157ef007542d8f5e5212e20c93bc247f645abe7dc8032e123f0c0ae656c4802b

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9b65ac4d115319e5e16f242b5a4de14_JaffaCakes118.html
Size

2KB
MD5

a9b65ac4d115319e5e16f242b5a4de14
SHA1

b171f9e7f03bcce3fcee5e85c3cf0645e458cdb6
SHA256

157ef007542d8f5e5212e20c93bc247f645abe7dc8032e123f0c0ae656c4802b
SHA512

3f41667a3dd2ddf0db7fecfdb2cf6720fe49530207ea141f6cbcc4b70de4b2367593b80ca67c0dd3796eef79dd59770eefeb9ce5d9ee854f051907cabc3a9cc3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2764	msedge.exe
2764	msedge.exe
3700	identity_helper.exe
3700	identity_helper.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3244	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3244	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 436	2764	msedge.exe	81
PID 2764 wrote to memory of 436	2764	msedge.exe	81
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 844	2764	msedge.exe	82
PID 2764 wrote to memory of 2832	2764	msedge.exe	83
PID 2764 wrote to memory of 2832	2764	msedge.exe	83
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84
PID 2764 wrote to memory of 4264	2764	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a9b65ac4d115319e5e16f242b5a4de14_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb927846f8,0x7ffb92784708,0x7ffb92784718
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3438139925342893791,12683037421224577922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x52c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
815751b83127954ba532d894d6f673de

SHA1
bf6cc698f672fd1bad7ac16230f78984772f6457

SHA256
3755feb93b32551ff307238caa210d213f269bc8520e015bf94ed17fb68dddb5

SHA512
c1aa890da6489ec6427179a67cf48cf47e877f3dd6d9c8bae60560880eb3e79fd768190d0f8755a7836ce964b58916adcbffb17755b4da0919465109bb3b5ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d28da90b037524046f31074f4f066636

SHA1
1bca99e715ae1283572605cf901daad6d6b48095

SHA256
86545c92599427e49eb5c8396a4c34e531e09139a914b970ad316253da717780

SHA512
ce27515cc6b67c7476277017ef1c7a8c7134653d0942d4f41142739f5209d8dc36a58454e31642f65dbbfc5648eb1ddf347ac6f0bcead903bd619e5551800f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a276f814ca7b48964ec1d03daeb2cb17

SHA1
fb885fc1dd13a52c46ff8262fe74662f7622916b

SHA256
8a902bcc7cec54701470bae6ddb63b5ecb80069d4626eba752fc75852b977fd8

SHA512
037fb560e97de1c9ca3486e1f9a2e76fd705d04b7828d038e57010495f5190f4e119ee8e2dc3704c01d9dd8148bda1bc6cc609422e3125747360bf950cda58b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
329c9e3e8c91f056a4804d98fcd7faaf

SHA1
fb40a12b71a0e912f8b5a0aa3680aaf8a36e61ed

SHA256
f998600117d29499b95c2a215efcb577d563f6050789685fad7eb25185d35d91

SHA512
35e9f4b6d62b8664a7550307e129b47428420b8454a90ae8f7bac01adbed757cf914badf9ee05ae92c76cf4b13210559e0f91d1b00ae7294538ed6e17dedc5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ffba87dae1e74d90ba77c9882655eee

SHA1
cca6494e46f0d784993ece9cfa527b39deaa20b9

SHA256
39a8e7c372f0b83af22935ce3724ddf22ea81e4bd293c90ba8e2ee5cc32915b5

SHA512
257c0a7b7daec0c66dae0bec3ada8dcc32302bec96c9ef4e7103281b511e9e2f52d794c2e8df24a4694e777efbf59d4ed62560055486defb1ab32a1b3faa820a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\513d32b4-1ee6-431b-85e9-49fa9b04d656\index-dir\the-real-index

Filesize
2KB

MD5
57b244086d006dca128dd35e1e53e195

SHA1
fac5e52c483d56fa7da939457500259e845be91b

SHA256
e54964df1b961b59ab207dc4257006e0873dedc71d116cbeb30e46ea29be3831

SHA512
48c9a111a662a00e46926c82d2dce0e7bfd93749a75ab398b2d4032bb2e4fcb5fa6c37d2844c7d87cebb262254d9576b30babab6082c69e42c3da54b10fa9a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\513d32b4-1ee6-431b-85e9-49fa9b04d656\index-dir\the-real-index~RFe57acf9.TMP

Filesize
48B

MD5
5dbef609c436957cba4c728f8a58aa5c

SHA1
0eeb44a06c0582192b880d5cdf6892b9abf46642

SHA256
237d13e1a674e24b511f6c17a81cbcc6fa1cdecfec3ce04e75822dbb436b199b

SHA512
faad0d14d2615bfa563607992cb2379cc3651b8fec9d801d451bc422f30b8efd996c6a3f307655dd4430e5e071513766f19bb4c8f1285517803bc5d854d40bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cb40a3f3-df60-47f6-9c0b-3f1378f4984e\index-dir\the-real-index

Filesize
624B

MD5
729a250fd6cfb4047f89c8b95b173088

SHA1
1a01948229037d90c9777b42b937313ca3b3dfcb

SHA256
b3f1439666dbc9d54ca28d5cf3f59fbab572dcc9f11b717ef00644df826950da

SHA512
b6daccd8b46123e574c6823c361917d09f87793ecb9450a256fad84febc0d4fce69a4a161e24660c59ced9643207e99cc3c7a40421c3e9138ee05bed4a5ebf20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cb40a3f3-df60-47f6-9c0b-3f1378f4984e\index-dir\the-real-index~RFe57a70d.TMP

Filesize
48B

MD5
1a102deb3d4d55d7ce528277caf5b419

SHA1
1a7d36a53e7df3a7939f8fb3af965c2da61f8684

SHA256
edc3d2f408015217305c083e6846c7101bb323ded716c2693b1c19670323ce33

SHA512
110a7a01067160267e51821fca545ee9699110f1f7668211cf361d6d4c627d3dc439278e3ebd54861518f4ed21cb63cdb4d605c024ce2ec4cd7ba75c0b723907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ee1dcda461a0f272540375bc843f33ce

SHA1
7647c3f83fc01cd55109d93cface50a8d1b6766d

SHA256
d52bc37b12a1861460fcc859371c33a1363ecd77eef993ad170c36652680f461

SHA512
be9fe3f10b29a42998d7c2c494f1cc80d1ce4ca000e96468efb1932575a56b4b5f1390d32417f6de3de9d28f3709c59e4c55cd8b1cf3667dd147eff7f216a9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
891bee2c89c643e707e771872f0ea7f4

SHA1
7dbafe15b50c36b7e482c5daf5cf210824bbd262

SHA256
c0d89048ba87381ec8b556ba8e1ad5920ae408207646eb2dd599e4ff854746e0

SHA512
97fd0bd38eac494b5f6a3066eb715687b827128a148c7bb1b202b93bcbc6bd5a16dc3ba1ae02702ddab250d712737fc215e3f63a6b4b9709a1eba0d621c1db76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3debd6525014b1aae8b2df3e316c1d8f

SHA1
dec5a8dd724f8c0d0b8197f97063000091da17e8

SHA256
1dc2239b00a01640abb9de9fb01eb214a1ff0252377c52b17d56bb64d7099713

SHA512
5927230a03d2f383a0c9aa9d58f20fa970de376c78bdfd49d359978e6b20ad88a7a44ad422078019b2dfa3a13aaa48bb4813c639da4d6aab0820c67bd0fca13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
7b6f8938ed2f08a0782288151a5a6ee1

SHA1
042eac1502734542c600825bd00bf5d85625c3b5

SHA256
39a979991aa03ee845c324623c0eb18f709edad97dcf3ea6efb00d73c0e1552a

SHA512
9f7aa17ebea3a8b20c7805b23ef6eb2a478a10c55756f7a083e4c37daf6400161be00866ac31333f745adfedd4cbf23694549adc4dbbde6ac17a3a3b9a2ee8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
3569ba0bed50aa5a0f6215d30c3d99f4

SHA1
580c5f9b251553ba1ffd7cb072aca0b82e089ddd

SHA256
bcf54215b0a6c5e9421566c9ac1519652411cdbe45f914e41f0613c526f99b7c

SHA512
c1c420c729aa13de15ba786f320af838c235fe1eabb1dd5445c7b0fa587f56e11648fca1d1048cf9f80c1f093d8cf32019000fecee8935716dfc4a81e4901359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4ff659d139828073d34ff517f9dbc503

SHA1
ed35d0d606a151fa5ea73fee1b98f38a3bae018c

SHA256
71158e5e655d77c8484b3662e049b893c1aac07fdf6eb8e09af4e1039b9aa68d

SHA512
8021f0a3fdc3b0896a947a9815f9d92ddda02ee9d0caeb639c648c0370b02b0f3362721ae6d1498d455eb73a33cd82959d0032ef0edf70319750a8f7c000ba97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579cbd.TMP

Filesize
48B

MD5
351e023abd9e73b969ea39738eacf856

SHA1
2b7ebe899613912b23c048bd43b878f9a6a36d7e

SHA256
b78d84488bcadd419086d7a54cfe1462d615118eb971ec96e470a4c46b8e7e6a

SHA512
ddea0e34a09b91126d0f7f5f06b4a78d008f9b90e02de40a778d373a7ed4ffd389887bb8b909e69d52f75ea2ea3fe3612ec778c94aa7ac843805afeb3858294c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
263562e274a046668f1b138b902bffb2

SHA1
c03fdfb3dd47fe3bcc22d35cde17c55339e822e7

SHA256
20b4ed1a1356e7c3b53ddb36dfec89852b54cdbcf18a57d36a932d9f05580142

SHA512
edafe260ae56eba5866c4d1ef585677bbd34826db3ca2cec650a3f3d7c8fcd2361c83c8325a976de9b9cd112ef26f4d086cc74eaea17e84fd13045afad5bdbc1

Download Submit