6a6721d3dffbd03f9414aa69108c00490cd255a6191e0e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f8c4de754d412741_0

Filesize
3KB

MD5
4e6b25bfeddbe9c507cb5e86853d628f

SHA1
fe7ba7c9a968458395e6657346072f23b424a0b7

SHA256
0a2489ffe8a5e639ad4717574de79c6d7b09469f77b9b829dffd2d564f4a9df5

SHA512
07ad16a42bc916065ffa1762234a0a48df1d0265c2f9c98fba9a9718a7533fe96e72fd93d70568e64f0662f965d51d6ddaee0177d997a234fdc19a373f339754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
68791ba067d9b7d3ce7bfb9d1e5ad44e

SHA1
7b0088087e8cf2b23922abf7c88937b44482546d

SHA256
3a69361151d2ad388dac97aabd2eec4b4191c2201ff05e82bb94b2ddb2b791fb

SHA512
6598cc6d4412beb3046314c90db61528bbde023f99edad5496e6308abf87de8257a290d8540d8c82e82d934f3e82a203f809ec3dd840096f1200887106a4cfef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
538459e75dcc00561934402d081af0df

SHA1
7f6ae97153a557a4fc79c82e55b08458147d3012

SHA256
6aab26c0bb13b3f9b929ff26191d94db88d91500c29cea076a71d663d7d23b07

SHA512
69dec31492b449e908238df34f2ad75ddd55d190d761aabb9020efd1ac46d7f01d38eb8ae4243e07642c5b4bc42e9d0f16749417cd47898999fdc53afb57740a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f79a2e495c536339aea28e9176ad5234

SHA1
d87ac53baae99f208da9497ca1edbe71b3e15b86

SHA256
f2b9cf45e7691835292fac6e79aafd6c51b36eb7e87821bf66bf6c8cfecd3366

SHA512
269c318deea233e74fa0b7048a0b124558db98bdba414474f8dfa6214f8228730b73a121aee98a583399c0de692b1d402c5f4b25e78eb7f8bbc1080552b38e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a227f9d81e63e17ef60f3526427bc771

SHA1
9d40653dd36ea29a2b9d08658bfa01e9e7ada814

SHA256
5abfd5f101da40f6f473826a8181b2fdb6d784d5e6374f4efafaa7a615fc004f

SHA512
af8d6aaa59150349284174bfaab4e33d04573f8f0da6f0f9af90f946d676700392b41eae553f58d10c4c6ef1009e852e1206c9cb10e6dd0ca79d9925b90ee83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a08ee5969aa0274df924231ab36fafd1

SHA1
cecb011a8aae819e9764b108640c3ed5e8e7a213

SHA256
be8289f3b5f3b3d1da576257f5a161873a1ed6ac2e13a369f49a0dab8d32d06e

SHA512
11f8e56e248b7564b1bd32c71ab08c6139f42c5d8c8ff86c3614aff8084e3ec37a5e5c0ab515bbcebbec15520edaf4dd33b31a8af9482150a601ddd3c46d0231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f22a6caa1a438d292368563eddd9183e

SHA1
54489ba8e3fd21783fdec35d75a18cedfae1b5be

SHA256
97cbfb262973673027f70b6d7e08a81b0bfdda83052f3d67e26ef1a0863f47ff

SHA512
ff3947830f323a5544088336e2837293cd41a77a9df9666a225ab14fb7a3226d55a84c6d3dcc8293834fe19d7673e59e55353a14f0f90584971982058c125f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7cdcdbac90b6d2707858d4b1bc9525fa

SHA1
1ed0485466ffff5957023774e896a1a28cef86a7

SHA256
44a0c63c495af0834d37d855b82813b6dbf8715ae45d81c771b0e3ad6e1c7184

SHA512
9b04ea78f805a95e87489cb807f354d719ddbdaec60246702a269c7f79265339a96f70b1d84a0ba3b973c1eb23a8ee3724f8afecc2cc53ac95b53a61a14754c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87b3135bb3bf9f097fa0cd5e7cfab0fc

SHA1
b8907c30a13a2525ba7ba1610b29754fe5a751de

SHA256
14bc58736446a41d8cfc87a27125fb464927d1437e4969db6fa1aa2cc67f36b8

SHA512
ffc531b6134a686f4e56837a037a9be94fed515514d3df9bc4865cc4b49478487ae5af17e01b57cb6fbccd6ce39eeebcadf45faa0fb63e502165a33c8d871f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
06cafd5644231fb2ba0ee3d5aad15992

SHA1
a6d9493884f39f94d038a7cb5d476d66a5b49337

SHA256
a606e1a0c9c9012d6f2628183105b26f0de9d6d745a09cada4eeca58081bb136

SHA512
addda1879edc960e519c28e96eff7a99ec45e4395b7ee6eaf1a442cb01fb951ce32a1a8c0028c60da5e8893c0d76d6905f0ced736dd65c1dee3214e6e1b41cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2079738fcaacfe779690f4b19fec721b

SHA1
1124ed9e7afecda78f960f7a6f40db43321d3bd6

SHA256
10ee0d75ae81b9e18a1b9c0297810795e4a8c1a375b1ee7aaec8b315b1d8cedb

SHA512
775db97851a64efd42980a04b92336f56fa4f1f934b1354504866be08cbdff74a4392c2029926cc920a040a4245736a13bf7d728870db404c32c89242bac6640

Download Submit
memory/1840-6-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1868-30-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1868-33-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1868-31-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1868-32-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1868-27-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1868-38-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1868-39-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2088-26-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2388-14-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2388-13-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-0-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-12-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-11-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-10-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-1-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-7-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-15-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-9-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-16-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-8-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-5-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-17-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-19-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-2-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-18-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-4-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-35-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-34-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-36-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2388-37-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download