73454dbb6806c488d74ce3b621dcca5616a67725276e4230896a670d44a8af5b

Analysis

max time kernel
136s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe
Size

526KB
MD5

ea7beb0fbc9ce99b69ae2d450d2efd7e
SHA1

11824f8eee9845a434134bf9b03363de761460a6
SHA256

73454dbb6806c488d74ce3b621dcca5616a67725276e4230896a670d44a8af5b
SHA512

5902b0778cfdcb18d6509c76cbd1867e755d0a54766eeae92845b21344243de54651f1534e64a8e4d7291073ae3a2b8c45babd5c6d937e041720e4640677764c
SSDEEP

12288:xp/15tWJvzR9qHTyM6dn7bGIbtgiwkiT2hrX7C7Inp6gwCXXAw/44:T15tCz7qHTgdn7XbKiwH2lX7qInp6ghf

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
3096	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe
3096	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe
3096	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe
3096	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe
3096	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
1668	msedge.exe
1668	msedge.exe
4636	identity_helper.exe
4636	identity_helper.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 1668	3096	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe	87
PID 3096 wrote to memory of 1668	3096	ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe	87
PID 1668 wrote to memory of 4592	1668	msedge.exe	88
PID 1668 wrote to memory of 4592	1668	msedge.exe	88
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 2688	1668	msedge.exe	89
PID 1668 wrote to memory of 4828	1668	msedge.exe	90
PID 1668 wrote to memory of 4828	1668	msedge.exe	90
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91
PID 1668 wrote to memory of 552	1668	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea7beb0fbc9ce99b69ae2d450d2efd7e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.flvpro.com/?aff=3090_generic
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaf6446f8,0x7ffcaf644708,0x7ffcaf644718
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
    3⤵
    PID:552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
    3⤵
    PID:712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
    3⤵
    PID:1204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
    3⤵
    PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5382962380760103452,1865942211976697843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0dfff133347dc3db8e7b64a049466f62

SHA1
627a5e71103fe09a58e87c24f3dad0d91bd14975

SHA256
26876809a3262d3d13d49605b757fe0efd5dd8c08f95afa4463fab31f25bc9b4

SHA512
9d7d7333d4fe1238847231709fa50765b8c2a937651462eb4626460bde7952e7710b2dfcea34e16f9821a94c6a2d7910aeb249482181adc5a361de40d4b9ca30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
adf6f53ca53c2fc2d65490a0feed3ae8

SHA1
51776fd60dead35f52028d330e8eee501ca822a2

SHA256
7211670775d758bcd7b57297fa897adc0b06f8369e264fc8630179f3f0b9233d

SHA512
bab40d7af57d3aa11be1e47ab4df00f2a945cbcec748b7c49851c99c96f861677960841c0cba8e6de4c0e1bf62f3927732b7438c7cbc2449309ecb7c163ed600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb4078d093b6d063bd5b38eef5754629

SHA1
ac84619e4f773eebd8f87e8ed465202c5aa240b3

SHA256
f500e5a139792dc0eed2589196654054d17dcf382a0db86317bbb5474bebe216

SHA512
f0aa88c94ae030ac7676bf0f58a237fa6182ba073e58807f4a1545af69ab50aae52250105b171a149ff8f9755d2dbf597e15dbb4fd61b8e6197dc4febb546691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7622aad387c3de3c65c3d9557b50b505

SHA1
3a0fca1701b2474db2443a8f331d12783c4f7fc3

SHA256
37b852770ab67e108d2a42161d8b5412335ff307cb6ce77d3efc6429715e57cb

SHA512
38891efb2c93023e5bc69f7fafb6edb25a61e78df5dabc1f078703172f21eb6abea5da1e6ea193a7311357334ada866ec9596ab6ee63cb2ead8d8e71eac8dc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
87b108ca127658a6affa901f6b770b45

SHA1
fc081eeb4ca9de5ef4cd27ac12ff4cc6c819170e

SHA256
0ffeb63a2b3e12dd9c323865cbb46abb0ae4b29475078b4061435d082b991db7

SHA512
b1f4a861d579c6943c7b85a87d06a70f3a473239bb9588432f9cf3021bdd976259851e2406abfebe8a780f9c572c412cea47a07cf3cd72b32272fa77bef201be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6AC2.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6AC2.tmp\blowfish.dll

Filesize
60KB

MD5
926e4475c00fb5254c32c876921b77d0

SHA1
8a55bc8b6e49021a4abbd441783c41d5e019798b

SHA256
d54c8582863c079996c4f1113b1c106204773ad9ea2ae831ba2b33b45bafdfa8

SHA512
53f389e1a967c123ed591c7650cf6d3140abf1012dcac90faf2327e68558949eb2b19905098bd14ab3a9811d23f98466f88418d992ca6373f94afae56a285bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6AC2.tmp\nswebgui.dll

Filesize
157KB

MD5
afbd534002a046624eb68a59c836e77b

SHA1
68d3ff7fb3d9918f0b81a1be4d9d284b378b35e5

SHA256
712d1e92905692a7efb1550979b905aa8402d4b4aeeb264a4aee6c6f3307ee1c

SHA512
fde37949fb11b3d8b9f068d17a9236a88625263bc383c5f84efeec05aaee9230674e8d99541337b2b0fe670bd2b275c772f65305720a5c005e62e49cfe225ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6AC2.tmp\tr

Filesize
1KB

MD5
1999fd780eb1c0425d5b0e851e763ab3

SHA1
6d789c16f9e310b8c3f28e6bb99641ca18b92cbb

SHA256
fe2edd92a3bcff73862d148908216f247392a24679380dc544480e64804d1253

SHA512
b07000407fdf2ae45e9141f3ab8614ff7bfde549d1324cb4f04fa9cf36143b7616e612c57af47b3ba1751a26a1ddf4133ba6c46bbed6d69d2872e75acffd9bf2

Download Submit
memory/3096-16-0x0000000004EE0000-0x0000000004F0D000-memory.dmp

Filesize
180KB

Download