hxxps://es[.]ldplayer[.]net/games/worldbox-on-pc[.]htm

Resubmissions

03/08/2023, 00:36

230803-axw3kaae58 1

03/08/2023, 00:33

230803-awfn7abg31 1

Analysis

max time kernel
113s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://es.ldplayer.net/games/worldbox-on-pc.htm

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
4252	msedge.exe
4252	msedge.exe
3872	identity_helper.exe
3872	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 3024	4252	msedge.exe	85
PID 4252 wrote to memory of 3024	4252	msedge.exe	85
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3796	4252	msedge.exe	88
PID 4252 wrote to memory of 3968	4252	msedge.exe	87
PID 4252 wrote to memory of 3968	4252	msedge.exe	87
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86
PID 4252 wrote to memory of 4796	4252	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/games/worldbox-on-pc.htm
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff847a746f8,0x7ff847a74708,0x7ff847a74718
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3862774919275173388,12471103792216499336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\615d353b-d603-4c50-8b09-eb7c18e4a327.tmp

Filesize
1KB

MD5
16557b90e7de7a2718a77bcf95c2c614

SHA1
b0940ff04e460878d3fb23af8ba2bdb10cb9b0aa

SHA256
6bf38ac571ce970cefa1fb55909c24d638a43b9dc4ff0aeda71ea35a4896f406

SHA512
85314ea1606f4d200f83a1cdcd7acc1cc052481eba0bc9c2cb2d9f7b55eefb59c0e64a3bbc8d76c53af1384b834248117daa6f4b0b5b8fa91658ecb47b107f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
2a0febf86b989bf969d936929410d4b0

SHA1
73ddcbcd5951440dc490393eaddb1204fde46ec9

SHA256
2112311ef286591c1cb5d36b5eac5e8f79d3faa2db96ca87355116c75d663dd9

SHA512
2308c06933ee399ee573b32d135157bcac06e35b36f89bb3b1c86562996a1693e36f426248a84afa51146b7876cf4df5bf6d8c99857b7c723be52f7e6b90aadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
974dc1e67e7e4ef9a33616a97a3af94c

SHA1
9977bdf12bdf19a17f4b66a26d0e23fa2768e58c

SHA256
40e42ab906a2f6a97733c5dc8b69f0bfcf1e5423b975ff81aeb407adc6ff43d7

SHA512
10342a5734a865bb7fa2613c580baca3a4315a71f02594bcab07c30791772f2ef6037efe13d8c55070f2ed853dbfe236022af0295dd2df073c451dfee71c803c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6257153588dc0a35ec4dcb28f1ad2cdb

SHA1
f0ead2f584a833d303e576bec9a016ea26f3c982

SHA256
23448950e70cf4877fd2616d311f468577626bfd6820fa29d6434351e1ed16e4

SHA512
fa2f5289252472e66b2622737475fc1f729db5b95a71c4de20fba938ad7b6b401dbd3bf99f79a0ca74cc6d07276555581e5f168dd99886386d75c6e4a50b45c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13dcd14e70add46478417598c86addb7

SHA1
765f9466493db701af706eca544c97bfe0fecb62

SHA256
ef9fbe3b1d0db02b0b3cb85d25a4496e7fbf2218bed3aa18a81d240f42d42269

SHA512
0a7c7cf4c5ba0ddddfffb41ea76f58fada4bdb556f68b018dd3e87a797956e1fedf4383a979a455f74260b55de24f6f55b924c4160d95edd2105913343299de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ed386acbec3740222c380923fd3495e

SHA1
51c9f773b4e1422efd872981f547864f813c30fb

SHA256
7d668c25a925fe38a86641cb143677e0333e8ab1a4b51d61568aa200809be7c4

SHA512
7039e54e9ac5e56f6181b23607a2ce5d8182359b0939fd0803de67230d80edde16f72e2e61af64fe3f485edbafad14d9dc6e577939303f0b96366d13ea2ab1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af493463b84cdbd50d7ca8e9b6c358f7

SHA1
a20fd821543b0186b24b8f4231992e53f2eaf9c7

SHA256
0c73e611563a5ef347758b20577a60310352c9100f7396b4fb986c6e67f6d9e7

SHA512
7f05b9fa1a7ed7a5169c581f250536e4a9c11fd72f20bd7c93caaead0ac9e3dd5fca0ec8d3a29b2b209c68d8819cf359445c999e455c3bb6d96b4f443cfdf09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4060852a52e01b1b3d75e0c7e33505a

SHA1
360e8d17ac028f542e5c19b52769ed49a195ab5e

SHA256
e75e4c652fa061d1d663f181789278f9b43ff82d4f76d2e2b7888e54315f1d2b

SHA512
629d3d4da574fe666fd84a699e435b8bea83f28615a262fd2a236135a57d497516ea4600da5fa6e371fcd49562abb88384b21978f97904e07574b64a1c2b616a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4ff64052f64f92ce83f4af358dbdff9c

SHA1
945f072e031be51a7466f03ca19f6d38e0b5df8f

SHA256
8178d043dd8a1ca048d06a1a6db66372ba57cda89d013f7d44e46950e76a727d

SHA512
df5809ea562808d805cc5e3ac85473f90dd48f320250afe9a2b8e23cf513584c794dfdc021a4b2cb55c9d6c1dc8e1b00cbcaa03d5db8ae85c9e89f1de02efb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57def6.TMP

Filesize
203B

MD5
28e8e7150ecf887958c4aed9e881ed80

SHA1
d754a74451326be3f0a809b284e5c3fdbbbaca30

SHA256
b97678e0b6e5f46653136f9e9d871c9cee48d1ce206dfb1eea7ba5fa66ba6f62

SHA512
7aa691fbc714aeeb2e58beca66c19d87d5e3b718563379fb8d0f113a1cff9806ee72a3a0c1f4b8a24d58ab5794e1309e9542cc127f1c95fb28ed91683adc212b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4e74541be240fbac3e50c166404216e8

SHA1
6486da079910c37273e88b15b11ef66223090cf3

SHA256
09d94a1055d599787bc34076e61e1e3c9b0112cb368e5d5c51fb369d6fa8c802

SHA512
6cd841051845d2a02421aead09fef8ac52ed3a28537edf9ba05e478188d28ad11b826dd298ec6bfcc7b9e28d8c99ffac71ba17dfa095c12ef305fc7416e67811

Download Submit