639ad554118116a920b6943b7b7330c7159a8ea6b30f82867c2da9501ef5670c

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

688c4793696dc598b1096e6292580637_JaffaCakes118.html
Size

91KB
MD5

688c4793696dc598b1096e6292580637
SHA1

1dfdb2f4c95d314a92208ca8285cd8dbf56e26a0
SHA256

639ad554118116a920b6943b7b7330c7159a8ea6b30f82867c2da9501ef5670c
SHA512

7751f720b98de1ed2f90637934e76ea16e0e57a6004fa99a75b921a3d75f6dccf6b86cd0175b3a327d378d6f4941fce9cd0d8f355445406d34ad7a34de97cf71
SSDEEP

1536:S6VXfbSFN7N2QXye2MxGsAf/hie5hNBe5yN0ge5Pe5JNjhfIsjNN9K76GqO2K1yC:SGXzKNyoUwdfPFLOexH/Bg8qD9y

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

9 sites.google.com
17 sites.google.com

flow	ioc
9	sites.google.com
17	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
572	msedge.exe
572	msedge.exe
692	msedge.exe
692	msedge.exe
2720	identity_helper.exe
2720	identity_helper.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 692 wrote to memory of 3644	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 3644	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 4368	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 572	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 572	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe
PID 692 wrote to memory of 1212	692	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\688c4793696dc598b1096e6292580637_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
2⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
2⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
2⤵
PID:2948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
2⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
2⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
2⤵
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15482218414539384501,9075264066885729715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
8ad0c5a8c4d8df490a35f634b227a60d

SHA1
41489e1dfd82490eb05ef1fe53bff28b525989c3

SHA256
6bc2c9a0e194221115c96b1104648b27ce9e40532962da355ae6970be238abdc

SHA512
68d166bc7e8b3f1f19e7b9e5286b2634ba6db91f81fdddca8cc6db04ac81b0c1ba1ad1733f3f8ace9b118a85146cdaac03aa4134110627ea6841d80fc05195d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
eb4b8245c32214c019752f23f06066c8

SHA1
a1c533a1dfefd5b8b3b994c8968c4cc06621d8a5

SHA256
78d05705e0c60a78993e58a5c86816847b5e6154027372352f1b98cdece46709

SHA512
a2b6d748fd231c80ec58db2276d1788de512af1e8355d391c14897c1ddeaeb9b0f631fc8faa0df5972aebd81bc9524fd7fb9605c0be33c93e4b0b4bf501de575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8827b31efca34b2660cd75491af28049

SHA1
d70acfb6ab6d3aa930b66b85f84704bbad013bca

SHA256
afff34e89e352e8282ff0a56735fcd192391d36a2387c26a6cbcacb404584b5a

SHA512
d56921cbeb32a3936e75f83853d88ce42010412fa1407a92d7973e5d8789faa8d2dc838cc97a500c5c4cd753b801fbcaa027a4401232cef586785acb1039f739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
452a91379c804f15d0b2d736d197f564

SHA1
8b5ce9d0d4da80866560af56352bff584ab680b7

SHA256
956cc6c039f53081cc40a88e658d532f36dec2a9d22c3f00ecdf3a9226d4b375

SHA512
300d0cd1a93ce723034bebeafefd185cc67e77819ba4cf554f127aa904bafb1139d7eae6d3677647f7f58af8558d6adc1524952db3540d92a9229bb9c093d02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e75104254464382ca71e449b2a4d7901

SHA1
f114dbb8228f73236e4b9e889ae5c1fada39ee61

SHA256
75778f3dbf448a57dd99031f24cf8a3eb7075f10c57f73c5956f0299e806f7fe

SHA512
b1a090685b5a5c32e64d44cec0dd557e53ca928d49dd33d9bcec903d106246cd6fba7862ebe6cc99a013238cc5d6155664de01c2e986b1d5b6eb089123119270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
fb818c6af2b8e2718cc24cb238f3bda0

SHA1
468535b631a311088ee110b3c883cf9f9d5556f7

SHA256
7c1b4c828e71a13569ec881ad50673623dda6e39dc28823d1f3cfe9ce19a9543

SHA512
9d16038ef3fcffe06dc3c17fd151bdc159f860eb0893456bb36a271f3b298057de6864d3c4a818c860263409e61f4b4ebecedc7ea389844631c0a1eee83ca990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57db0e.TMP
Filesize
370B

MD5
5171ca5c4f281b7e656b14a2ec85ce16

SHA1
f38894ef6d7a13a8a4392dab9a5aa290fa38b43a

SHA256
deed0b6911d0b9ed501459bda157584d01fd5cc247fb81a9fbfa85ea3f6d9d0c

SHA512
9316e94a22ecffa7c4a3beaee9f4a8b0b0a2b4c8c8b3470a1cda24480836e0e873961480c423ae5db8d55ea46c955ddfc0426618e6528d1b46775d44cb32dcf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
dedc43582a6ea45cad2cb04d2a30fc8f

SHA1
38e979eb424cd11410ee230a2fc4faf1d41ec0f8

SHA256
b856e4e2311b4e6a7a8c132f4bab9d8c48757806b119b25d86c0a8cdba67e321

SHA512
b2d37f6f93af7e92e410728e4f82a3eb51f9250ab8f5724a080212daadadd6796c071eaf59c7b7c6e90519cd6abee6a873de658a6846faf79b303d9c28425245

Download Submit
\??\pipe\LOCAL\crashpad_692_VCSBABGMDCUTKQLT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit