4adf43b33dc16876cb90bac7effa9a15a2b9e77ab561637d593cc26d3f4857df

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7101a35fef0c216d8306855f8c629b93_JaffaCakes118.html
Size

300KB
MD5

7101a35fef0c216d8306855f8c629b93
SHA1

d4604a08f2891dd5066d271bb95938a3097147fa
SHA256

4adf43b33dc16876cb90bac7effa9a15a2b9e77ab561637d593cc26d3f4857df
SHA512

b5a3242fcc9208c691e4344684d11fbd447d453d9f21cca750f459f5d29d9756d787eb372e685458bd3366e7e95462a4b98975ec5616b7f21f7327083418582c
SSDEEP

1536:eD+SbTTF1SjToPNkltM/jVII3IbIre0NLum56oBUJLnvMWu4/U83k9dE6G9m0zQ2:8+SbTTF5PItCVI2j7ScCiTCH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4664	msedge.exe
4664	msedge.exe
3636	msedge.exe
3636	msedge.exe
3840	identity_helper.exe
3840	identity_helper.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe
5892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3636 msedge.exe
3636 msedge.exe
3636 msedge.exe
3636 msedge.exe
3636 msedge.exe
3636 msedge.exe
3636 msedge.exe
3636 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3636 wrote to memory of 2324	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2324	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 1964	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 4664	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 4664	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2144	3636	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7101a35fef0c216d8306855f8c629b93_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e7f46f8,0x7ffa1e7f4708,0x7ffa1e7f4718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17132333346292235627,12702691968265009206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
82be354a023da897aef8de7b61175ed2

SHA1
199ef8ccb2d9cea1b62ca22ba6cc50374e45869f

SHA256
bb84a093903d6432fb31ba7b371ea15e285e4908994a3d7982c6f20e995b3172

SHA512
35fa229c034e8e21c6088c9aba102aac08f695c0e7da7635231cdcdabfdfb980c614b09b15337d2fd24d46699df495f94bb8f3225ffabc3e33f1f4d71e13c7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
869456055d5ca70ece94cd0075ba978e

SHA1
ebe4ad35b152ad7c5b9f96b7309f0ed1cc598031

SHA256
555d79974c41f8c7b45c63eb7e515004cfbccf19d8099ae24de44e61149bcf48

SHA512
e6c017bf6683ff04af0efbc0bee58b0ec05d45cb34b0dbbe376a65afab7f273f56ae77430d1bd1f8a48c8eac6bb8d70b3f657b32ff7c8e6ef47b5aedf20257d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
22b64bf9b0e0f86c29edcbec3f5563bf

SHA1
64949b537261291749f11fe37aef76feacff21b0

SHA256
e5b25161838b09fed8aa0c94da72c7cafc276aa2dd6f011ab8729593b15b6cd1

SHA512
765e4cfab6424f1cf8734ffba50197534d8977e93761b8df0b68e485c33a97dcf37fdfa62c583bbe3d96b1c57770b0c3051ccf89f5623d4596c2399bc7ee6bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9af0dc553b4f6382716200cd5b8e273

SHA1
7899f622ba0502bc1cc4cc752aae2ee37dcdf730

SHA256
c273465bab737e7e5f7c2e4fcdbcb093eede1861c5d1cea88bcf12a529bfe904

SHA512
27433eee118f9072c3d368e96890e9dbcc47c2f5bd5afa6527d3a8e6bb78fc2fc0d59c4688e18b5e592a0669438ba42a325c1da96c69551f1aeb5396c9e1f63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba5a1ae6537feb77fa34f06c2092f2ed

SHA1
22339aeff35166fcb2a0f73a2381ea539b6699a6

SHA256
f76a68348b02c2820ee02a11e7213446aa28c843cea4c0b3f6a6cb9d73136245

SHA512
0f366cadd7de6b56ed871f5cf9611b0bc93f56ec4a89d3c80b55cd409c77414f9eb3e57d8c466fdff49041d1a3a773295f9fc05c5064f3d6ec9b56298fae8fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c33914b67ce9481d039adaddc0aa3b94

SHA1
4d73219199a302f89edb5671afc98a08c88c38c7

SHA256
79843bd30ed0ef07c2b26cceb222f565a271ab3d705eba3060403e1c504928a4

SHA512
f186462e23feccc8ad6404409203cbeaece905d5333917f9130a49d635684bab778afad19fe765b2ea5c736c44c8b741eaf14b043b6752e2ea5d833137bda8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afb2062183931a947738ea883135603a

SHA1
f9d6e90d0a85db310546a8ee28de82c712a7ce69

SHA256
80fa5b192e3aa2fcc2d3d5c1adcc858b2a69b9076f9d8e80e7175f244a436e80

SHA512
337c2a85551fcfe96b5b8ce1bf328534d6da9159695a5f4df6d86752e651759cdd3a5087f6c6112c0854e0638644c41a1e08c603018e8759d12b60c932d17d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e1c169c611dbc1ac004b10d9a32ce7be

SHA1
924ee4e84642649b6c4b8dff96bc4845742eb52c

SHA256
d418da3eabbea1888c9d31ff59082f0802335e9356ce169adb0ca8993ff577c2

SHA512
04fbb5fb06e2c70a1ad991b6b5f56fa010a9a3693a14264938a74cb35763dc3e37af68e84da3dc3fc194b593380d7ddf02e25b64a24ef89947662d29c2e061d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b2a6.TMP

Filesize
203B

MD5
7c226a0ad711e7586208937a19904b1b

SHA1
6a9dda6a9555c5a32357ed848d1c62ec8ce65fac

SHA256
9429649d012a6878fd9341c00eee0afdd6e36d4932e133eb41ff270c8281fc77

SHA512
83fee4622e856ccdd8ca3bf2bf30a410204dedaf775565791d35215a111130b6788631ecefbc25bb3ada9b2d4ca875d5a201492ef35b60be2afb8ac27d454c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7162423901e8568f272ff63367a3b3ea

SHA1
296ad50651c6187f5209a9c3534b13d9a8b564a0

SHA256
3fd76b61f67ba555ddbfbc30649a70a004ed951345b56cef3ffa8f331051bec1

SHA512
8db1796fd86c323b4299adf301d97b44d67839e08dbb493ff0c0d8571799f171cb42ea1bf6718c0afb3b3187e9e8c9051629c31182c30ae8b2e56c896ae3b531

Download Submit
\??\pipe\LOCAL\crashpad_3636_MTJDUDSNGCUPQORU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit