2812eca559df30def213ce343709b34ab4a1016e2e1ac942356685ff450093d4

Analysis

max time kernel
146s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65cc450910b81d662f22426b1120feb9_JaffaCakes118.html
Size

111KB
MD5

65cc450910b81d662f22426b1120feb9
SHA1

03278be0bf5478473c8a54336a16446f1b424c1e
SHA256

2812eca559df30def213ce343709b34ab4a1016e2e1ac942356685ff450093d4
SHA512

565f3d6014a4c98c0a8743bc8ea05e42aeebc28c9af28754c0f1871c8778e0f6da00fc3db042f75a3406c7496e3b6eba2ae7859f37c31e22b6ac0c346af76d66
SSDEEP

3072:i1Oh/SSodbnckaYJNQMcZf+fRCqw43e+srrND1r9qA5D:rh/SSokjZb

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

12 sites.google.com
16 sites.google.com

flow	ioc
12	sites.google.com
16	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
672	msedge.exe
672	msedge.exe
1456	msedge.exe
1456	msedge.exe
4376	identity_helper.exe
4376	identity_helper.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1456 msedge.exe
1456 msedge.exe
1456 msedge.exe
1456 msedge.exe
1456 msedge.exe
1456 msedge.exe
1456 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1456 wrote to memory of 1640	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1640	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 1948	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 672	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 672	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe
PID 1456 wrote to memory of 4080	1456	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65cc450910b81d662f22426b1120feb9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb97446f8,0x7ffcb9744708,0x7ffcb9744718
2⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:2
2⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
2⤵
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
2⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
2⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
2⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
2⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
2⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,14754028104106308248,5489597842871747447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9adb4b2c728cfdf8b081e064619093c8

SHA1
316a89483a645007c82e074bd6640340372eb630

SHA256
4bdd332c7f78dd024e9a83005d22e8ce9add16b59f36d9287ce1b610b7d3ae36

SHA512
e610adb3221005696d3c1a2b95089c717c4e8d320244f81deefdb9c9ae1569f76adec0b0fd49e4c58b18384ed44b17c348ccd7800ccd82a9c5a4e2c71aff6bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
04817b736287688c26d2647b09e6afce

SHA1
71050819f582efc50387f4dad769fc2a716a12d2

SHA256
fda3c56ee61437665409aade500f5d1ee34a69622e00b8b586ed838cf6a26e76

SHA512
6cc61aec6bb93b0bd88babe868aa605b299bbfe611dc342d05f77ebf15e269fbbefd174a78b7d28c6e651c98cda5808f03a1cded7fc78136cefbf6bcc243fcf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
02bdacf23269cc033f6e66fbfe2a1191

SHA1
7c071d8c794f90a6c957917cc0c89098a6bbdbfe

SHA256
83545e9765de1eb2ba5944eafd390308b2ffe4d77ebc85d7dd059cbd9f24db1b

SHA512
1943cbd324914711a5d6b66f71c7884523b9cec3b7fabf3a7b2a2a1226980a714e2c7f1aab2135c466eedf2f09463f08ca18246ad7538c58e40f67e086737f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07c08a319a2f588c2ef3b7087a0efe35

SHA1
4a64aec1c2f1123f4153cb076660cb91725fe2ea

SHA256
be05804af76764b3ecdfa3bd039118e64586f3e4e0c0ad289998caa3cc6bb80e

SHA512
2ed5087ce7c098f6a184633535823fea2d2ef5c2a1bedd76385fb70c071843ec1a354f5e9cfc5b87c9b3aaffee8be91aebc4fb1ad426c37d4ae8cdb96a3131c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
377c93d45937abeb706dd55adfb2c8c8

SHA1
47a5a0d0ddb06fece3677f6540061ee9803b0129

SHA256
889a77f4886bb94c205090ec8a87484ef03e3895f264777ae3cab7a0477da643

SHA512
f8227226ef5a7a9308fbc3dcad1aa4bd1e294dd28426bafd62d2cc4bc75c02d1b0b856491c006c0e0f2107794d2ae02d6ead38e41834ac0b80787473c91377f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
486fc4afa1a6a893889c41a6d18e3957

SHA1
52bc3aa45f4d6efe93651eb17421c0c58b49b75d

SHA256
464c7c182bdb85cdae869157830c229b00bdbda8df596fa047c4b35c5974ec5a

SHA512
06916b5dc008e084cc2caef769882c941918aa4ba4944b44d8684c333b6e53e80052321e224785ec889cb89f529a118fe79ef01703cc1a3023e772f0a84ef8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab71f8086c4e2dff37e676ecb7537498

SHA1
2b3b01c861bd7dd6314544f4cdb57cbede44c1f7

SHA256
41eae919865b538b9122949464c7caff25c0648aaeec81013d14176829d3f235

SHA512
e4932a0fe8abd7a4ed911cebc43598e808f6cec92493e7b63a7ea5bf7ee16a38999922ca951e288d311b29dfce844e3f0fde00f6d668cc4269d8fe836c9d556a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d520c35d49c9f2f53e05746223d3de96

SHA1
a98454e6393a4ac7c441a19ee13443f47e7451f3

SHA256
fef16027c64a2b7a641eac88990500f417e5f83650cb560675f5473cf9cced6f

SHA512
d286db2a5ed575ca5e6bb791164f9244ccf592d67fca968bcc39d83b5d4fe14d14d44e68fe0409cfdde272f7cdb506300a6134fb42787da86e0312b4c1555ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
825bb0393cbf64bf11e551adde404227

SHA1
fa1a8a302e7fe07b5515960638aebdfd4030f9fe

SHA256
3b8f7edb0dbb93996849aa77fa138768b55c86add13e3520c3d536c619f4570f

SHA512
569466a44311e124f49dba2bbc653b0d90cfdbbf8657725851bf705b15df98a7d47e88acfd7c1f2cf10adb1d1f95afcba740b924ae6354ed9d7c2ad67b0c4f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813f0.TMP

Filesize
201B

MD5
64c6a8b4111dc15975164b15c96e3bc1

SHA1
3af1e6acf9c57479c2df3c3dfbfe449300e5d750

SHA256
eb999131b2cc1cd2a313a1fee50bb9ff16ba41c2f8c246701b90ceb1e8791ba0

SHA512
fc22c1c3cd7756fe606390358716be9e337c9fdb06dc06cf7dc54cd1c58703425103f3935b3c7dc71a1eea75ebc882e43d230fc93cea08a69398cfd3a4f95b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f13b5830-0377-48cd-a036-c369e267e56b.tmp

Filesize
1KB

MD5
443965c5aa134ee54d1d6be3deed8b45

SHA1
504ed541d48fecc82147c73fda5d97d3e9badb7a

SHA256
0a2076b7afac2c8d0c8770c4f690c793605fd8c1b416c0fa403f2b41a8d79214

SHA512
8cda2a8c0ee87bf14a4597e70469f2140adb92310839aa86b15c5d5964ba7e554836b9cdfd1652a7df898d602d69ac290d628d5b2bf5e1d43dbd663eac059e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ba854b7123a91f9e58573fd5f656f42

SHA1
6d0a6cb12a27682c4aad55ec10fbb30ce5119d7c

SHA256
8a068e3570ab59f4c84e09457fdb67db4e56215237236720c9760b662bafc2fb

SHA512
e69469b3413e901ba1cecdc5198b4e7d3e50ef6c43952e80e776115d79a948941395573db67edd7973638b1d4915a02945629597e5122ca067314388a724cf08

Download Submit
\??\pipe\LOCAL\crashpad_1456_LMIIYDNYOFJYLJWS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit