fa79ac7547f0b90a53414fd5e928ddf32a121c2ae21836ed8d5099004dd4887b

Analysis

max time kernel
137s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 16:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
Size

495KB
MD5

3ae3b1b96474ac5390023f365069d4c0
SHA1

b59510d49a36f8590427019ca65ab4304001b5e7
SHA256

fa79ac7547f0b90a53414fd5e928ddf32a121c2ae21836ed8d5099004dd4887b
SHA512

66cce41b63b0ac6581ca61fa75eb5c43b900b7c112ad51841f62b6e35733fa7d8d588d965eaba10acddf44d698a616b6c05d3fe3caf004911185b9a9865c467b
SSDEEP

6144:Ze34R2Qm0Lzh36dqXEVTrnCRZG/t7FTBqTzP7n7O7L6K2Bfo7pB:R2czh36VVTGf0ZTsnz7O7L6ju7pB

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4504	identity_helper.exe
4504	identity_helper.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4888	5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe	86
PID 5104 wrote to memory of 4888	5104	3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe	86
PID 4888 wrote to memory of 1312	4888	msedge.exe	87
PID 4888 wrote to memory of 1312	4888	msedge.exe	87
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1096	4888	msedge.exe	88
PID 4888 wrote to memory of 1476	4888	msedge.exe	89
PID 4888 wrote to memory of 1476	4888	msedge.exe	89
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90
PID 4888 wrote to memory of 644	4888	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ae3b1b96474ac5390023f365069d4c0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pf.toggle.com/s/2/2/224891-649917-windows-xp-service-pack-3.exe?iv=2012101602&t=1728749012
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61b846f8,0x7ffb61b84708,0x7ffb61b84718
    3⤵
    PID:1312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
    3⤵
    PID:1096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
    3⤵
    PID:1208
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
    3⤵
    PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
    3⤵
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
    3⤵
    PID:4212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1627493009127220120,11319693258167782326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6032 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78cd17182a2b2a2007b356c9f6ea8046

SHA1
d366f6e34f7ea665d15aa6e2be55bf31fef07557

SHA256
1a5b9dd8f707fdf705ca12a7fcf8df752a398070cf168d63f784d6699d55fd6f

SHA512
4f61871924fa5186b9653b789c13d908f890b6b34c38abdcabb6bf4de39e300cea59bb0a3b76d885921d2305b1499a5699e9f8d8aeac819f2af8b298ca2c11aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca768daa3992ebbcfb5ec16b4333ad6b

SHA1
1f2b6ba4e73888ca5a3c42eebc77a543b263cd42

SHA256
ee67c3bea3db1ec9f1e9d09fec658a0e8397b363e8bc616df06c556939fc83cb

SHA512
113f6163a317e97bd2fb750f4d55181c14f371aff6ac9ab32425501435b0aa28e37b798585af0bb8b3bc8c6b808210af1cb56a72486b753393269fb8e52cf989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a7268f4e26f3331309aeb29adb9b32fd

SHA1
af44aa30f89122f2bb91299981407d6800cb5933

SHA256
1798bb52b63d46dcf28cb89a6a6dbdbfa1213b531269762a168fa6060e004455

SHA512
b1dec71bfa9b1ee5fa3230fbb33d045e7110dd8f3c7543e16765ab550de63c419547f5f1200ab1d21e0dfe98e5cfd8e0f1016a06cd550247c7ba1b1dddbb8473

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\UAC.dll

Filesize
17KB

MD5
09caf01bc8d88eeb733abc161acff659

SHA1
b8c2126d641f88628c632dd2259686da3776a6da

SHA256
3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

SHA512
ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\inetc.dll

Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\ioSpecial.ini

Filesize
411B

MD5
e5bc2ea173ebb49c96ec89bfcb0e107f

SHA1
d6655b8eed0d9820cbfb9fe53af8e206ea0fea7a

SHA256
dc6028e4dec83ba2eebc2c7e7add81469f6476d633554b63a3183b3d24a2d17e

SHA512
850e7e4ec107c35bfbc2d3bef48eac9f6e577e0f9814dde9eaef39f644eed3f44c8f82a8866abc943c9b7ebb12f54c493a35123887549f306709f5949faa84d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\ioSpecial.ini

Filesize
1KB

MD5
91063b6a5b666924c208ef071a050da3

SHA1
2f90bec56392832ea3a19d92a878b70cd816277e

SHA256
33f4d1ef5c63056c304a82cf2ea2af6063b511ef020a721bfbb8b2961a62d8a2

SHA512
c172b8a388ac4dd8d96520b3389c340087e5159eb9b171371125b3c1ce218c6b7fb0d7f2adc8177e5db1d4178b437500a1becf6f4d71bf76e70b42091cac4ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8EC4.tmp\show_page_toolbar

Filesize
1016B

MD5
de86f93cee23f29c4146d0490847826f

SHA1
cd01e4525e6b2cb3e6ced0589af4be9c2d0a0826

SHA256
b7b742ad61715e695a56cd0d1735d969bc7fc2c68899d823fb3ccc677a966ceb

SHA512
3b00c9aa5f3286e963c0ab8e3a827d7382d847ec68313f1a40088d68d0f6eeee61d6a56edc8c45f0a963c80afc9233acaa6fe75123887647ea88ba1aa9222565

Download Submit