2291c9740a0c0844de3a59e017663999ec3f07ed0631e8e8363c1be449ae7670

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42d1bf53d7d8696cc4c8cd132df0609b_JaffaCakes118.html
Size

164KB
MD5

42d1bf53d7d8696cc4c8cd132df0609b
SHA1

6f857124c8dd6a29d1cbf002391c33e05fea593e
SHA256

2291c9740a0c0844de3a59e017663999ec3f07ed0631e8e8363c1be449ae7670
SHA512

0c7e91cb49154c6bcb332581797f912d0eb3a496545baf4897c6749624682dfba7a4a29655cb97fd6f4088ecfa74048eeb3478195b53e8e126dba28fe0e17e9c
SSDEEP

3072:WZoyrllJeGvdmoUch0sinxKrf4cLH5B/xI7EMiBF6hl9a:WZoyr3oGvd/004ajxI1HM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
2456	msedge.exe
2456	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3624	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 1068	2456	msedge.exe	82
PID 2456 wrote to memory of 1068	2456	msedge.exe	82
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3772	2456	msedge.exe	83
PID 2456 wrote to memory of 3068	2456	msedge.exe	84
PID 2456 wrote to memory of 3068	2456	msedge.exe	84
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85
PID 2456 wrote to memory of 3324	2456	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\42d1bf53d7d8696cc4c8cd132df0609b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffe346f8,0x7fffffe34708,0x7fffffe34718
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3568 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17467945255409509863,1868521431663228000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
7eec3e0d8c0cc77d7e528fd2d2a713f1

SHA1
e92351c85074e423e9eee9761b305b5f36ce5227

SHA256
4ddb934bd2d93e5540f493acb8a6b8f0e03264f00f8bae20b990b754517c07c5

SHA512
e67e6cccd28b3bb0d7d09ff0d81e902bf6a8dad2858be3bc6189765d4e2ffad200e1c23c368cf0ba18932e0ea223c5f96ac502cf07cf45c13b6489d3c657e827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
db52493ebb999ba8ba953e8e93b2fb4f

SHA1
2e69bc26c9165ef448cf8ac96583eed44fef3823

SHA256
fd0c20af3a17fcb536223da1fcb22b06a72804458595c9261e95a81fa202e149

SHA512
39e2680f252ab846ceb15166691c33ba60ba93684ec040141708f91cd91761f45fb3539b8f7d68e7cbca48ad5c52fa9678ae476890627ab39ce76cf545809b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1b1ed4266cc7621323250fa80b545912

SHA1
2e3d0ece6b16f0e1e952069085ce7b3aeb596e3e

SHA256
0cae5a8ebf8f3a55d395f90e2a1534c1a78d9498c7ff21ec8d609fc730fbdd10

SHA512
b0c8f280b9dc4373bcfd54a6b5edb4f89dc9ec597d64a39ca77e6df15b16d86067176ec1482c3fa63752364e39f024f799bf7411ed53b5538d170c476579adc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6507e66aaa175744eb43335b12656323

SHA1
b09c06581fb921280379daf134720b681a697a6d

SHA256
9f938a3195878ef2cfa919d69d5486dccbe1548ee64bbcc417cda36279df7865

SHA512
e702a91279310a7f5ba2a105b606501ffc1cce976d15c74a3fbf807916f883447bcbe662e3810cc5f41cd2e19df99e81ae1246a0a6b0a8988dd7ff4eb25aed27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15a1423840e82feaa929a2f943eb3089

SHA1
44ea46efd906c12ac1660b0737f85e6411c731ca

SHA256
323e770fb3bd2df585c1a44b9d836d6cc2bdb5df5305ae4a8a65fadee696d134

SHA512
2da51d62a575d21ca5a777230e2af21792922bd7a8aae4809abf360171e7f2dece6710dbd9c5c57c4d49d8c7101a77abe30c31f3c9e48298e6e647a162cdf699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7671c93c-2ab3-4da8-88b1-bbe217b60329\index-dir\the-real-index

Filesize
2KB

MD5
fe79eb4cca257f862c9380f201e20ff6

SHA1
1f224320f4fe3faf8fa653f9d595df77c268c7fd

SHA256
9269ddaf1d6940c4a30c81445349bcf76b9dd56847fdcbfe037a2d6669b880ab

SHA512
3dad1440545049da83366c16d32f2c8d2ac672ab80aa753a11873c486ec0141da5ace027b222188f5ce3e50dd2a293d000377e5707778c04e986602748593b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7671c93c-2ab3-4da8-88b1-bbe217b60329\index-dir\the-real-index~RFe57aad6.TMP

Filesize
48B

MD5
4753f6a18c34ae556deddd09e3930050

SHA1
c766ebb88a1108f85b18dca3e16ec328155a919e

SHA256
07959d4c4ae59d5d8b40c7ddc8ea6baf75f1b9fb87d54999989e4c3e207ecac8

SHA512
99bd1818dc3f2ce6c220c62aaeffd80143d7b2a48a732c8e5ba5b4433edb37fdf35812ec157a87cf1dc95da9cd923602077d02dbd98302729ffaba2f8008ca1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
41b666819217de19e57c2abf0562233d

SHA1
c73ac0b82fa4e3540b0966d21d05b7efe6fc548e

SHA256
7b839b1710c614a725546d56fe032d77294c29ef66f158e413e1b09e754cb4b2

SHA512
05e09d821d7e1f5e34968222397de8070502f5c7f06aad69fdcf76fbd908dc92389af3545122de185b0741cf36a02c63eca1b006bea41b3a5c4c3e89c0f368f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
30d3e471bcee6b13fec6eba0ea5619f6

SHA1
d11e24eb1096ea84d9bbcc96bfbf7700dfbafeaa

SHA256
b6cf71468e2a66687a64a2211e14c2ce90dccc9e65af59cd802ac0c32f78de4c

SHA512
8d11d63aaf89a2552cae9bde7320f0a53ca67cd3e5b7fdcdb181a92dbc34f9c2e7b6e8994d7f5ed791424f291b544b40ce8df2460b90573c059a448e4b65cb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d3708a51f7d811b0a4f27b49fb4bff9e

SHA1
23df4f7370076cf7e1a148cf327b9e3389aafd0b

SHA256
7de2252a1c75afdd186ec593a42a4e10d8b63af7bc9e64ab508bb2492db45f05

SHA512
2f5b5c4e3a3ee1dc97ce4642822d537e301758fe30ad73294fa0091d0dcd574cbab7d8dbbb1851b9efc7454df20cdd38dc6906be11da5f92a9abcb957b355685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575554.TMP

Filesize
89B

MD5
42a70903ca1ca7957934b935759df665

SHA1
34ccf10bc5763c4401ab61eac0ee8ceefa4f113d

SHA256
ed938ba65ed56283069c442f310e8c17185d45c840d5cac9e2a4a01e199bb0d3

SHA512
f27dbe3e1c54eb0c1b23c8c043f0558960d062fa4946c49fbe9bb15aff28a6959bba3049f3a9da538411e3130b5c316c156f69c9314f0a07a79872c51d93609c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d419317e05b7c4320e0231b21f93ad53

SHA1
91261d5c4da8d414a8fee53125ca847cc77bb8e6

SHA256
8eab2db2408486c5a13ff91b4c527e72de25ac8f4dfff8c3a9ebd1530da12e08

SHA512
37e7e9f1aabc8dfaa4e056e2e5b7e069954993ecf8a1ea6e3753d927ddd383deeca5c7c0d2e8256e5b51dc2cb412ead8848f870c0b8a6b8b9aa7f82e9d78fcd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a4cb.TMP

Filesize
48B

MD5
afc23860ffbdd082f541f8f5473a6058

SHA1
598c8c9deacaa42caee51a026c2dc526e283900f

SHA256
a59dd1700b77a9724437f2346ec9243c9c2defb2c4af03e67ebb085a7f04230e

SHA512
f12fd499ce6d57e5c8a20c3dcbc2e8cda96ca7d495b867a41ce61832872346cc47f6fd9eedd1a1bf4ac28f187c509ab8d9bae6dd9eacdb656745eca91f099b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b11d83e9dec65e9647cf5e4bf92f5321

SHA1
75c350fd79850bbc5ad7744aeb79aafd2f227c88

SHA256
929ac6efbbd7786d24c781f96be44cb6897cd576fd5859391697f7cf196610b1

SHA512
243fd7be6ec852492fb0cafd47b984d9f400fe6e6fe4480ae2dc00925eb76fce76211a68d5eabed2d49d0c881c5b1b193d1364d741f8ddd86b9da3f028b1277c

Download Submit