6388289d969f97088f7f65ff331d2d0641600dc211ebd05a6d24bfceb082ba3e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f4681847faf37dd4a2152cde7adab35_JaffaCakes118.html
Size

110KB
MD5

2f4681847faf37dd4a2152cde7adab35
SHA1

5986f609a349d258aabff41a3beab3f18baea482
SHA256

6388289d969f97088f7f65ff331d2d0641600dc211ebd05a6d24bfceb082ba3e
SHA512

31719d61d3ea33e5eac0493890fe149d1c9004a83215dc74eba27c4167b8969122c79776d3b25cc6c49c650c51120458237de7dff974c31f5d1518732d1bdfff
SSDEEP

1536:josot9sz93x+ynyjlmT3DsKx394yn/jlmKYDaSuIAZBwSm:j+yxMj+XxBjTrIAZ6Sm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
3388	msedge.exe
3388	msedge.exe
3624	identity_helper.exe
3624	identity_helper.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 5080	3388	msedge.exe	83
PID 3388 wrote to memory of 5080	3388	msedge.exe	83
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 4160	3388	msedge.exe	84
PID 3388 wrote to memory of 2696	3388	msedge.exe	85
PID 3388 wrote to memory of 2696	3388	msedge.exe	85
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86
PID 3388 wrote to memory of 5076	3388	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f4681847faf37dd4a2152cde7adab35_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11918091820161826066,4234248777082998555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
29KB

MD5
1f3b16a3f1112ac7a42e997bd0c5f2af

SHA1
3deea46afa69685078ca51e39867f9c00b60e29c

SHA256
1f8da4b3e5d8b0e26fab1e5b391330892dbfcea6c6561049c7590aedfc26ed16

SHA512
3848ee4cfa867ac5d1ad185559dfb7c3e4a6bec384467729a67164d293be8474e2d180eeac28600e1d60837240894637a539aad7492e5a30831c3995fdb1ff78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
d3c0ccf4dae3bed61b9544ad145ca82f

SHA1
6e729c7b48ffe3db7db9b5ee438f3bae7b67eb13

SHA256
f79de53b8bb29a13f3e2eb7b4c61f267ddc66e94f4890cdbee67e7b2b1e8b1ae

SHA512
04cd63d78fcca1bef480c82d5d3e6afa94e5fee8543fdfe680046f8b7884c87c47a33cbf015998c3418b3c840b67a80f33acfc1e9de92d6f82946df84ca24e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
18KB

MD5
844dd813e266d90fc010747f6edf9b4f

SHA1
6bb8dbe238a0196e3482fae7040c87a1b8443181

SHA256
456017be1dbc830647e96ab35ff078db4cd62474c79be9fa948428a79c877289

SHA512
c456a75ce6f36a5a6164f9bc1b414691fb6a55c6ed8209a9014491f9989e8b8a90e2167e7be0e782f9764dfffe04c7424b73b47f456ad54f284db81751590502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
30KB

MD5
62ec39313d9f3823878d8d2b9c140fa2

SHA1
26bed26a8f8fee9c86bedebddd8c8f5b47d4e98f

SHA256
63463320098f6d54fa4cdc74e1cc81756f6995a27d8f5748a1275016077e155a

SHA512
b2d7f558a593d0cbd6a146344d25b4974cab2194ce90682aebf337223411b3cfdddb100da45122bb7164f145740b18404632b3782d3ba0725def74f9a2ef9fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
47KB

MD5
2ffffbf0a569ca29ea4251ac6fce36e3

SHA1
d2ee5651d515be2b4da6ef1e8ce7d848958c3ffd

SHA256
89d54b4f7790688c160cb2dad03d3cd3150f3efdb3545fef412b2dd1d97bc4e9

SHA512
68a8e01d5a14f88224b8869b5d3546f55a820983290f4df6cf8026481b810ee110bfc142ab5cb999c03af775c9b03e65134828fe2e6e46730976c7c8e7efa4fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
fa8434e6c86c6c5c8045263f984f505b

SHA1
d63397bfe85ec01ee96482d81a932eafacab2514

SHA256
9778f7cdfe5a07a3640931596cebc3b18d1ecef586f0e8a851fd52e3b9310a3c

SHA512
18a7a2ce14ac1803b0d733de573179ca840f76e48e25c1e515b86ecf59829e4e5b87ce1a78daf2f86c8d84ce3d05516853b68815f3e0fee0048a22670bb04c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
721B

MD5
8fee2603a523e9b791bd3ca75b4750e7

SHA1
236f09d4bb9927b7b510f14e9aa8d71a508c4647

SHA256
3de2d665fbc4f25c7c875bd402e5847f71aebdec9b498947ef73c27527863f39

SHA512
4e1e4c029281bdf5fbcda6b1ff2b697e5bc8d57b0df370a98f52cc597c5d9fec267aa7c2d46595bad167c882c3e79b04ef796af767da1cc6a42db65e3a80fe05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
648B

MD5
b044c568e88bd4fd54b59c885414f7c2

SHA1
87add397f3b4fda8c2489e79772c460bf1a4ff09

SHA256
6b108413c743011c23a6ddf7c73f238cfc0a5ef16acce9f31e356f7e38b77ab8

SHA512
956ee339662d74e21f1a512de87e99c5b58b238bac4c447918b67d789d532d7734703dad6875366c17c68baa851574749b94519bfd60ad814dfe187cc726beda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b4ec711b71e384507c4b73ea220ee18

SHA1
edd8aa08a2c90df0db22dedd468cf82528e9417a

SHA256
d55bc16e08106184f2373b12f960a577de3f536af29c0dd1f98d4dc3e68c2579

SHA512
6e4f0d28d7c7c9e2f2dbb4d998278b7799103b97ab9fdcd3fc33d4c12e6b83ebcc6bcbed65c595f386e87e6ba91d7f18dd6499ae94d67021fa6a72318f548f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e4f05228011cc7b32c9ddf864076a1d

SHA1
396d9c2b84252128d4fd6aaa3cf662d6a41d4018

SHA256
195fec902e55b237ae54177050fda4d4a8383a53da1457738964270a40f3892a

SHA512
ce563c74d509c21a7992a1210022aeb54d21fcd04f53d185db18abb8e45567ecdf19729459e77f39cd676277d822e5f5dfc408b4d343b9fa091f7c023d72e7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3ec204c3f41cfa92b62096b47a8d246

SHA1
3f70c5b687934031c62764ed42c4d108fe7025b6

SHA256
b8afe56baa0764750a978c3d4930ef573778d532a8d22ae2892e15f42f407f11

SHA512
267485ffeea78fd37c142eeb51c97d8144d09d8b264af8071d386bcc27d5902397dea68847bf581cf44aeaa123105befa7fe5c0f881dc4f68702317f31287b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58964f.TMP

Filesize
1KB

MD5
0ad08542c0a249941399c75adb92b8f2

SHA1
c0faa0ff91e68f6d71c4db29af72d4029d0e3544

SHA256
e0691fe0da0ea646eb417d87baa3a4897fc71122f2edca2457d8c8f80cfdd179

SHA512
2cadbe618bc2cce176f3fda48a0d5055f21099710841d10ebbeb48d030e5912b317e84d54e5cc5cddc268c2df5ada9be6d5c2c0a0a24c0c1fb34ad0aa64f3295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e9c0dec37fa49417e6657aa10f5728c

SHA1
be8c9ff5f9789de53f5717d1a29ec188fc1c0249

SHA256
adc98ea2bc65be9c55e5b8ef1c0a16179439d1fb0898f50e9b2064fd58ef5af5

SHA512
a2e188a3e819c59c3ae9efaadfdd7299eb3e0eed5a67191e840b2591837dc027f7a127823b27215605e8dd480ccac4e7861ecaaefe1dda8ba0839d1a822babb1

Download Submit