82ff429f8a7247627c8b2bd7570127c27623926adb19d96dd80975fb168ee959

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86bd8ef1a15590e52a1f976dd9c7b452_JaffaCakes118.html
Size

68KB
MD5

86bd8ef1a15590e52a1f976dd9c7b452
SHA1

f5f895559e32c4a1357b73d2c26ab399fb92b8da
SHA256

82ff429f8a7247627c8b2bd7570127c27623926adb19d96dd80975fb168ee959
SHA512

fdb6ad8c9f0d796fb35da1e29fb4af6879cd245f0f91bbc87debfd146176d64d2ec50fb22ceea55ceadee21b0f9c721a27edfbeebe33afd5de8180c6ccb361cd
SSDEEP

768:bVktn7dcEEBPvQh7yqI5L5o23SUg0xhJKf+gwhKlISzkIPUPvw/NUtb:8n7dTyqI5LqZQhEBg7IMXw/NUtb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{11D76C98-1CEB-4515-8D6D-ACE8E5AFACE5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
728	msedge.exe
728	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
5948	msedge.exe
5948	msedge.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 3252	728	msedge.exe	84
PID 728 wrote to memory of 3252	728	msedge.exe	84
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 4980	728	msedge.exe	85
PID 728 wrote to memory of 1220	728	msedge.exe	86
PID 728 wrote to memory of 1220	728	msedge.exe	86
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87
PID 728 wrote to memory of 1128	728	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\86bd8ef1a15590e52a1f976dd9c7b452_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe664d46f8,0x7ffe664d4708,0x7ffe664d4718
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7176 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5565679400713924545,1293640342120363023,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
948814650e5af806d858050205205a82

SHA1
5ea4074019eb9fa547d2145fbbf5418bbe9b1f23

SHA256
e7420fed4bf10f613353f15649d33514ffca4818c935500a3b6fe105d3ce9b7a

SHA512
d4508a7ec7e258c453fdf23fa82fd7ed1d015f5f790c90cda448f8ad0d94a0ab875de561027ce33e62fcc39961f3b13ddc4742fb7d16f18cf9039e7588bda61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
be4b4c88f08ec6a137a6c4c2cbad6355

SHA1
c3015880afe469726efa99ddb2a0c6863159c347

SHA256
ff0640af2c09870dd65fc7bba2279645f296571044550c94d41cc6012296e4dd

SHA512
4f765139b7a3ba2aad34c00311209722570c59050642bf126bcdaec83e8e6db186cab47abcab27e85ecd979814508dcc33d40b5a5e8bc52740cdf74a9917bdce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fa4e944d1f83492741bf5abec4ce0e1

SHA1
e5ee24e2cace3c80524bd93e44eb72984d93d63d

SHA256
dfed83c3a0fe136483dd99beccb8790a7f961a5b28658e234efa8501749a1bbc

SHA512
b8b2fe37cbe5edf7a922900ca32572701a8c0af00d17b21ee79bad9000cc0d866eeaddf7cb61df4d0fcd6751a140d504cfeccc858d9548169bf6400e1f039579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b77a2c00ed7e644edf8bda1fd87f33d3

SHA1
456ea59b6c85844b6be23aac297a8bf25c22592a

SHA256
aba7213c40f1e0b9d3c2138ab15817e39ce557853681664198492cbe8eef46d0

SHA512
e66baa38149c2137d7f0eafbdb99a43944ba3ddff3fa0fef674a3069e502665693cdf5178a3f3e53c44baeeb95f90d8095665aebc459e7f3df9a34b466701a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
bc99296fbc0fb6de99994f7b40c2871e

SHA1
1a9da2a750258d51099b68b8f2041ab17c8751fa

SHA256
ef04bc5b60d3d326fa28588e281ade0fbed6d71aa1c58cda856ba832ad25eef0

SHA512
4d6d7dd8255ec8440eb356df84c303de78ea1c8e8a3fa231adc5fa7b8ce465c52baf9e03ea022cc0613ac365fdfb14851a1f4ced87cfa28b87dffc75e87ffc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581b53.TMP

Filesize
48B

MD5
905526ad4bd05cc78e618062b2d532b2

SHA1
11cd06edcba301d3be5d9b8126599cf44978e9b9

SHA256
62324bdc2a9b6815322d0be4bc532a8bce1076c961a8bf8be867dcace4e2e16c

SHA512
da0b07385fdf737689b628c2caf250cae6ab3f6991dcd184af9bdc4f24055f06e846b3ad6c0ccd6982c2d9aee39f58009b2c5fb2cec76a30c0556f2a8b3f7d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
9cea49621a095757c85a47fde6567ec2

SHA1
ab62a8215c56ae5d4cee1e773653e86e3a10679e

SHA256
0143b89516936508b1b145c4d9286fdd8d1b921fcd30f5a150a47160caf45629

SHA512
332ec87b386944c0af145db6fe553e73feb0965c38279478c3069435c900c4b194e2c253be642805a1644db689d6ee3b96c8fec90b943e764e2c11dd4abc647b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f24f.TMP

Filesize
8KB

MD5
0254afdc2da26976c6ff773d2b53f4cb

SHA1
5712d84f1994fdeadd7eb242fa9aea24491e832e

SHA256
acf2ea8a5df34aef70a40817847c17209f1b8cd6925f2d2439893e3978147961

SHA512
21b601f8afe82afe001a75bd91a1956daae173887d4227e6aadef21fbad859d0be5a07f54504cb4c1ff78011e45e2c7903723c272262fdf87f9c200af5fd2659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aaf7081da485dcc725ae86163977f446

SHA1
25ade6e8c38435a4cf6879e2cb6d312c0eb18d85

SHA256
b03f26912ed0ae1f64d7aa0e0df578b0ef69fa13e3991e0ba3799653e8358da8

SHA512
ea82be28a9dc16f4dd3208bfcadcf05757c65cbeaacb18b4e0d7522f790bcf780ca10fa08b028e776c5010161f7b5871bd4b9c80b99e8ace7632c71d6b129649

Download Submit