1c3e80a282e2a8ed7a74f0b1441b4811047f3e4689fff44e53f8348cba5c8732

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 20:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dee17ceab7547a9f8626b96ccd25384c_JaffaCakes118.html
Size

42KB
MD5

dee17ceab7547a9f8626b96ccd25384c
SHA1

bd09bb0387bc9df7ed4ebeca0ef28830cf5ab315
SHA256

1c3e80a282e2a8ed7a74f0b1441b4811047f3e4689fff44e53f8348cba5c8732
SHA512

9e142f15438ae52a3ff2a71ee38f79f8c8be08dba6edb199558ac874bb051e92dd394fde3783d8c6f8f2107f3a3fc59320d323c25d37e52b5877d27490ff92d9
SSDEEP

768:DpROQzeTVRP2BpBL0kTckkerrYsLtDxCDKp5ZCH1CNszfsrcwfCYj5RjrKZKOWad:1R36ApBzTckke5xfQY0Ug6x5AKOtUwT7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
4712	identity_helper.exe
4712	identity_helper.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4404	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4404	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 4460	1128	msedge.exe	83
PID 1128 wrote to memory of 4460	1128	msedge.exe	83
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4784	1128	msedge.exe	84
PID 1128 wrote to memory of 4112	1128	msedge.exe	85
PID 1128 wrote to memory of 4112	1128	msedge.exe	85
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86
PID 1128 wrote to memory of 2896	1128	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dee17ceab7547a9f8626b96ccd25384c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81a2946f8,0x7ff81a294708,0x7ff81a294718
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2040 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17781932479794213846,6584915179604116318,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
245302514367bb4f391fbe11b8113c42

SHA1
e5cfc7b0703a0ef099755b4a6978982ad0d02f09

SHA256
0c4a7baa41cbaae0186cc15e009f0c13c16ae2e118adab9597f467991cc1b1dd

SHA512
2966055280dbc5681caaa163df8dd474617fccd0a9c089cb90249418516f56e6e986fcdbab688c2b9fbba43f17c575ee2f418e4be8963fa16a9b325723812036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
143251628e0dfcb01b5653f06c8747c4

SHA1
34781d11012885c91a6499b03add0fd2d4a78c4f

SHA256
7cbe2fb80f0e37bde74a2cd00c922586393b121a46e32f75f65ff68a157cead6

SHA512
4f97fef2d54510ed0e80e7b1e20b4dc794019998a6df9099b525ad81ce93f4695d9971b27a04472949f0cf710b0e62d72e7d932b5c29f514984d4373d2cce2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eda12f5d5d71d3ac3bafe07239aef2d5

SHA1
1085adae04535b584ff28f32c53d707064922c8c

SHA256
2d6c6c2bf4c7bd828b6bb569bbd35509ed4fc18c50740fa55e385f53f428768c

SHA512
c34f18d292fb75f45469b638cdcb2449302167ffd60c7343b1ab953a3d077f3c59175b6066dbe40438d3cdf8c1dfa8d498cf998dbdf6d0b7a9ca1ae3aa9ee02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c06689d6922d203c978a7be3b39c40dc

SHA1
5037ec4f6da791baec512f3f13e73170e936d73d

SHA256
6b57e0a029cb294d64ac5c8b1f99e077832af820840f60c6162dec7774a9bd60

SHA512
06fdf0b129581bf1413a4d9a0bbfe144bc8bf3818d45b75db8edda843834b372ce37ac8612fa7397eabeb492da9672c39c3b8e44a7221e42dbff300e91ca4a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0541fab50f83da610d9b9faa15d7bcea

SHA1
77bc311e4f2288eef39cbc47cae420765fa63103

SHA256
15443599da0648062c021f5187652a875cb3a011790598d60abe924383ddbd42

SHA512
5b3a41d47ba089683817e7c55ca37524b0b8b0358deb67b88b86533a1a591372ec1b201e1c9f02eced6feaeaf44551d27942b19913b1fe26a0dd4b471bce4986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0e4efd5f29c26a7bfe2d9deb99a50d5

SHA1
10539a36e5deb01da7a8c55bf11a21e9c737f412

SHA256
1569ce436b9b0f98a44f81b2025a5ecf3786d9fa43b95dace3d8ab45324f259d

SHA512
d536e4282ecc6ad37725f4471c0f212c70a46f60586d0237a1d44a614f345bec97c16c9bef263b71f8306fa4aba8ba47bbb3794ec12d7d9f1f47550799f1dc50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\33912eb7-0fc6-4ceb-a6e0-8742c32ba497\index-dir\the-real-index

Filesize
2KB

MD5
6f21161497ec1c1945d17ed0d92703fc

SHA1
99c399006a274ff2841cbd6207b8afb1764c2dd0

SHA256
6474b5f1679cc88ebf71cffd61ec6dae8dba9c6a596beeac16b489868f66d1f7

SHA512
f68a99512b02834607816ad08aa284c3e3267d82cf4946f8b411dc876d855df005300447f57d0b09f2e87adc660e68fcdc7c48711aa7906efad6ff2749069414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\33912eb7-0fc6-4ceb-a6e0-8742c32ba497\index-dir\the-real-index~RFe58dd8a.TMP

Filesize
48B

MD5
2653045946f65d7e3baa0ea65be5c668

SHA1
bb03ecdba00ae2545101d798b54acf44f66f519f

SHA256
7e892e819cf578f52e0f4ff6d72aad77f2ffacfe40ff4b17b112418a508c3ab3

SHA512
d538d8e71450e6b18d538cc471bbf0a78d361a9d240199badc3341d919cbf81662c45f0c297c51e34d46cd15ab5e60b3d546840cd03b16dbf0719df7b29f823b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
fda7d3c3f543af6400b1b90fd8c2f3e0

SHA1
2402813a259896f9f975ffa8a49e6aa624bd77e6

SHA256
6e07c687b1f36f7b4da03cd9d34f42643c597c7059846393aa5c6214aca40443

SHA512
d48620277c29f3f095ba857ace9a8f76a7a21d6703997f86ac209975f85e371b98fff494cc6872a32ef1cc275938f7c920d3b8aedb0a990f006732c8992426a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5d576ff9f0f935e0ca8b5737fbc17e4d

SHA1
2581f38746992d082deb2db8b93571d957a007b0

SHA256
82a65b8f05169c5c40dcfcc973f0e3c20371f3ae54fbaf1783f2978b7e65e1ce

SHA512
22608e8b0d93ebdabf9dc59f9b18a8433f49ca8a6c4636ebe05dc4982ab6b03214ddc2b13fd2612a5a4938a3daecfc499c28c32b19d7464ca670ec966dbdf84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
84B

MD5
bc805b4e65246cc752c661affb6073cd

SHA1
33994604db724083b3a341cb9c09ba16269cd92e

SHA256
86785b10696ee87836cf806ec7eff15fbb33f612a441d9bdbeb3575a12e1c361

SHA512
b466ecb2f1e5f5cc9db4654c3df90879084222c2b86afc6914129e0221b24d3678b26669841991f53570ce58c34136256803438d5d3993ed3b3a0b9fa5e38c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5887e8.TMP

Filesize
89B

MD5
979fbe89df1c61f5a3e07219c43f75e4

SHA1
7c9986929e45a7f04ca8390c2a91092c7238754f

SHA256
63160722ab92d7e97907fdfe42bff9bb574e01fe0fac4cef7a4e90edbb053acf

SHA512
61cc36e0dd808ec16be56778981df9735ed33eefc9f358c3135e618295639d59214621fe17aafc70df530a55b0b8a8a9e2e3e0844435cffcb2af0926e14748fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1c67faa92ec2911fcf73470137eb70c2

SHA1
98b0422c38797fe238dd9ca7ebd5fe1cf4703f1c

SHA256
7aaf8b34895eb2a316a84b3a24a55f0efe2d6c8df49c9dd5b01974ec1d8fc0f0

SHA512
5f11116ffd6a194d21162407591bf653563a133f9ad450f24a6c21b2fb353d4309ef5dfa4f836c4a28a80a6bc04ca8942bb9da5af2212a5983781b598b4b9e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d740.TMP

Filesize
48B

MD5
fa852b1ec3418eb2a1d860fcb82507a4

SHA1
beffeaa840d4a2d5aca7d14be74df4cc51acbfc2

SHA256
c5bc5982369d3d36915524cf1ef337ad6f7926cc2d83d3863567e8e0e2ebfcc9

SHA512
cd967b008538b1553d28fbd21f64bc2f35f674bc57297c2f644fb168cb87ad3195eb135713c450496070db287310808f36816398bd6a33ab6e9b57dcb282d642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6581c585b14138dd0c3f23584975a1a5

SHA1
4260dfd342d01f43fe4f3655a6d831504c33ee5f

SHA256
6f7a64e24149c16d16d659cbe62f3ecd9de02c6116b418e0565e3448dc9832a5

SHA512
01d973721a2b04730d4f76cef1463553d135bdd9506c07ce227273c567885dbf96bf45fba702393a06da6411fbb40f1e559e20716a07762e1b61a130b02168c5

Download Submit