a67ad6a724e2397a4d1052ea3ced09ca89d7b0317a22628cb4c9f69f4bfe697a

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10e51c8aee3df31aa17be6a39e2fe178_JaffaCakes118.html
Size

96KB
MD5

10e51c8aee3df31aa17be6a39e2fe178
SHA1

6352b6234b2caaa59369d42701c26531389160b5
SHA256

a67ad6a724e2397a4d1052ea3ced09ca89d7b0317a22628cb4c9f69f4bfe697a
SHA512

e2c6411e9d7f2a4f087ff0938948f99b0418b4d64fa615daa72bffd4a2c1b800b7c4f7cb4e8e53c29a8fd2ab6ad39cd08ebe42a61475e75fbaa839099b0accb3
SSDEEP

1536:doHv7sjHy6Pye6/lOvOMpSwLAXNQRcqtW3ZU:doHTQPR8IGMzUmRrtWS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2860750803-256193626-1801997576-1000\{3A9B0881-C720-4BDE-BB89-E1E40A655FDC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2056	msedge.exe
2056	msedge.exe
2644	msedge.exe
2644	msedge.exe
184	msedge.exe
184	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 724	2644	msedge.exe	83
PID 2644 wrote to memory of 724	2644	msedge.exe	83
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2348	2644	msedge.exe	84
PID 2644 wrote to memory of 2056	2644	msedge.exe	85
PID 2644 wrote to memory of 2056	2644	msedge.exe	85
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86
PID 2644 wrote to memory of 2408	2644	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10e51c8aee3df31aa17be6a39e2fe178_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2df146f8,0x7ffa2df14708,0x7ffa2df14718
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12453714981594731297,1198264897438009007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9cf3efa5-2a2c-4a54-b303-746c91b84a72.tmp

Filesize
8KB

MD5
f01304ee029932579f2debf0d37fbacc

SHA1
888f60dd1dcfd97742c4f83b70016bd08ead5661

SHA256
327134e423c3c4d1ac6b808301289f339dde1f609f386fff4eac6e00fc6decec

SHA512
e74b8fd08d8e3b98a39915ebbd4067d2a6f05b98cc2d31c84b2f05c95548fc35a62840ebdb845fb16bc28cbb5df9a1803c029ee3cc2be795c22b490777cd78b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82d43e49377de16f82f3f1fdc38500db

SHA1
33d8133698f0f5d23f4e33538d69a9be37b72bcd

SHA256
459d4d283d6033deeb20d570b5921374b1df57d236c750b4c97e048fca759eae

SHA512
04e80f0118b028ca999c85b422fa77f88593ad920800e1d8db7d699c83ab7af158125278572c86e73cc61d62e60b0321e934f2b72809b1846587cc31d9c1a337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
11e0188ecca55ecdbcceb8b6ff153d7e

SHA1
77efcdfec82ca91178558fca158ff1581b6d0d83

SHA256
a3dc0c2a53e728ad453db1be2183f6e408af986c440df22638772a8a8a72c5d9

SHA512
f96e3fd8635f8a36a93ce33ecfdd938ee3c96355bfc30779cb2563d0c4cba667a11bb94262913078513838a16197ad8887e8b8a87020588082da5b3297f1b76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52ebc048fdf532eeb50602a6d049e26a

SHA1
2cb11b7b066599a769679741a12d1754af3c6e2d

SHA256
18c7ee9111460248cc4c0e8ed63b870bf10bd4fb264c29155aff29747ee0530e

SHA512
983b2d3d4b6e6cd4ea563899337a0a315b752d1cb64c2f5be449add9dda33cd031697cdcaf494553932e44fe78a09ae6b439b2c9fd3aa901c2f15b2fd7949202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bd884e9e7643ee31664f743e8c80290a

SHA1
b57527658094bd09e0b016d9f2fa5eaa3924d917

SHA256
57cb3e031eedcbdd3ea2fa80ff36bd3e93308e2d7cb12c70e11ef9bd9ba0eef6

SHA512
c8e6be4ad879859104f97181ef13b15600867812a178d6f511936000658398adecb827f2289a28d0e20a59661941e38df17a56ac031633e9223dc07635585f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
b4c8188014faebf4f994a177a7e67e29

SHA1
fe5ae79312ee99d0644cd5e24c0f26f5bf0692a9

SHA256
066f0a886262a07555f9ef9716c30c9f8116830351787265a6fae2b560cfceb0

SHA512
809958584b1ae03298951c29e8bb3117d4a8fac6dfc654093a6a83741cf69cb29b0c380d0afb1e0291c266d8974219e91d29600e36954328d44028c97582b80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a77b.TMP

Filesize
48B

MD5
a31eded25251bcb214432bd539dbb28e

SHA1
49083c1752f2bb8c61201b469d64c6b698828917

SHA256
f4a6790a2ccb716949a88d1c8024fe5d904f172f35b53ae661fad358cfe9f397

SHA512
21f4e422784f266a5cd0861e52c4b355dd75b4901f9619fb877e349030c3c46e8a63abad3c4f6db8662f380575c79460e480011136264c5d3bde68f32bd7d1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03d9566e54ae8be852d0cad160091821

SHA1
d56b894b8dea1256a0cfe00baced90e2c7f7f61f

SHA256
21c95f85a299c7870f67fd24e4bd2d1ec7ff1cf9339ba4fe85ff59868cf72ec5

SHA512
958558d32b0d777ed9403615c8d613bd96a938e38972a5f9ddb94d30cac43d133fe9b120e9f48cad28ce66a88a1c64d4764c0fd7592b9945ef4fe8e0c95cc567

Download Submit