ba97ed60147b6dd6fc40a7695b27bf75be02735dd8e48bd9d647eff15e8afdbb

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7eb461a782ac302c01a9c8faa5f9f294_JaffaCakes118.html
Size

5KB
MD5

7eb461a782ac302c01a9c8faa5f9f294
SHA1

06863970ee283049bdf2f2bef7e328d433e53858
SHA256

ba97ed60147b6dd6fc40a7695b27bf75be02735dd8e48bd9d647eff15e8afdbb
SHA512

20b8fbe919c96496279ab25bc9e738a671038015e0ecb8c43f8a5ebe19efabdf59993c328f26650f19c145146e89fe5b1a91c1854f55a73b2cf94da4190b1403
SSDEEP

96:mcnqiuUH8UHfUHdUHEUHAAUHyUHd3i0mFfeAqI1DCZ4m0pPMiguWdeI9:puUcU/U9UkUfUSU9X0tMiguIeI9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
5072	msedge.exe
5072	msedge.exe
3784	identity_helper.exe
3784	identity_helper.exe
5212	msedge.exe
5212	msedge.exe
5212	msedge.exe
5212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1864	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1864	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1780	5072	msedge.exe	83
PID 5072 wrote to memory of 1780	5072	msedge.exe	83
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 4192	5072	msedge.exe	84
PID 5072 wrote to memory of 756	5072	msedge.exe	85
PID 5072 wrote to memory of 756	5072	msedge.exe	85
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86
PID 5072 wrote to memory of 4376	5072	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7eb461a782ac302c01a9c8faa5f9f294_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e846f8,0x7ffea6e84708,0x7ffea6e84718
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14064969627302547593,9080526760265565668,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x4e0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
513855812bd3260035fc429c65c5d3ea

SHA1
e9a5edcf42adb5fc636dc2506a66416501111f8f

SHA256
c3cb6af2367dddfc77ecd2d06af910fecc818a8f0ddeefa37738cc527cd9702e

SHA512
c615fc4e37233237cd02380be416fd7b88f44c68f0508420ac1ab3799ed9b72eb3af3c4d2cdfbac151204ac32ddadbde7dbad891b9f7eb7bf98bd9010197f83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
60508cb69e49b12ef2d9c2a25dc4a2b8

SHA1
e7af296940c7fe899c71a6a58150d836a9b531c1

SHA256
5478e35db71e007355da5a15696948c3de328b6e02798421716ec364161c180a

SHA512
6fa3a5be98a55ae660a0a6a85a172a26ed7789b08b0268e211a315c667296c9ebd662b20c3cda560219eb113e2a47e4e4ba826fc80c212607a976c9551527db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ae74d3a6929721425be67c854386756

SHA1
6de7eb58f27844dc033228cb624578e49a62d7fa

SHA256
fb9e459c758e1594a729fab93df96e7cdfa1315c64e6e89361531638d419cc77

SHA512
34acd23a2f1c3147c610de603065393fad55a93afa0e3ae34b079fd10ef1e6b10df682ebcdf8a6d89695603b9b206e0d29806be1e889c929723af77fc54ec720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a55a56361ba8970d5b459c71783c2aab

SHA1
2a8b50c917fb21c8d16ab2459acf41e7db2fee35

SHA256
e7346f8e14af98e67d0e82c4526f41bda4b7464cb020576c2e8a1fef3c19d774

SHA512
09f3579950fb7af7b320a97e80aa99bb6db3200dc692558683618988d8bb3f1a1e2e7087dd9570854a27362c81b66fe25155e25e21603b7d2280431e128e43ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5cd04e84b0a131a5e2556b62a435cb1bc1ce0ec7\ae6c3a6f-6209-4867-8f16-24ca829ec93a\index-dir\the-real-index

Filesize
72B

MD5
b2ff394b757daed2b72cad0c159e35d9

SHA1
860dc64cfa9a9edcd3c5a5a937fcc6cd5348f1f9

SHA256
62a64d9a28ec8295f73a0d3ce58abd63d06650aa3c9c92097500936f2d63e0c8

SHA512
450865fb220b084f7c12c77b255213e53576b722888b822e7306532841c65b901ae029de9f5abea15f78d3fe4127b3eec9eb8ed7bf099f0c849c13c5302c8f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5cd04e84b0a131a5e2556b62a435cb1bc1ce0ec7\ae6c3a6f-6209-4867-8f16-24ca829ec93a\index-dir\the-real-index~RFe57b90f.TMP

Filesize
48B

MD5
b8a1fe5142eddbc146896bc9a495737a

SHA1
d0e81c23b8ba926e07e452211d932cb85e9f733f

SHA256
2b847220992552d8cad81b65e20382e5539d3eec0c4bb405cd4347e7f3595212

SHA512
85c15255e7fde69803f9edc16bc963e62f919ef706ee5d298e50f9407912f4dbbf5e4854d3f0e8665956f877ee675d5f3bf392f3b18b15f95f5f236d846b5efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5cd04e84b0a131a5e2556b62a435cb1bc1ce0ec7\index.txt

Filesize
88B

MD5
df5c8be25a723c3c10031f55a087b7fa

SHA1
c189a629635deed86d830b982ecdf79ed081858d

SHA256
0194eda619e3e62f649f077d6da24ffe3e32ddf2b725c3c97f0e81e63bee1055

SHA512
6c55e6fe4a6605af4928238a04945a7fef3e05cf59dbf27d76ac00200908e05afa01b7020d2d5222bbcc431357747831e5a41b9c0e275374083c05910193fa30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\5cd04e84b0a131a5e2556b62a435cb1bc1ce0ec7\index.txt~RFe57b93e.TMP

Filesize
93B

MD5
ba575a1082e2e2aec843d069f5fe7283

SHA1
c514915f47b8f4f944353e0f33cced0a79c3f4af

SHA256
f2b4ea5d1c071da8b5a0585c56289b712c4c9dc53f91704f94908cdc9f17ae12

SHA512
be30e00c9eaf781b69919dadbeec1b58b0a7898ec818e85b21b0b8334b13d862b8a7f8fb915b8d55055ec42c659b8b039d6bdf8fb6dd34fbfead2d27c8cb1d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
63d0e343f5bb2cd7f88d7871974f3c1d

SHA1
6601ec304dfac2559ae87f52a7183096e5ee0a1e

SHA256
bf314d7ea0dd27f0b7eef281b5c122ac9d20480ed53103b3496ecb6dc9550629

SHA512
5823fd84e17b51b9a099f839d8612ce69e17bf9d2ff5b8e52432b66defdbcdc33ebd4ba55dcced8f37c09bfe8fb8366c26759a1cf14c7bbd0fe1ab92bd11c30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b8d0.TMP

Filesize
48B

MD5
0e490c77b07c04f62acf7c8684f54a93

SHA1
7bb077146eed6f80162cf185a611b035a1d83f61

SHA256
ee5e35bb4cfa8dc2baf7966e182b235463ade8513f7ba8c9a99f6934230f5f85

SHA512
dad803393ef7d5a1f8c904c8667ef28db9b59360ea268c2bf6b795ffc17cf77c32695366c45b5d49b940806d76bb80f88938fc70d08761af411791d39f45874c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
c0c2f3b47098647a093c4444d98c523d

SHA1
5401df8feb52387bef6e5be46edc65c35093743c

SHA256
5d48281e9cfa62fcfc6928452cb9541d27b12d57e3bc1e2523ce34a81dbc7054

SHA512
05a50713a416ea0f4a648f16be82d5d980728e1aa05618942f10159322e10bba575040e7ae7946d8ea4592b75a6c594e800b0d22807e38f1443c75bb5c696128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
7e4ca6b342faabb6a1254a3cec8175db

SHA1
1691fd5a97c893e3a14b872f1c206aaea4eb9f65

SHA256
829c626e639bff329b7f51d193a4b0bf6b2374db3970296bfdb73158cab6707b

SHA512
5b7c0758afb9fdcc2d60e4f98fac2d15deecbaa40d7b1cb203efc79369bb990cba24277f943856c1e992a7ed99b28aec899600cb9db5f28b1c96f433195bc7ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5879af.TMP

Filesize
537B

MD5
51734cd5c1307bf9aa3665181aee4847

SHA1
be84887b5a14aa73b6a6fe6a099cb894ef054fba

SHA256
1d58f9a0f29021bab3c61a022e44fe20f7db4e21b3257fcd577a05c27f62f829

SHA512
375cacfaa9a7e06ad14a2819a46c4d53e1d028bd3f706d6a66a11c04a76a63b3b6809fa4cc80e21201e81eef3c93ab806c258db56199290ed4ddaf6e5f95f642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17d5cf2719b4790033c91525691032c9

SHA1
f9fe788213ca6b77a10b5af9e92bd7a4b01acc85

SHA256
940aa921b81b57725c3f9a4dc13cd43d6cd0f0a6f633cbafb6b450b17a3f14a8

SHA512
5cccb6e1153b5837d44790dcf9d8d23d867dadbc2f9ec67a54b3d936cab146eea03b636c1d64de89719a3c53326767f8bb2c7912b6fefadc413857f9828fca2b

Download Submit