hxxps://es[.]ldplayer[.]net/games/worldbox-on-pc[.]html

Analysis

max time kernel
90s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://es.ldplayer.net/games/worldbox-on-pc.html

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 7724.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
3804	msedge.exe
3804	msedge.exe
4220	identity_helper.exe
4220	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 3556	3804	msedge.exe	37
PID 3804 wrote to memory of 3556	3804	msedge.exe	37
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 3560	3804	msedge.exe	83
PID 3804 wrote to memory of 4472	3804	msedge.exe	81
PID 3804 wrote to memory of 4472	3804	msedge.exe	81
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82
PID 3804 wrote to memory of 2608	3804	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/games/worldbox-on-pc.html
1⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bea46f8,0x7ffc6bea4708,0x7ffc6bea4718
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6460570956190575428,6729966497141684175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:2460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x2c8
1⤵
PID:3612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
1024KB

MD5
7b360fdf68598a15eafc229008607239

SHA1
89bc97c88c044498d11ec42deda1c0e013ed7597

SHA256
4819659f9f7a875a7d95008df6b4734e438621316e234c241d46a8b628c38e9f

SHA512
a989464c937c73a3203d8bdbb529853d3ede5a38ac9ea5448ce55583e997f452d1a5a2c9f266798396191648008c29a98627ad5f459d335d365c54af673f7cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
409KB

MD5
2ee3f89b897b9fbd24fbf574c807d1d0

SHA1
fa27f40c7bc84cd9431fac5f8748298fdded7f33

SHA256
1bba584f2f5d1a79ef40623aa9ce216ecb5d6cc162e7e3e7abd54432505949a1

SHA512
3dd5f12eff96f79e076ab8869340e02be4545f1aafd2b7fb1f969786c3fa7822b7b6c0249fbafdef6e07100c01bbd69b336d1808f6b4b45e5db59538270bd6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
2.5MB

MD5
39f83c11bb2fb449e17f31f2b4e0c013

SHA1
c64ae85e49356e6c98c8cf1100ee94cd66f111dc

SHA256
f0700578852e3a8e9118abf95244cb466bed816ec09cd7b2511a51a7aad25493

SHA512
c4adc6b5cd5d858b89324e8bed1ebf2d9c6b8e35941b4fd279dd06c9969c50e7fec724f118ac72e2833963e75481023a8c01e686b2ba149aae318d3dd986a996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
2e7d5124f7d4e0ef1e1bf134a8c64da9

SHA1
8dfe8157c7fe999157cb7b99570f39fd732ee216

SHA256
6a530bca1cf6e6b280d69a57b4fcdf41c54b57eac130901424d45f3c94cb7958

SHA512
7b87afc25b8898886e64652f6d2d8642bfcd2af7c0c407194ba0d05650f0cffd111cea6d05f3142b11263342c1415c3464f89a4970f65fb2e38d7e68917eddbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
027e3794f5e1e448279ffb34abbe0532

SHA1
5f8e4ceedde14809c425870cacf11e7ec271f636

SHA256
60ead0d3407ad0ae2b79d65de93aef2f3eaa813e0043b417cdb8d3265ec8c856

SHA512
704240983b919621c37ded43fbb0140e0bc52e83fa595e09169ad58ef4bc47af4aed5b4c906ea119118581240bdd19d684b5db5fd0721dcd1e9da218f384ba8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
022ffea693dae48cf83de919cc51b5a8

SHA1
7c8e4925ed382953a2493cfae49ad444b5160b7e

SHA256
77f30d51df70b9dadceb9c2c7d65ff2c00f2a58ded0bf26061bba26056e2dd25

SHA512
f4ae7bc2175881eff090f68f00155bd2e4f0daf8814baf879ff1f5321364a45a8fc0d0bdb2357758c11885d4ce726ca3de33a9a350c0c1bc1d5d0b2e50b27801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c09abdc6a6f4a72b8915e36c54b4d8c9

SHA1
e2f1048709fbea965f02e7115002d2cb3018bd2a

SHA256
229eb564fccf408e9409240a8c92ef304875c057416962b12e52535c35e2bc85

SHA512
926cfbc5e24ee0fb1ea20a143943d02986ac88f2dc2c510b2aaf59e273d8fd66f8b151e7390791c9eda9acde4f173a339e632c75e6cbcb1e7c292929fb825679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
daf1a0275fc77253b5855da07b6bc9c4

SHA1
5a1208576b0c9114669a73f5c7057887c4f89976

SHA256
3be6ca62280e3c2a0624621781772f00d2279e6624eceb3c8cac8b262d5a3cc1

SHA512
7987c6ab254922e4dfc1ffd2be5e068577457e1b88ec652496b80706bb44cdb45bfe77200e3873b1c8237570168d80369ca300be43c5ab972a3af517b9421725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e74f1dc8361d3b7aa814a3ffa22b63a4

SHA1
04b278c6f3d23c46c7037f9e16c832992bf2aabe

SHA256
1b324cb12ab48684c7dd9e9fb00bd61527c90beb3845b54d79a04ddfd5e6e3f4

SHA512
3733ea2d5332d37e90ef8332501f942fd20101208604434db4217825a99b8e1820a8e31f615fb658d259b56f1b9783b983b372683ff3c1c75c48f477e9b94e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1c9fc47e53297d9a51d49c53e503628

SHA1
e8d62628e92d78b6dbf9b0a50b1afe2c69e73a7b

SHA256
bdc70cd917613e5bcc757a4847d46c6ab86b9da93ee455ea64317c2c38485963

SHA512
7593c78491742a181be4bc7b45efa8826f1b27b6fc8fb8f81f09f159e0a68a1507c128b6e667a3b9d8500b000d9e1eddfd74b81a99e8bea67ab02059aa60b710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
213ff7e82b55a63772989ea1d7bd6bfb

SHA1
61db4ae66e76a26903e48589004e64f247058816

SHA256
4896da34454687aa0fedac29b6516ede0f4eb393b37f4dfbbeddc890e6edfd87

SHA512
0d53c151008426bb1d3c2ff6c0a9c0ded31a1d66a00ec23b6659d403dcb7ef8cc8f2cc1c2ccafb19d773a9be4e5c3ba544e9f1c9811d054d5710df4adfa774e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3fc394497d65fc49b6f9346e21c789ae

SHA1
fb510349dc42c3bd7d405dc837564d6690f766d5

SHA256
6fc8ff094ca4b438435ee138653007bdb9aba387bbf42677a1134860147a3272

SHA512
59b3e9323732522358941d5cb736beda8ca5933a8ffe53f0353b8e34e170110a3e499e3c92df4717e61fbb824211b71913ff1dc12f74f28fa4af087a97896fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a89e201544d56e5509c86f3b08dde27c

SHA1
e3e3ea94b56171d919a6d0cce7f464db335743e8

SHA256
5ea470d5ed3ab4cc9588f177997ddee38f26ab3791dd7137674f954d2fc7595d

SHA512
1728bb6f20a8cf6110bde7c831b5326c3cbe5bee22cadf7a10ddc559501bc691ea5556b662e21e28a3eaae26dc57e7a1cefe667911c8e46c3143e8a25ae371fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ad8e51dba377696a50e8fcb249f95b7a

SHA1
0c07e7b008b58d5798b0c65240a3396f5a414f6d

SHA256
1f1ed0a2786f6139d4ce5dd4c8fd20a45b863d09c026840a974fcf15ecf285f4

SHA512
58f31c8627aab93b297b56c5b4f27dfa2857149f31b848959e01a767389f0fd0a3619a87d9b476a195c5888dbe1aabe56b212c3c98c7a9acb1aabaef94445f14

Download Submit