5365eac5996a820e4ee964a8090f71d3ec6a9ba98b831a2769d7c6bb1aa8b72c

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_96e55b5539e2943f8eb697f821a459be.html
Size

69KB
MD5

96e55b5539e2943f8eb697f821a459be
SHA1

d38cf99b6b345bb6fc3527a250adb346fe3fb17b
SHA256

5365eac5996a820e4ee964a8090f71d3ec6a9ba98b831a2769d7c6bb1aa8b72c
SHA512

0489c2af9ac17ec738d3bc442682cce3ddfb01102d97465a5467afd3b7bf45cb363269cc7f3a78a41c01a75a2a3638ba4c22cb0c0858bba90252ebbcac5d19a6
SSDEEP

768:Stbl+bvIZjG6FnYMOLd8vRvweIrFQ/4iQGwxV+3bAg784a1:Stp+0UI4L68rObm51

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2093873275\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2093873275\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2093873275\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2093873275\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_1905590400\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_69652083\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2041510176\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2041510176\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_1905590400\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_69652083\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_69652083\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2041510176\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877909159173058"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{B2056A63-F314-4DC0-87F8-BFD2C1A44667}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5340	msedge.exe
5340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 2456	4164	msedge.exe	88
PID 4164 wrote to memory of 2456	4164	msedge.exe	88
PID 4164 wrote to memory of 2080	4164	msedge.exe	89
PID 4164 wrote to memory of 2080	4164	msedge.exe	89
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 744	4164	msedge.exe	90
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91
PID 4164 wrote to memory of 3720	4164	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_96e55b5539e2943f8eb697f821a459be.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x25c,0x7fff7335f208,0x7fff7335f214,0x7fff7335f220
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2624,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3564,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3572,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4316,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4348,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:2
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5164,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5228,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5268,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5212,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6488,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6732,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6772,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7084,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7340,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=7348 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4696,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3772,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6992,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6724,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7388,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3108,i,5121283230901019365,5553021999980994159,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:8
  2⤵
  PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4164_1905590400\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2041510176\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4164_2093873275\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4164_69652083\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0db1d88802048ff847bfcf47035335bd

SHA1
bb54059e5b145da464f6521ae67353889ce00771

SHA256
416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a

SHA512
32c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8734b4a181214bb62f91cfa36c7e2c98

SHA1
9cff323f10778a23d73ac3dcffc038d3bf661b78

SHA256
e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5

SHA512
e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e59e7171e402444885d0b5211755312d

SHA1
34fce5b90d53310a79b155a819db25948c7e0894

SHA256
2da0cbeb521fd32daf32463548a5fedb0d8f33d4803e24447c46740c6f4cce93

SHA512
354b5e38cbbd73a7302f514723cfd2728e374fe877013587dc4fd4033d3db1a061d0513942c607902dbc63de5b72e414252d2ebae23c4f979af96428755320ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57fb19.TMP

Filesize
3KB

MD5
6b7566068d28fa05d77b87786b39931f

SHA1
9a5e59cfaaab00129172b8a5dddb7ccafd3d089f

SHA256
9769419ef08ac528256872e113d805988d43b3e632e00955c1ec1a584a9161bc

SHA512
e0de9068d633d87bd198916efda0d75f2fd477c7b04d0e75bc4ff783c4fb8e0baa374ab0cadcbdde42ec98f3519b590183d2042c42c3c43f4a669f10e6edf9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bc910d204b0bc6007b2620f79ac9bb49

SHA1
7bafe0a6dd1663e3a6c9ddc972aa21fc732896d9

SHA256
86c5cb86dd6d050f2508bcbe493bb2924edd857f2952f542c18034efb3cab3ef

SHA512
166168cfdbbc0c722e51151d9965540edc7d9ca4a66c304feb0047263640207c4040b225241b9e15ed9be5577ce195976211ce4fa8d7f271f3cf54bf6d9abfc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ed6026468f9badc0ee612dd1ec0ad1c5

SHA1
5770d7e9cd056ee3c2fb69ca5c818513726d8b32

SHA256
096a750a720f11f190095a07b4cf379a9a8edd73c09871158684050c20c7b9c9

SHA512
561ca54e219132fb9f878fb4a1b25b467e979d4129dbf185675155bc4fa3339a418a2c840517b7957b65af52b6eb4a05a9b70fec10288d55c0f7fd6f0d9c73b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
86ab9e7a606eeb68870b7457f80738f8

SHA1
1e11a86ceb4c16efa3b72f319b26816b74f04148

SHA256
6ab5db540ec12f67d9211536b3610bc625e4b7c164cf1a4b4f6f2608908c0b89

SHA512
d5d392acd7aeac2e7b2e208c5ff38374f180428d61224807fbb3dda32e042e7335bdad6a486f6d3b78f5580d267986154cd49b4166d8b9abd2ae407490828611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
9e8aa9cd6a3aa1d6afeb8a426eb8889d

SHA1
5bc113d556ffbd35202cb7e6530f34d3b51de05b

SHA256
ad18b26eabd31bec5bd2d993351d3afe133d45555ab3db83e52d8031504d030c

SHA512
0df973b7cfb43c530ee205e043279ea51579601ea5982edc440880d8824b2feec37f06c0049348bdd495c73ba4030f08a99e94904a058a173bfa62e64dbeb775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
feb97df1fca9c4eab91b18bd6a47a8ec

SHA1
8547c146872fbadbae140d490e8db44fe86bac5b

SHA256
8fa9115190ea0e3bb21e76125fe9ac9a87a87ef15289baa977edc7fc23009353

SHA512
ff835a399ddad6edbe47eb71690057ef4856ae7635828bea664eada6d8aa8547352f447ea87fbb1565f47d05e66cf8e865d0ee2406bbb09564a0957b023dcfb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
874B

MD5
3e2c562c4c512b4c247786ad3d5b9216

SHA1
e3028e46ac169b38bb9bd415041918f9b259dd03

SHA256
8ec737866ee5de9ab13669196fd89c7a2f14625d897e7725f6d4803864866f81

SHA512
db876dd48d188bc320e2fef90920d7e31ff6310b4733f3332b972ca7dbfe2cb6d7631cee1902fb4e54499f88936b884e37b9f64a0bd32a99080532a801f1c486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
5520efccf324e7eaa8b607e5d507395c

SHA1
a02411bf99ed9560710945023657752ac1caec57

SHA256
e1d068b739f0fe3e056b96ff2ddf3f6240216b48ee2107e2369bcfb6225dfc9a

SHA512
0c5e250b0d7b3a54f6880c3f02a239bbaef9653ce6ba8889b7bf9c2418b4dee13f74873ac64dd4af4d1f44c2c4c111ed38b3510330c4d1c5e4d9fde443aa5289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe589546.TMP

Filesize
465B

MD5
5b34120a05682e0736cbfd00e3bfbb67

SHA1
2d881586f0406219003ffd6b7f4b6cdeebc53317

SHA256
3ec28262df8004631a7dc881773a07f150a58fd9012945b3025709e6c51fc625

SHA512
9e87d888bacd9f9fc8602b069b0cf9bc249b7d5bed8c1093036f5d4f0991b5852eaa4d2086f5973e4acbbf5b3f8b39fe5a0a127ba4908f2ae316b1f190b323bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\b4e1d4a6-f7ca-4dd8-ba63-ed8d43b79db2.tmp

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
8acd0327a9e46cd81fa6868fd6c90f1d

SHA1
beb6f52998ee1f3a59ca99b7edee1ce679247791

SHA256
dcb565afa38be497ef7e1a65a742d51f200a1f0b3973ab5b97dd1b69cd4c5e30

SHA512
668b20345bd13242b068fb10883194a27b4b8f424bf003a09b4124d4699864c3cbfcec8ce70fb7a28d7a52aa4d1a85a869af8e58c72e1eb143da22f8dcf6363b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
29f5811d27bbb42f3a39516dfecac21e

SHA1
5cc55183b020727bd417399bfef3a8e55661e4a2

SHA256
5c174bc868c706c06ffd8e3a9ec2ae83f380bbcd1b7900086458e9b3be000c8c

SHA512
b68ed395c0fe66ed065ed7cbd53a21d5f72d13a8ad26c5fa17f41315dce94ef319621f90e38d08d0fa3c57b3f3503e854093ff79a41638ee846e6beec1e0de6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
343f218ad80024be59c86e9e7dcee3d7

SHA1
c6239b9ce6f33256e4035ed5b89f5ee19de37629

SHA256
78bc03ee4c3d34a03c49c4042bc7aba6665a82ad01d21720bf55131b2145feea

SHA512
daf6c87cdcc39d45733cb120a91a183c033d7b90676135a73c26f0951009f09b0d3980ecfdb2c9bb4bcb289acfbed9e2c95e2f18633664faa017f47f32b845fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
6383aab4e75dd968f35308d092dce5c1

SHA1
c886e7ed24997c1ab48cf256ccce5951604d8c09

SHA256
ccd9528b087f3f5575c108549face2c2e72f82a138218e45ac0ce15b7c651e34

SHA512
211d9e9f71cd916772403fd8f66e7ca5c2bbe60d38a3c08989291332a3e2d61757543e62e5de5fc6bf0c54e40a70930da678c494b9104d9488861c4035ec6a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
96453f994afb78946ee29d93b4348c3b

SHA1
481d52f89c303ded2cb16f9d0b02539b72fd418f

SHA256
36f4682924e511c492c685fdcaf11633dcebd3b48fdee33e8b7d88951f519c6f

SHA512
5a3fa88c254ed92c14aa1b22904b59e10dcf63cc9f96c05caf315195fd461d1671376818ea23bea50e5c889849da373134f819e50ca318d4046e9223decf3d62

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab35148d-c804-4616-94ab-28bc76e61db5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\b741a4d1-8620-4afa-b745-63489c95ce81.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4164_178714807\7cea0c5d-fe29-423d-bf84-ae42828de1ce.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit