ddc76150ecba5484280adc7a3dbadad85b3fcc86cae7afb41093157f0d836f9e

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f63b8512c8cda0eedce3357013d083d8_JaffaCakes118.html
Size

57KB
MD5

f63b8512c8cda0eedce3357013d083d8
SHA1

5f21b5081935b0735afbfc207c66b41aba67d02c
SHA256

ddc76150ecba5484280adc7a3dbadad85b3fcc86cae7afb41093157f0d836f9e
SHA512

c71406519972a7525efddf0557fa5f315cb1701539ebb6564a0d99026b3569f35301eb923e13e23859644d8abdf133a53f010ef68215c09994b2df002bb23001
SSDEEP

1536:ijEQvK8OPHdsA1o2vgyHJv0owbd6zKD6CDK2RVroDuwpDK2RVy:ijnOPHdsR2vgyHJutDK2RVroDuwpDK2m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
4636	msedge.exe
4636	msedge.exe
1596	identity_helper.exe
1596	identity_helper.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 3988	4636	msedge.exe	88
PID 4636 wrote to memory of 3988	4636	msedge.exe	88
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3448	4636	msedge.exe	89
PID 4636 wrote to memory of 3380	4636	msedge.exe	90
PID 4636 wrote to memory of 3380	4636	msedge.exe	90
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91
PID 4636 wrote to memory of 1940	4636	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f63b8512c8cda0eedce3357013d083d8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdbe946f8,0x7ffcdbe94708,0x7ffcdbe94718
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1290277673624469,214141828737034241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
da6f9bcc1808d2e08872d6081363a728

SHA1
a049802ef2f21deabef2598a80cdd6e5015c83df

SHA256
76be6411873f46f49e142c049652717963610f48818aef2ce38ee4294e422f01

SHA512
e1820057d173018acba147b8b1d15ad7109d62026d8c6c622c2e0b2f240707c3d5e5b12d7626263a43c0cba6d0a47f933d53793fba133ff9c6542a667db6a3e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
b09cd1304e2e2c8075dff309c74a0810

SHA1
247e70f02d25ec02b882c346e4cda294798e3497

SHA256
278b55c19612e9ac0ac8cf918bcf39ca754a8f8caa0ec2dd0431766d5d78d2f9

SHA512
05fe73cb0b6f1460852a8457baca160363f9abc6ba1a77ee3936b94c630ff6adf9926202db393543a891386f759535af7f17b60b200988187770a74a5f8e575d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d366e3d7d89c1b9953bb6305bcb3711

SHA1
48d331cd62e0b593ffb9431f16d4165405c6aa71

SHA256
a27c8d7b04090298d204233c69df50ae42379ab15eada8b587ffd4183decb55d

SHA512
40594dd3e3060fc0e02c951ca8fab201390a034b8788185e87ad286add9f8358920ed3164b74a37906a90a7b2bc736ffb71ae6a935b43189d533c87fd914983c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b19a15e538444c3ab32ba757fbd6ba64

SHA1
1ee6f79bc6839f05df3d1f743d056e5decae0e5d

SHA256
72fa4811a00dd9b99f71034f4c82237a3ed35612d16645262315c578d104aae8

SHA512
dab805d729c2b7b0f202ae1abc02f8c55a4d0f334b2e9d124fb9984acdcf5dfc378534a51fcaed209fdf3f9b8f43d653d8fc555bb8d784ec13bf155ae91e8515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
a76d8072e1ebcfa3cd707e0d00b39922

SHA1
3f0ab893e7e9fc45d52edc66a7902828dcbaf22c

SHA256
00742744d125406d9ddd537bdab02ce02a44c80021576624ed87aa2fe047af08

SHA512
bb9d6f248e9e55a50b4cb672110301c0104fe03fa3b1571e735991d6ef73b610f2947851747cae4d8391e000c70e30d25c577591b3bf3b664dfc50502e48f40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57da52.TMP

Filesize
48B

MD5
a4fbbb10716577e5abd4f3a06ea7e908

SHA1
382e4e3a40e46e38fe0085a80454339f2bdd9bd7

SHA256
a8dd3ba16188fe19b0735a65cecf0c9cb7ffe7530a89a89ab32ef0af28c75ecf

SHA512
f8827a7a8feda5acf84b26087ba3cbee3f3e63944f870f5ace66f299dbe5cdcc520415ae27c99a25b2d3668280e2d38a815263017ee91480362e7dc810964640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
e01af3f9f46e0342dad9c0887faf3751

SHA1
79ca43a3e9e3cfbbc4c219ea2540b81fb633e6b8

SHA256
4d76aebc45e95cbe9a2c6f8d1bfac959cab1ffd1532a2a03d6fb365309f11675

SHA512
55feb7fc83c96d99e487adff0417816523feeb486089997a2bda322bfed1f6f348a39577585fecaee4ae69941cb2e339b9e703afe3707b69b0edd19dc35203a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd74.TMP

Filesize
8KB

MD5
8188b2ef769449f7e0ce0f8df41c97b8

SHA1
f891523c84c58e8d4fb34b10e92aebbce8f0e87a

SHA256
de188370823f34e14d5349e022f1e81850a54353ee952410631ea9d74baa1710

SHA512
e2c0e1f77f7d9d8cb3bff66a071a59265193d5781778805d4d59600b14df417ba0bb2029c59e1c84b6a36323398b17b38d9d83aeee813e175736268b9c9fc84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce5a45f97f1f44f2df164a63f7ad798f

SHA1
1bfa1992549f07f5c50f10179ff7f5cb12cbc199

SHA256
b1764769a07b1ed90975092d03f1c44b77ce6afaa5a1e37378ba4cef7a5bf671

SHA512
c83bd7646814812a8b7d0ae12f13ae6d6579b5d1b6303f47a932c646b7d23121bf5e3e40b096c645603a94478af129b9a421685d32539775fb7e358f7957ce5e

Download Submit