5231f1958b5cbfc6e2a8db0fd2a718a9d00a96f9b2c6b6a8bc508d6f5e0eeb77

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa84ca52f663d653f4b96c1a3bd5b927_JaffaCakes118.html
Size

98KB
MD5

aa84ca52f663d653f4b96c1a3bd5b927
SHA1

fcb8886e9183c94608e98e9f1832e3ac728089d1
SHA256

5231f1958b5cbfc6e2a8db0fd2a718a9d00a96f9b2c6b6a8bc508d6f5e0eeb77
SHA512

0583acddba9981a740f1c5c85206f70b05761dbe09c298c7589cb5f2bfd81c0b009305e9c33f16685d945381a4dbe9f48699e5a53e6b1ab0935a56f7bbdc58c8
SSDEEP

384:W9Z4kBdhxJTM+z88+4YH8B9HDw6OeMQh76mn9T+mnIXnZ8fqypKyUrVz/EHiRLnH:GHR/k5OgOc4g2x4OsaOa2/tQnAGBc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3128	msedge.exe
3128	msedge.exe
4032	identity_helper.exe
4032	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5184	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5184	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 2428	3128	msedge.exe	84
PID 3128 wrote to memory of 2428	3128	msedge.exe	84
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 5012	3128	msedge.exe	85
PID 3128 wrote to memory of 3668	3128	msedge.exe	86
PID 3128 wrote to memory of 3668	3128	msedge.exe	86
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87
PID 3128 wrote to memory of 1588	3128	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa84ca52f663d653f4b96c1a3bd5b927_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff305346f8,0x7fff30534708,0x7fff30534718
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,11969607004016339639,9719980582530125460,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x3dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
bec3d2c5843838fd09e94d6fc51422ab

SHA1
ef1360bc194cdaf2f4a37084efe2543123da2aaf

SHA256
bff8099b9a3de4bcb0840319a919b41b99355f8bb8298b82f61560687a26cdb7

SHA512
9d42e5ef1b2f8cb9b0b0d735037c2f604d6caa695d57778b4b61de6b553c9b0654668f721590329b3616fb89067adc86a49df3dde0e04316c315e4920b5b5546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
68302585c7810954ba215394358972b7

SHA1
4b7b644feb2af9f9e43ae76e4382a5a429d41e67

SHA256
1f5980f03b891dea232a7c6821cec246b6ba8ebaad68424ade00c1a38f4ab34f

SHA512
3dce8449d8a5d70e4495a13a4845380747de72fc91ec2a73e99439139ef5c3d53cccc351d7a3ab79a70aa72d9d737ac224c573a5b39c879a6214e9c6d93b7543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14dd9fa4001fde4a9893540d4e56b5b4

SHA1
65d88079ee081d410ceb3f878dab44ec76344393

SHA256
ef382d78f5ba80ca422047dcd96c9f605a7406a3dfce1f45ab51be22ff56378d

SHA512
cb623b4d6e72cf47f261ea3756e3e48f69ab27adcd77fbfc25f01201a45e16c9bd814543763acd07351d21a50fdd3741b7c7ae81da2d365635956e1ec582de95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec9ccf4a52b7928f4bc96f89d3fab09c

SHA1
272bc519ec80e8efb4e17dafd7a63b8fb00fc9ef

SHA256
dbe42bc9fdb515e06c8948c7c1eda3e13fe6e55f5ea9ca2b3f74700fcc9621f3

SHA512
65dd849a4676707a8577a6dffc769f6a763770dea6bbc0d48605fce2a9f8b4dbf503d6bbe35b0991068882e1627b1cf0444d3a4335b832100f7306aee12a1ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
637cbec181534aea0c06b8192253652b

SHA1
3ab250a5361cfa82756dbf17092019ac486ce400

SHA256
12570721757b600327fefd4e033242718be75c79f08743dc5f8fc179b24a7113

SHA512
5961c2083503d74f9aff7a257a1eb1fdb4e0978127b5f694bfc8e4250e4a25c8c722c9c10d468fdaf14e8c5d53b1e55a5f4a2c78ee4e2ac6418c0a8add749755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b29af8ae-4d9d-413c-91fe-b49baa7110a9\index-dir\the-real-index

Filesize
2KB

MD5
a8cab883af1972fb24bf022855982022

SHA1
5c8a300a426ee45165c2c60d456a73ee8c3e6095

SHA256
9cdc716acc1d78cce62e8acae18129447c27def13b923f7c3e36e337374cc2ad

SHA512
e443fe1da46069535fb5eb60e4998ab504cea6df9f33ebcf4aa908cca77ac25b39f7eedf13bba6cb88a4f0aa6fcb47594ae8141aadec840188bf144c1311c9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b29af8ae-4d9d-413c-91fe-b49baa7110a9\index-dir\the-real-index~RFe580e05.TMP

Filesize
48B

MD5
8b31a3abc98ce02e566c56ea52539685

SHA1
65af20ad86ac4de876ce5d3f453bca0d746b4135

SHA256
c832392d3477fcc9df0e8cdd3f3c69502ada37a36e3802d58b93d967cd8f3b44

SHA512
2a87c68651a0647e4860b9a5f5dd74ab2ec3d73c8da7a0a69c1e9eda98039d4d01fd96f20d3b7864de7ab10fd5bb8b7087991c3e46f0bb204b7030b66455e723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
472f6cb17d4cc87e0cff9240388d170b

SHA1
47f5d842879d6c9a203024c3a3f3227706bafcf1

SHA256
3bccc64f1849192d222afa4c5e76caab9b37c22242a963cbebe668685ff9f446

SHA512
0b71546763f47927e1f7aa424c777a763e54a0131effefdcf7e25865498299e1589996ea4b72a07f9f1d17de7aaebc699c79462561bf808eeac75782afda1eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5edbae8300e6a09d7d7209a6fd4a582e

SHA1
14dc6102301b60f9af349f92e5b4ad41ba0303ae

SHA256
feafafa76ba00f928fd08940f7a4a75f44e3177bac2f8b59598c7df5b2b3e1e5

SHA512
5f657b150472f03411c37e4ba4d608e429e46448b3d4742b9d29d12ee269ed9c864b1126aefa63a3c703c6f2b90bda081a7a1cbc42a9c6395b6d8844addbe6c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
9e9d3ff9996c7a78bca559789ca31c71

SHA1
4448831effb94b66834e028517d137907880073f

SHA256
a5cb488de0409c69b2351beee06ab05c5f8412d3e7072dc57a6bd04d39e6c38b

SHA512
3885103a2ea87657393d4dbc479b7fabe87f6bfeda166b4b87815476a3ee34f918190254304a25425c5d547ae43ded9bb578a8d65f0cd3b5f1c9a3a7589be283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
cc83fdf132e61afd2868b3bd0ba36eb2

SHA1
532e8c7685229ae7b245d34ead56749e0d4f6e5b

SHA256
83b12115bbbe8b56c06bca8ab5a38f9bc6bfee9b56244f58373fd98b8a23a3d5

SHA512
f7e1a9ec6df5a6c7e5be557cad4c621c27826ee331fcaee7207cb39eb34b090678b23ddd608dc506cd08c3c3bb31aad3f91a69f394769210600efbadfa2acd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f9b3741530058236ad11871f8aef89c6

SHA1
bf0368bc85028d26b392e53ccd9ad57b96589d91

SHA256
867b1b666e650328a6cf1290d2b5521e6c79d7f6fc23c369f7c74a3eb904fc2b

SHA512
8df711b2e21f46546f773b4953e0ba6cdfba06bc88d8aa2bcaefc9fca09caed756712c97c39ff88787abd3ad2e93c40f4c8a2a3875fd32df4bc53f5d7e112a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58074e.TMP

Filesize
48B

MD5
c9cb9c62bdd2f5c928fb28939848d764

SHA1
b0cd2d89c50dd5c036682fbbd83ad7ad33aa62cc

SHA256
d26ec03b019537f75ae02465149ebc471ff74d6ed420f279c6db73727a42a6bf

SHA512
63a7ca38d80e1078fc4dc7a957f5af34843e360f159fc46dd19d30d7af7d328aa3ced475076c768ed3e661329559090478f9b9bfa376265ae498cf1caf8bd68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b3c8054c91c8377834a652d781901cb

SHA1
3fa464f1d940882e794443a3208d9dc0deda6a7d

SHA256
3dff9da0622a6d198cc7ebda2f28440cc380605115bc712ec2fa6da2fb6d1d45

SHA512
9a9d34c20695f587fb0f3d1e24b2186f7f94fcf3b1318a9642d610e80b6884fe425c6fcf7a2cc9d4a93c97ad3237ba62343f901d084f181c0f676b8761ad4b57

Download Submit