44ea3e45a1595ed16793fcf8bcebd15b868e422441d260945b914bba9322eda7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f8635985a04e7974912ca0fceefa1ff_JaffaCakes118.html
Size

124KB
MD5

3f8635985a04e7974912ca0fceefa1ff
SHA1

763269ec76fb97a1eac62fd6f90813cfc6054b5f
SHA256

44ea3e45a1595ed16793fcf8bcebd15b868e422441d260945b914bba9322eda7
SHA512

eda38c44b3711c6c57e791618ebd0a6c2498df1b2b289d4d5eae8a60ae1b3c661c4af4c59b7c86bb62de93a6b58fd1f40a6ec5eda334185e077cad18bb7bee2a
SSDEEP

1536:2EFwEz4TItnBQ7q8Wby1NOWPDfWejBL1iDxn0p5Gv1:v/+Ic7q8N1NOyKO1Wx0p5G9

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	sites.google.com
11	sites.google.com
12	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3432	msedge.exe
3432	msedge.exe
4556	identity_helper.exe
4556	identity_helper.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 2724	3432	msedge.exe	82
PID 3432 wrote to memory of 2724	3432	msedge.exe	82
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 1068	3432	msedge.exe	83
PID 3432 wrote to memory of 3040	3432	msedge.exe	84
PID 3432 wrote to memory of 3040	3432	msedge.exe	84
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85
PID 3432 wrote to memory of 1224	3432	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f8635985a04e7974912ca0fceefa1ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9278146f8,0x7ff927814708,0x7ff927814718
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16376831234602365260,731744969531302752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
5d56277a10e99980da3031bcb17cff23

SHA1
135085b50b7973b536d27573169673b3599e277e

SHA256
016c2051ee84975fd320addc0b1ca3660a5656de8b07d659be971e2ab17d7891

SHA512
8953e7b3d69d2c3fc8c842d6f0f9f8b836d4e867f4de298043cc4c4d6b7d1d1fa53a34c78f668d48d4a8adba5e179691574ae2e5e122d065789578e1a0c34aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6799b752f5d591f67d7a5e5f89947a3f

SHA1
e4f87b3bdd954cf6375ce9e853bc9b972560ab5e

SHA256
fbeb1a11c3c49ad1d45e73c44ac207e8ac36e0e786963bea3f457bd05c041e32

SHA512
343ae2c1b6ce172f27a4033769017028bb6279976494498da5bcd5d28852870dbe72c26df60aa34b267e36ad2c2ab66b2df392ca0bc761be9dcbfadd0327a4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7adee3c21dcfd8a5016e351976065de3

SHA1
e96baceaa00aa04d175d7343d5faef49ff981b12

SHA256
f8a1343e499e5f066e12d5824fe3e75ec84ed4a8b9f5fe0e9a22b661e3ce7a5d

SHA512
ad3d96a43b7e7fea93da895369b904752dde140505b0d8aa9690034edccc545cf8f27727d6e6fb824aca4b621aacd8ba46fbbd6ea27d161ab992e95ee6a2bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8aad27270581328522b92a39f65df136

SHA1
f65e3afdd69c0f9a68afb881ef2ec8e5965b8615

SHA256
65cbc99baf82ea35a57b33a7ee66e1e36c2033f008dc826e0dad5e117270e5d7

SHA512
4e3408c594a6d849382485c907baedae64dbfb92b0f2cc217f2132d9ca3bc6957c18340cfd69e67ab5df7fb664fcea8e6f6d458fbd49d0312537c9475e3d5133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48b1df90dbd4e2572139db406e1600c1

SHA1
b96cb1de5e83974321c22a31677ad83e4ff15151

SHA256
bb52ff5a4e7bd7bbb5d5c4e5372399f1eab3a37ef0c7fabfe78cfd7864c928a9

SHA512
a4a27c0d426a92dacf14eb86f8a9d4a9656ca075dcd1b95946d4658b36ed6109a7f45b3cd1e5faf88776981cab1f8ea810a5c5d16dab0eb15e1682c0fd4290ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
25b0cc8e0c65da8f23344ef3bc02961b

SHA1
1be6e33d5c49aab749298b8c3eea34453a080fa1

SHA256
b78755088438375dfb8eb415063d8d91f59801bf573a352a88a71692dd11fe7c

SHA512
d81d34299fbc879d597d981a50804f7417dff5a5e7292ae839ad841659289411940c4a38e153b2a77440ac988bdb9e457c45f0b425eee536f39754a3ecb3e9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17e02633d5e4afbfb0587b9b9bc44d5f

SHA1
cb5caa6cef6c0bb6dccc3034dafe7a680ddfa37b

SHA256
ab29de091ad07d09d1a8bd81da12f3c26168f621c7ad1e2efd4e6f178af67061

SHA512
db0e92eb1b095ec5185d7a5491c9149e842196222e16c2d83d7c99193b2b21968998e4925ca45ceb4b149185afb9796688deafb2ec056918a1b65463e2bd3463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7b196b9a8dd3dd59ddd3e32a00e5a323

SHA1
f0060f1595db5b2c7b1007f9faa12b7a1ce88cb3

SHA256
4c31849ed9f08dfcb982521f9ac0b4d8a7efbc9808391fb94e63605ca61ad271

SHA512
94efd0825d6350d9a80278badcac912dbedd6fd20d22491730dae850c92b1820a6562c92cccf38f07f9e5ea56295267ae6116126dc745459e8c0c479c19163e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a82eeec4e9142d731bb05238d47efda

SHA1
61fc2cbca221b95c9f2b772de1246276fb250097

SHA256
6fb38ede47d872843d537badb27a064f9a3eee8d37f5e9278a9ace1f7fb10ebb

SHA512
266b799dfe531d62542abd8c435527791b6595d79fa5d7b4d912c23c989891ef0caf755dbc711e8c340428e790b2ebe6ba28c326347dd421a71b9f3e7b958a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c880.TMP

Filesize
872B

MD5
583c0b2c412e35bf8bce03eec14f72a2

SHA1
c54cafd37b5a272a72dc76dc893f29a9ab885ceb

SHA256
9a0581c113e7e7ea4aec64019e2b9bba6bd4e2a0c61945a57d7834de5a237c75

SHA512
4d014edb5f6c028a6eedd85d2de1a50c9636adcbdb87b98b7d33091983b57847dc8091ff8d0a67d3d4b2ec3d21a51486056465d1725dad2bc1d07ce31316f91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f29c731cf7bd85ba7ce34129446c628c

SHA1
de8f46de69591e9c8ffd70a3d6ca3f1bd67d8f98

SHA256
b5f72fc0f388029a7e7af5a12ef4cb547b2503af4666468b00a5a4b185f8b6a1

SHA512
dee66638209ed7783aac7849daa7adb6f7ed3f595a051159f21bdd234edc3ed4c9d79ee9a0423cce8cbb7c27c7d818f827c4bff063ca5e121dca71f247911833

Download Submit