affff4fab5e7e1b3fa0f6076e80e926a824ef6a025e8a0863bcff3b01598c847

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6936b3c40877e7ea7821fefbd02bdb81_JaffaCakes118.html
Size

66KB
MD5

6936b3c40877e7ea7821fefbd02bdb81
SHA1

fc18b04f77045420ae92dbd68ce5a952bb059f5a
SHA256

affff4fab5e7e1b3fa0f6076e80e926a824ef6a025e8a0863bcff3b01598c847
SHA512

3ee4b5d7053fb596d418fb95b52de88e907aa762fb8de27f017561fe43fa0299855c947c9c378ac3c2d10e83386436c333669bbc9cd3c33e287e235449a5e862
SSDEEP

1536:vpjVwSSiZKgGpwhMKOaFo/Diiejs6IQdxo+OqghKe5+VyLRTfaSdU:vpjVwSSiZJGpwhMKOaC/DMjsGdxtoKe0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

35 sites.google.com
55 sites.google.com

flow	ioc
35	sites.google.com
55	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4860	msedge.exe
4860	msedge.exe
4676	msedge.exe
4676	msedge.exe
4900	identity_helper.exe
4900	identity_helper.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4676 msedge.exe
4676 msedge.exe
4676 msedge.exe
4676 msedge.exe
4676 msedge.exe
4676 msedge.exe
4676 msedge.exe
4676 msedge.exe
4676 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4676 wrote to memory of 5008	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 5008	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 3048	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4860	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4860	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe
PID 4676 wrote to memory of 4892	4676	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6936b3c40877e7ea7821fefbd02bdb81_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
2⤵
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
2⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
2⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
2⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
2⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17353873519553016334,7464648203235210999,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
7e6c498107b9141a5211be2477264578

SHA1
32bf48f02ba78231c5837251944bc4bc4276a7c5

SHA256
8e94c118000072c6caf8387eb7dd1778e5516b97903cd43f5f44e0a271cde69a

SHA512
7422f2fcd85915595be29b97e99f57cb5f18d93633bff50b4374262f83f972686ec7328a784574851b10384cde7da66c67339fbde8aba6dbd8506acd202819a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
8f28157030f844fc9cb96737de3e235d

SHA1
a1bb2038e237e4786d6b6d9bd563ca645126e4e9

SHA256
5aaf7f046c8830fbfe4d7bc4d8d27b74cc69e338ea14d45f048cee0435ff2e67

SHA512
3a2c1effa1fb2f31c17ff5c76943af99dd7f588a67909a7e44f8da3909edd0ab3150aed010be7b4159bb5cf79b8f4aeb30703fd6439a026c1388c84ce0fb8d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
745ebd543f40d69d8caabd8ddbfe35f3

SHA1
e41befb48db6821edbf433f5956cc4dc9fd81cfe

SHA256
644556f9a9d26b17d0ee8228cf1fd0831f5c3616cb61b0856f8ce55984e5ab75

SHA512
bd8a16ab10b60a1daab5c4e5d503c7f9f8d96173e323b312c086c64c0dd373a5f19407249740847733799f225544c239bc772f3c2d61d3c19c2cc1907cfbe593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
fc115d86f161ff45266398cf37f7e220

SHA1
61a4e98ac86e4a4229c8278be0a3c467907b5ddb

SHA256
17214fa8e2e52ef97e007c232a879ed90da452f339d2d495f64638d9a43f66d9

SHA512
fd4c55da6ae57d862dd04e43a7511c8c4abdf440f35612896b078c5c94c0ad39dd3b39dad18081517976e1f7739661bc0a7bde85eebedd2ebdbbb848c1acba85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
d1bfa541975c71eaa1a9f390df4aabdc

SHA1
ff5ad5383422003662b7f3406d376860ba2c8836

SHA256
ed2aada2a84d3d26e71a6985d09cc047341dfb979a68da0e55458eb7d777e2ef

SHA512
e0c19eb298ea9fde50f7d89d2ccd6feeeefd75bbbf9f2af1d9ef3990310addcde66c1f0dcd5bd1d1912a2c9bfe2b3a1faa6a1727d9b192a71e62d6647c44069a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a6fd5af4e3b583b3f5a3b0694f1382c5

SHA1
ded7788551c5965c8eaa7d20b27bf435c4ccd54c

SHA256
651414a678afc4ee9e9ad923a4affc1e49d229bb79f7c770c865c071303ae710

SHA512
2bb0677ef1d2cc43221087bda84571db5eac7f5fed7c05612869bedbcc4a51052ef0a2ebbe3280bf6efd4550dbd3055197c81e90997624973f698518780b51e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
f09a380178b82d74a4a338050d522801

SHA1
7df64059bd32a84de1fd642388a4c426afcae060

SHA256
e2668eb734dd3ea608122a2f414e622341f910f10aa9a3376f04d289027873e8

SHA512
7a120dc3b451d88508b27a2371b2986eec95766b2c14a97cb42a727772fc76ac9b3fe8cf444b46ca7ac7aa1f65db7aab710fae8747cc07d6c5f56e75875470dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a7d1e84780b5d1b60edb4566eea20747

SHA1
2246cc528ef9b67d0e890e03ae740c8721534d41

SHA256
c2757938b8b83ce7cc4674d27c11eac9e8986a93fb98c6599509bbb81a04356b

SHA512
2a79275524c33f287adb9b2a949b99fc0a24e168e1a5962c82f252ed4b565964f666713d346856d09c79ba7d0094a1767e7b902f85e1f070345fb1119723b624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
170286e0e307ad6a0bae37b0cfcd0179

SHA1
77ff65c57a773f05a225970248b2871b8cb9bf59

SHA256
1d43cd0004f626b2f95548671fd5960c4882d1ea38e920942c2edb222b25bd50

SHA512
37d641d4de1d2bf844e65703e9bed6170390aa576d400547585b8f1b8910bce2d07f254cda5d0417364edde60f94b4e813ec8da094736ccc0491a9881ff8fdf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581f89.TMP
Filesize
1KB

MD5
49fb52154a16ac9f9845db865be1d7a6

SHA1
cff7358e131eba09f462afe11f6c16309243792e

SHA256
ccaa13a98e738157e4e2e6abd741dba2f2e5f8d2e474acadd619c94675dae5e3

SHA512
8d78e0ce306ca12c4e0ff5309a2935534368ccde79560d0aa685d4676291a2963ce03434be949f0178f5af486efefef3c22cdf7fd2ebce211298091720f317a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
960260cb94ba8325acac376921a04a08

SHA1
75d02865cd6208ea3cbe814c116776a438442c95

SHA256
297eda2b7034ebfcdddf1b0c9589ab6b7538e736f3ddfa8749f1296006324cab

SHA512
214567487ab51ef5b9551de92a86538f0d9ad9e98d98463104f44787de33a403a10750fe253cbee564ab29c0001df5da65a555b06eb1a2ed8b9fd3f7799e5d17

Download Submit
\??\pipe\LOCAL\crashpad_4676_WRTHOMRCQCZPNKIB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit