hxxps://www[.]cakeresume[.]com/search?ref=resume_pdf&utm_content=sara-5e3ed9&utm_medium=pdf&utm_source=resume

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2023, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.cakeresume.com/search?ref=resume_pdf&utm_content=sara-5e3ed9&utm_medium=pdf&utm_source=resume

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-618519468-4027732583-1827558364-1000\{ECE7055A-0ECE-4A21-8450-1EDAF2D2E01B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
404	msedge.exe
404	msedge.exe
500	msedge.exe
4928	msedge.exe
4928	msedge.exe
488	identity_helper.exe
488	identity_helper.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 1160	404	msedge.exe	81
PID 404 wrote to memory of 1160	404	msedge.exe	81
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 4976	404	msedge.exe	83
PID 404 wrote to memory of 2936	404	msedge.exe	82
PID 404 wrote to memory of 2936	404	msedge.exe	82
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84
PID 404 wrote to memory of 4776	404	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cakeresume.com/search?ref=resume_pdf&utm_content=sara-5e3ed9&utm_medium=pdf&utm_source=resume
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04fd46f8,0x7ffc04fd4708,0x7ffc04fd4718
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1886191024119002797,429704977793774872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x388
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3b289d795d22158152f21932a80f0146

SHA1
4bdfd9c91bf1f02f06f58e732ead2de64bd3b2ba

SHA256
0950f2d65d3063afa2b8af6e6ac0024472b97582cc18afc3872234e870cdd1ad

SHA512
fcba53694bb925ddf41892e20b3fd45d3cf76b83e31bc9a355ef8c837f3e64abe2a135629395ffedffa9bbd744659efc510ffe2de64a14bda6201be6ef62a965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96aa2a821816d0da2e368394eccc521e

SHA1
7ce5cf6d50ebff820e1d1945ac4835a29fc6d0e4

SHA256
06f22d7147797daeeea31cd495e82c4c50083c1ea56ed991cfb8a98c340e239f

SHA512
2bd587df28f62c1008da1e44d04a005b84952652904f5e6c016306e29e9d7c40b5935eb1fcb61f63fcd76b335bd122565a065871804fceac651128b710f29d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3df91d07b55d6f7998f27bfc055ff300

SHA1
f978703187d9b0da5670dbd71f5c9ccbcabf8660

SHA256
257c15bb7f24c89e7d5450faa5a5750a3235b7058fa8cd3d803f3068e9b681df

SHA512
5d88ac966e0dc2c73a229413429070875aa064756173eda14cf9fdb7bf84ab3293d6eabf900f7788dd155b3a6418e1358c49322fce9175acd3b1a74ae4fa949e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19df28856e5b4e65d33249ca8fbcd38b

SHA1
55d77425029f5b27c8b74d8d1f7a17ab36e9eff1

SHA256
c238064bb9ac6c5ca936d36ad5120f89d5f7c54ca66f40371702834922a6ba86

SHA512
0230662e06a2fe04d9bb1c61e9a5be987a99648a8a3c022c0da9a9c3d811fe8e296cbaa84de136e949285e976a820a97e2ecc182ba41e01467b1140f45f52a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
662b8889c149995606d966ad7744b4cb

SHA1
efb6af01dbb312c6afa6c98a4f91abed7626b5c9

SHA256
c65609f6536a0d4dc89f5613c53edc8081742901e8cce9d0f11ba881b7068a39

SHA512
169c5324cb63eff9f138a9a5ae71eaebbfcafdb033dbf922879c3b22816ca4d90cea81661dcdbb2a11896d7f4404a07c9312fe1baf2d8817ffad71a8467d75f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b04b69058289e5136d7a7c617cf40bbd

SHA1
0f372aedcd1b86f35efd0f0e3548beb5241f37c0

SHA256
9e3d57123fe46d43684b695960bf28451d8045391061056e9065b1b316cd8de0

SHA512
5a92e3a1f2426b55628a1917a0dcb2a156606549b52247db5e70e010832ddf30b7eb813c9963b8ab150fa350f1b13c133b3226d254f8bb56e50f2ab932b98727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c572ee3f431e65427223367ac2fff565

SHA1
cdf17783fae0ca749fcff3e8e4199b71910ebf65

SHA256
c41f40d33735074dda34c09defa2bdde77a1c858124e3e24a2c35bb4568763ec

SHA512
403f459197ce272182539cbad4bc44b45c94d16b85b0cb32ac94fe04cadb6b33f4067aa91da84715d58b04d69250ae07d9b1e3f33011b2b24fd764f90c73a98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ee29.TMP

Filesize
48B

MD5
e9deb1c422619480ad52edfea12b4ced

SHA1
15c43612b51e2864764d1f29a24f6aac13dad3b5

SHA256
40a80e9d18f0eeed782bc7342171a1c5cd58b00350eefafd7c77844ab32e8848

SHA512
958f39f38c3c40cd94059710c34d220b2b0526d9934e871fea7a366d7b4f7f6f5057b3e2e7d5b0227611e3855bc889a99eb547099425dc5fa6a6a0de6de2c040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77b8c023edfa0e18f70c37f408ac92f1

SHA1
4e144c9d9acb85fb4870aade2bf041eaf0ee638f

SHA256
04c558538a00cb1c8df4544ae221f568c9f4dc93cde92edf4fe31b9b379d733b

SHA512
26d9ac0d228123be94ae6bd889d4207e62ef8a9701643023f87dd8a00f4f365970cca59490d7bfe73417e4ee0a937bc3e1af3e6d3ef5bb0aad62ab72eb28bb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c6da.TMP

Filesize
1KB

MD5
d73eb737fdf9e5230f9cdec2073f9322

SHA1
ad7ca6e3ad399d30cd1732c3cf3f10d85b1a73f3

SHA256
209cccc85840227e00192096d6c69e1d328ec22cc84ad522121ebd52d22a4c12

SHA512
2be44cdba1b5b2819e328c3e97576eef29fa6662cf9d99271412fcb95dd60afb4c1e6d13170e397cdbc5dd9ada0d34aa9ca9bb04f3d68383c2459092949ea6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b7f0c5dc72b2f07e29e6086366eec1b

SHA1
4160fc584893cb437d60e89cfbcb3b030a3c9bd4

SHA256
34de7606255ad0fda4c332b235dc6188390f7f58733431db83326e2cf029b2b8

SHA512
03870a13700f46da5d0e37222054a1d1487117740efbe6e9b414140a72b63c6ab207156dcde32541d4e0b5844a683257f2d2484dc4b3d83c437b191713ad8767

Download Submit