f8a01d3aee0ff0415f6b14a3da95f78bfcda24f01c9957e3dcf6dad2ee263174

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2025, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
Size

495KB
MD5

b2f6381a533a8357a604ee8b3e8ed0bf
SHA1

d7ed33ceeea1316ac57ddf9e9ec7e5f8d5dc524f
SHA256

f8a01d3aee0ff0415f6b14a3da95f78bfcda24f01c9957e3dcf6dad2ee263174
SHA512

cbfca668c2fb268387eae7d0dc6d36bcdf3521f646284d8711a1096f42977628c36e902fce93b25edac6bfb011f3d534af1a0a33caaf4ef4977c6894295918a4
SSDEEP

6144:He34R2z6xfzh36dqXEVTrnCRZG/t7FTBqTzP7n7O7L6K2Bfo7pt:z2kzh36VVTGf0ZTsnz7O7L6ju7pt

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_603808391\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_483527458\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_234419766\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_558822506\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_558822506\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_603808391\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_234419766\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_558822506\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_558822506\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_483527458\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_483527458\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_483527458\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_483527458\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_603808391\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_234419766\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_558822506\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_234419766\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5644_234419766\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133889756501177560"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{921A56FB-D895-4B0B-B652-093F9AA26CFD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 5644	4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe	91
PID 4832 wrote to memory of 5644	4832	JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe	91
PID 5644 wrote to memory of 5620	5644	msedge.exe	92
PID 5644 wrote to memory of 5620	5644	msedge.exe	92
PID 5644 wrote to memory of 4556	5644	msedge.exe	93
PID 5644 wrote to memory of 4556	5644	msedge.exe	93
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 5296	5644	msedge.exe	94
PID 5644 wrote to memory of 4200	5644	msedge.exe	95
PID 5644 wrote to memory of 4200	5644	msedge.exe	95
PID 5644 wrote to memory of 4200	5644	msedge.exe	95
PID 5644 wrote to memory of 4200	5644	msedge.exe	95
PID 5644 wrote to memory of 4200	5644	msedge.exe	95
PID 5644 wrote to memory of 4200	5644	msedge.exe	95
PID 5644 wrote to memory of 4200	5644	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2f6381a533a8357a604ee8b3e8ed0bf.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pf.phpnuke.org/s/3/9/39876-663690-mpeg-to-avi-converter.exe?iv=2012102222&t=1744502046
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ffe366df208,0x7ffe366df214,0x7ffe366df220
    3⤵
    PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2
    3⤵
    PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2004,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
    3⤵
    PID:780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3484,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3980,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4984,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
    3⤵
    PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3968,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:8
    3⤵
    PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
    3⤵
    PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:8
    3⤵
    PID:5196
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:8
    3⤵
    PID:2780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6076,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:1
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3948,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
    3⤵
    PID:3068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:8
    3⤵
    PID:2612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3908,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:8
    3⤵
    PID:2500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=2120,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1
    3⤵
    PID:1692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3964,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6528,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2028,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
    3⤵
    PID:2016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5180,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,15144072322432117688,14981729152341432506,262144 --variations-seed-version --mojo-platform-channel-handle=1140 /prefetch:8
    3⤵
    PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3260

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5644_234419766\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5644_558822506\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5644_558822506\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5644_603808391\manifest.json

Filesize
118B

MD5
38a783f9ed173a04e5bef70a52292fc5

SHA1
2329da12d659d33a964ce876541d3ada1929abc1

SHA256
49bd6d2f7f3242bc71f47eacde83a0a1a0e7310074f30810223ea2940238bfcf

SHA512
3ae1c4d0ba65528b9476dfd6035144215227c2718104ece92f9c00bdaa505e2c80d1d30f6e1556f1ea5cbbe6c4f2a2a085ca5b3a2e33cdee74d65e5ef81951f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
991dd8fbe9a0cd6dc3637646bc73b6fe

SHA1
cd33a4c3c2cea06b41e5388826af365691769de4

SHA256
7e873150a039c5eda07ab3768e2b49127c3f824319d28909fe07f31d6f3119a4

SHA512
b8c1dbb54394674bb88fd7cf368214885e0c328e51651ee8f412aa1ab85151582c70189a292e24d551a8144de29f82e8e9b51ca5a695d33dc0e3326a78d05263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
78b403cafa6ed486b8ea60a3763fad0a

SHA1
1e9219c30654e8bd2af76e8d4da00fbcb7f13a6a

SHA256
ab8d5c7d1a3ecb0b6c57f0023b1633faa6d0299913b0d7f6f596b844b0121f56

SHA512
6ebe19ed039ba24b23c7fb8afc79371b8b4fb7b39e5fc683d6a6dc1f9a343150361801be83bb030c59e2a6d5a5fce22df620d42ea86e4deeaed0890a51f711ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
f6c464d9504073299b8ab5aed02d1c56

SHA1
e9b873b3c0ace0842a1b1e115707438c9dc374ed

SHA256
4a2c113af61e5378bf0ce9cb08dce34185020e1ac82d58a876b635b7cfba152f

SHA512
1bb05d80ebcf1b7300eca527184adc8add60bc9966c92d58946b53010f516e6f8ea24b76dc9f0fc2f16991f66eafefaa0a73d4583975e4e7af5cc26594f84fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9b1556629a596ac04bf189c4d0437e07

SHA1
a48140dd3b9d3b0743122a5aae7ac6519021465d

SHA256
83a1e98d4b4cdb26c1f594c27df49cf7db0643118cbb37205eeb1cd8bfc99cf6

SHA512
e50cf8240dbbf498bf49420424ba5c15ff93e2a5734ec3fb4cd4c58ba25deec6ef7f4c91b0890ee0338f36826d14081a318bccc5fd75b73a5a3ace59292408dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
5ed5349ce878f5458253d15a63e7a6eb

SHA1
0c780bea56d8607208b277302b4f9bbbc514e005

SHA256
727e4620cecdf5f67288dba24610cbba2b1c267afeb138a15e3db3767697b57a

SHA512
b8a9a1e67876e38ccf4cee6d74750563c0ef4b4ddd5f83f7cd4b5379b0361beee2dd31f0a7121d888bafc6557df4d260b00181bb4e470fae9215d4599eeeef39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
fc65b69bec7727daeee854f6f54ba6d7

SHA1
bf6a284879ae0b8efb90ba911aeaa12e0aae7bf6

SHA256
556082ddc3071d3fca18f2656cd9280480ea7f11e627f931769c49236fdac60b

SHA512
9b1a891b86be20f9bd8c5714993e717670e0ee4211121dd48e3693da13ad3ea8870a27317831b1199d65817c00db9cabc98238b97c1b09e3aea6d56afbbcde92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
0d2d20ef2b1aa211c6055cb5fbbbdc07

SHA1
1482c006d66ddfa68a957216f267a2ed2d68b87f

SHA256
c857c5960e6338740351504d5fddf151f2373ee3b296ae783e3b7790d2b1d650

SHA512
e9cbb8f764116e57348baf52f892078efb5a9bcdc5debaba0926fced092c81e0ac25212d26105ef1066a81f825cc23508658bc39c0684c55532de2756a0ddd87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
e6a78bdb7d4b4424fbefb76e0696cdd6

SHA1
e77672d76d1080893c8f19ce52683623312cb27d

SHA256
50557e6d2d92d00d4f1f3a509aba3015adc3c42381419fc9fb250e9cccd99773

SHA512
d400a4ae219f408df4f4ee506572af738e955a6b9f62d6a012bf35c401c0486e2db57a63c1fffab90f5500a598bae673bbc2fe0237b6958c63b05bda8e503ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
87b502a2ec9c38c11e40847b5d669351

SHA1
cde7c42314408392c4e59712fcc22b48e2bb16f7

SHA256
d5d11e85ac8ee92f801505ce2c020c563771100afe64e3ffacc34f831fc952c4

SHA512
d5bcebd6bd385f69062df88420ba32d11121a58868f36fd366d003a0da80d43102b497f18c3a70f77187b85d2d3620738276a72719e10b7924caf08401991c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\aa5229c1-3261-46cf-86de-22ad9ea0ccff.tmp

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
c57157118cc3971a7b71f6aa9ee653a7

SHA1
93df464a75776e4070f51ce0575c66e4162d9d75

SHA256
db20a51ae1bd57f1ae84bafb461e4b88481f7617247e5a0d132927aaced4922a

SHA512
fb2d1e24cc5a2d87b90575a079a248da92b540a76d9c35fec345360a3e8a25d53377be3715c0c0ccb022ff7e5de370ed4759de348d8fe4e0f2b2bbb3eada4d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
1009f5087c7929d0b8e6349009d17924

SHA1
593b6ab6e095fa7bb90dd8a60fd232fdfce7043c

SHA256
ae2762a8b53cf3913ead10a6cffc120bf30c2b7b11987a6751021ef572b05d33

SHA512
2fe965700ace7e2939a53864b185e9bad21e67cf76ffc0dbe0043ea2659861acb7f2c031853280b047cc2c294d8833216d53d6ebb25c6bf2ab450f64475086f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
6414d1b6266c94b169764c3dae830af3

SHA1
3755298bd19587721d2fae63d6c83c30f2f86f28

SHA256
154976c892902ae7bb12173e395cff2c837f5b0294ad3c33aafac73bceefb19e

SHA512
a8f58876080bc2fd2a86cd1540216a13fd4fbfe19786edc93717c1063adf7c1ea995918895497afb05aa43a797eca557aaeb563cbb02055a6a0968aba9106997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
729d00f904cc90b38182c9eddf9d23fc

SHA1
53b261ae27a60101f3cb8c71f46e952739ba8f26

SHA256
20e7f930fc3acdbfdfa101cc72042edb22409f29db9245ca944b3fbefeeaaa38

SHA512
347479dd889a8571ac4cb94dc5426b61fcf3bfd6de2d87304d5ed3f21fc9de867e17d7cb31eaf99068426b6a498d98644e684aafe383e29f7f596c1b82e599b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.10.1\typosquatting_list.pb

Filesize
626KB

MD5
0104f1d6d013bd1e93f9d9da98366a4d

SHA1
38291eff21f6fb2680eab78418f54beda8e77114

SHA256
0060831feb8e7c25fa67fb62023111ca8c767e4c48ee5ba8d64ff7b9f88dea77

SHA512
35db78d2916a71e73501d7c3d18f3e7d655ca668863b9142ae4e4f99ec2169b2104e41991835ae3557c533d0fbbbe5474847e6027bc41808e18a4dd2cb3682a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
bb0c4f3cc14bed1e2339a432f8a285c5

SHA1
c106b498465870f375e7722b7451b846fa902383

SHA256
6bf7eca8bcca63bd477b43415020a9552eaa05b99ed4872c727de1483bd129c8

SHA512
ecf30eb81c76a33ca22e0333ecc8860ac6cd647e0bf48e2da46eecd432f73d6ba816cb7c12d334c0474eb75aca07c73f035f0edfb9056c7b4b5b379eb3fffba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\UAC.dll

Filesize
17KB

MD5
09caf01bc8d88eeb733abc161acff659

SHA1
b8c2126d641f88628c632dd2259686da3776a6da

SHA256
3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

SHA512
ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\inetc.dll

Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\ioSpecial.ini

Filesize
1KB

MD5
65c39ec49855e03489050126751e7f94

SHA1
5862e3a73bcaa8498d7dff5b83dee03784ec0f84

SHA256
36404d44f92bf5fd49412851f13c4018fa71b7809bd432170f6164c932e06fa5

SHA512
a4186ba77697cd621ff974529285260b99a107f00d594ecf61f962974b27ceb9985989b6dc9eed400cb0d01ad8cbd9703ce9aad998ebb9f125ee10ae0ac0515a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl7CC2.tmp\show_page_toolbar

Filesize
1016B

MD5
de86f93cee23f29c4146d0490847826f

SHA1
cd01e4525e6b2cb3e6ced0589af4be9c2d0a0826

SHA256
b7b742ad61715e695a56cd0d1735d969bc7fc2c68899d823fb3ccc677a966ceb

SHA512
3b00c9aa5f3286e963c0ab8e3a827d7382d847ec68313f1a40088d68d0f6eeee61d6a56edc8c45f0a963c80afc9233acaa6fe75123887647ea88ba1aa9222565

Download Submit