a3f25cf73d46cecf88b791616b7b15efb57f0d17d61904af655535568288c35e

Resubmissions

11-12-2024 23:32

241211-3jjjjaslgx 8

02-12-2024 12:03

24-11-2024 10:24

24-11-2024 10:02

24-11-2024 10:01

Analysis

max time kernel
121s
max time network
119s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-12-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe
Size

60KB
MD5

93f4a2182702dcb81cc63506ffb8f185
SHA1

b6f91299ad563acdb42725f3502a91904d4957f3
SHA256

a3f25cf73d46cecf88b791616b7b15efb57f0d17d61904af655535568288c35e
SHA512

642993e2bff2db269a17d891750902dc3e4df29ccac7d7ccb51f70a7779b2f58d645df8383ed85ffe0ded851896d78aef9da1241679cd3ad0f130fe6e0e0d747
SSDEEP

768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOOe:71Tzy48untU8fOMEI3jyYfPiuOe

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\16dcd7da-98ae-4b16-8923-494e405f294f.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241202120513.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexpress.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	makecab.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
524	msedge.exe
524	msedge.exe
4220	identity_helper.exe
4220	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 3296	3860	93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe	81
PID 3860 wrote to memory of 3296	3860	93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe	81
PID 3860 wrote to memory of 3296	3860	93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe	81
PID 3296 wrote to memory of 4720	3296	cmd.exe	82
PID 3296 wrote to memory of 4720	3296	cmd.exe	82
PID 3296 wrote to memory of 4720	3296	cmd.exe	82
PID 4720 wrote to memory of 3676	4720	iexpress.exe	83
PID 4720 wrote to memory of 3676	4720	iexpress.exe	83
PID 4720 wrote to memory of 3676	4720	iexpress.exe	83
PID 524 wrote to memory of 3472	524	msedge.exe	101
PID 524 wrote to memory of 3472	524	msedge.exe	101
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 4312	524	msedge.exe	102
PID 524 wrote to memory of 3796	524	msedge.exe	103
PID 524 wrote to memory of 3796	524	msedge.exe	103
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104
PID 524 wrote to memory of 3128	524	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7724.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\93f4a2182702dcb81cc63506ffb8f185_JaffaCakes118.exe""
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3296
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4720
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffb8df746f8,0x7ffb8df74708,0x7ffb8df74718
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff66f8e5460,0x7ff66f8e5470,0x7ff66f8e5480
    3⤵
    PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7936423511219142545,16202028417448208972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6126b3cef466f7479c4f176528a9348

SHA1
87855913d0bfe2c4559dd3acb243d05c6d7e4908

SHA256
588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4

SHA512
ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dda6e078b56bc17505e368f3e845302

SHA1
45fbd981fbbd4f961bf72f0ac76308fc18306cba

SHA256
591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15

SHA512
9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
53dcfe6bb90a34b7603e03efdcdc36ef

SHA1
826f18a9bdcd4fb53178d9637a151dccb489f5cb

SHA256
54062540f40e394bafd96116844e68ef84079d0f92f8e763a60171d69be0124d

SHA512
a8f9b7c900d9e70eb343d27a21f5c186f351e513622427db29177bec282aa0a5ef4fabffbeb918ca1888227aab2e139b2ca0452c2c48a4645675362906a6bf90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
6f92d482c7eefd0ce041db939a3dad3a

SHA1
1536931de85df6a5e59f0db421eadc45a8838bb5

SHA256
75a3ae3fd40b13b4733fadc89a6c1a1c9792c00d4c9537e502fa1bbe332be906

SHA512
b052f1747a01704dbf718e4c525de6b81e006b3f6e2d0d26bf8140f25c41b4881c213fbba4ac11e958d360b6a491b973c94b2e46f4a6d43c89cf4288f9cb731e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ef2ebd996445d0b2a7c9cfc4ccee10a

SHA1
778a5396ab44d94ba6d3f56be9e45649b365ee1a

SHA256
6efbd873ad2fb05dd3acdb3487c30a820b703044f24a42b79f9640dbb5215b10

SHA512
c15dea6c2d911f283b32b7622d906827980116461c2ebf6e457843f69fc67a07ee965b20b3595dba2daa91c3469d054b66b46bf3a59f47a942235a164e2c9b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
65636ead8238d5948beec762ad2f1405

SHA1
1abc889a85fc405fd01c888563a28b8d9e9871cd

SHA256
faba57768810e32ccd265d467716b268196f4b44d269d120b810b6d1ceb9835d

SHA512
b87fb3384e78e207e97f8190eaac638c6eec0703942814839424590c35536ec732d4ae2c24d07f51086ee9130f19b28b27130f64a4d886de98818c0d468bd472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61385b1427b941fd31b92b5686da0648

SHA1
3527b100e0d4ad24731a177144673ba5cf1eb858

SHA256
42a936315e13a032ab07a78e3dd403965a3f58bd44002912455317e13bd97805

SHA512
2d8b54e7311490a527bbeb84b8ac572789bc5d3887862a3d4af8c145eda1f92732a879e7923a8b3321da63f495ebfba190dcb20a0eaea2928969507887e51b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f95ed0fd16591016119f48eb0829a43

SHA1
1781d961ccb33ceb2e4df36dd97cdb6368f1a693

SHA256
04623038b61c583aaae1c2e14736078f37b351712d16a700a07a936728e9c787

SHA512
558803d0709f6665a3b282701780c1a858dae8f0cac653ebd6f7a4e42b76b5530bde0f4c0363db296f7ae196e58a9293c889b194eaa0fc7c650445b3c5a17498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
90cc75707c7f427e9bbc8e0553500b46

SHA1
9034bdd7e7259406811ec8b5b7ce77317b6a2b7e

SHA256
f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb

SHA512
7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0d8c8c98295f59eade1d8c5b0527a5c2

SHA1
038269c6a2c432c6ecb5b236d08804502e29cde0

SHA256
9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721

SHA512
885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b5b9c2e834b2d4fab98522775939ddd

SHA1
df8f3005cc16ae63d76a3bb23b6e9711cb8a4221

SHA256
2a46760a39a07d70dd50d914c4e120e3f4aa5b03d17007755885f0ba05116b6d

SHA512
e5f8aee5d8879edd1b2087dc8d4c83978a1a46cf5184a851a8f4eab4485adfe32f75fe3c8fb103aea9beceb36f56ce9bcede5eb0a5e27cf70fd67e07ee1d8376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dfe933545910f7958f5c2848d3438d3d

SHA1
054a7045f79b53032b76169ff2df1cf6e4f9ba34

SHA256
9933012e13a8022cbe950ba84a3202bcb578318f8c7cff0dc084135bbda3e86c

SHA512
a2ef118b4b5061280e484118590d49a1e7567fde1359ce2bd96e6c197a953070cce6efc03f7cdd19d0d673a4d635ae99ad8451dbf75fa844b56a4109a9b6c845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21e285c8884edfc61dcf71689361df9b

SHA1
d5d4317a51f2495d19a4415e925f1b997be14520

SHA256
58ff001ef4f4a348445889965387407f81bc89adc9246fe771d3cd4c51bfb0a6

SHA512
8749c785184654fcc282c3d91de69dd482efa0191f7bf1cf19aa9e239337e08fdc6e0b1fd4ab0dd3a3f2bc9bbfc7dec2a95d22e0ac5410d85604936d877b8763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d01c.TMP

Filesize
1KB

MD5
f6f5785f47408a3c8893442a5fd6dd22

SHA1
40a5cdba7212791732626a1432f4843587b5fac8

SHA256
096a3751fe2bdb2df3ddc50935350548cb10af2c202f48fb141096848e31632a

SHA512
094a38cbd9837cd8670f5e279ac4d4b403819e741b6aa67b71e884b518857f1a761fee8245c4070da9d6f2a30be46974a523eb5921d234e8f38b06b1173cf163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7dd9b5e98cccc316a24df687ddf111b5

SHA1
2d764d2f06974edac392965e1550f8cd20bcd9c4

SHA256
0f688bc252e98dce7c194e174390e666a3f67f31448336392043e94b90ddae17

SHA512
3a35c4232bb62557bf0d065b8ca6bf5f91e2ec02e33442246842d53257b100e961abb54147fef038adc991c833f7dffb281b5bb52224acf37bc1cb2b693cbe16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7724.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
60KB

MD5
22afa8f2a85ab70bd509df46a15e2807

SHA1
71bfc1693ab2f6e8648a7354632814bcfbf16e60

SHA256
1143bd97cd2c4b1a1cc86d1e74925696f2c831aa599d16d3552a183766c298c5

SHA512
eefe20abde617d8c44f0891bff4b545387f6d36174e6a3584e5e57c0bc7b403648b3f6a8e906bbaf2bc55ac0696bdfb482b2eba169988aa3cd70587fd039b247

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a20bb84b47c8ed050f3b3209ecf625b9

SHA1
4d6073527762043ce061f4bc1ca9beecf334adc0

SHA256
32e0cd3674574ec535128585f835d0b1bbbd30c137f62fc9692283b85ef1d92c

SHA512
c07b4c649dcb1b858e8e410305c102a9b3006b40952c8f2c15cd45502d0e2990ffdd43f877eb632283913eb7f101d1947606a7d195698149e9debcd728a8f589

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3901b89bbb563ade7f715c8870ee9226

SHA1
978f0e1a6be2b564480eae155e604ce787f4ce47

SHA256
1015b90be0329274165465afbb11e851e02a5fe594683320ade127cdedefd71d

SHA512
4f9d9b50902696a3b2669ac653069d2fb2f51ee0a5f94391ba14756f5ebbe0bc0dd6e972c85131b024d2e8408847599b7043b9d0f3144e0300e240abefe061af

Download Submit