hxxps://chatwhatsapp[.]chatwhats[.]shop/morritas-cp/

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2023 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chatwhatsapp.chatwhats.shop/morritas-cp/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
1036	msedge.exe
1036	msedge.exe
212	identity_helper.exe
212	identity_helper.exe
5180	msedge.exe
5180	msedge.exe
5180	msedge.exe
5180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4220	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4220	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 1324	1036	msedge.exe	86
PID 1036 wrote to memory of 1324	1036	msedge.exe	86
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 3816	1036	msedge.exe	88
PID 1036 wrote to memory of 2112	1036	msedge.exe	87
PID 1036 wrote to memory of 2112	1036	msedge.exe	87
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89
PID 1036 wrote to memory of 1872	1036	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://chatwhatsapp.chatwhats.shop/morritas-cp/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedcfb46f8,0x7ffedcfb4708,0x7ffedcfb4718
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8499215437495644986,5610149545315515908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4126d2c3-bb27-4cd9-904d-16c3d574bc0e.tmp

Filesize
5KB

MD5
3a4a7fc5f6e6fc3983ac05c6013ebabb

SHA1
221630f4756b9710a10a3ce53c618a26250a94ca

SHA256
a2a1f93687c10f111610c8f3560917bc558f1c2e0472a14f16005b473f007a77

SHA512
c57b259be73db98b940a5530ecf80236994f64de9cfbd4f22c7e6473998c3b84c82f665f553785dd56ca7fd31e66bb8c26deec2aef671969d8b951b4f9597ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
d9d8d3222122fe9e9856a8ec015ce16e

SHA1
f1826b1cffaa8808a5fcc1961d8e9b94d0ac34ca

SHA256
ec0ab7c47538912cf0d12f704206f15cb1f5b5f0e9a0c6d4a0c0050939889970

SHA512
8b9d0f8f73a88794c3026111ae00c6d32efe68225c98dbb1ca4a02de1b98a1170678da6601ae28a10b61f235f772d974fe5826b40e94b2ffaef9886a3a4e422a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2eb2fd9d3dcad444f39acab5bf989e3c

SHA1
8a260eb34efd1259c15d8962e1fe982feab3e784

SHA256
8d4e4ffe39751da385d20aa9c052fd080f8ea12995381afe1eda54f575c67331

SHA512
180afa62a5cc67ad01923aea417193be2dc0595965383471238e1f22d6b09243f4f79cc8c94a9656b53f40e2bb0454280a33eaa879cd4e67e395fcbd6d462e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1e135e117515e3d16bfd4e3064c62525

SHA1
1adf06981b2ba433902b63e198a780d29181f7c5

SHA256
332be1dcbbc787f26aa1a97ee8a5aac9aeaaa9d4e5efede4df1218c7d1b441a5

SHA512
af1e9bc4ac554660890d1d46dda171ae155603db18bf274e45a74f2535a469d1e92d4568ca9ad3e9d62bde038664930de8cdfae60ed53b7a20b2917882818603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a5897ce137b6f9298460d8e58bc4c64

SHA1
1c604a5cdeeed029cf838eaeafa92890e36ae9a7

SHA256
53638a690baeff92d1580cac9209247466805c85e03a0579b63e3049ffaf0ae7

SHA512
a86b3d6465aeaeaa090508ca5c7e9762b216faefd4550481dd5adccf3ea5775f0c44631886530c4d7ddafa6d1a8af8db4d96efa7597994c7eaa3a276ddc3d82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d864e9864944810a10985ad3205641eb

SHA1
0e4a96d7a8ab8ffc871160be6e6b6ef3bc3aa39e

SHA256
5a1bbc51cc53b7135ed1b72e6e15503125022f9aa49cfc238d6a04de4ca185ed

SHA512
8d3892b242136482076419bf77e20b46d71e43db5e2c0a1854d5519b47e20feea29593925bbfdc5bcb9f1718f60569b4f8247b4dee85ecdd4227bd467b1ce273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a184dbaaca772f03c1af23ab8942d79

SHA1
a8154a3665bb0ac52298b7589f6e69ac1770cfc7

SHA256
cdd43982b594abb62b8e6240db4c05595531cd486ff9cc1a9fa8a14d22f63c66

SHA512
b908ba7b78cf8bd9f39da4454e0778c18a33c14afb074fcde5d40f2d8669b29bddd41af30e6f973e036843ce9dd67dac218bcc705aff4f60ca53c745e7a8677b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c65feb42ad6a1e8d4d1699af060c1943

SHA1
4b9c5492ec8a971a7fe53c9aed4dfacc2f1bfe0a

SHA256
4acb4e6812e80d2dc449a43f66a9894944b46a5e85439781971473548a510092

SHA512
871806e95116ba03142abcc0f1d4b5f0302f17cc5f210f9c8161ab5cc6496a3911501edb1d9a96ab25495def41df73cd6af8c598de98237888420792ed02e5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\180172a0-27ca-448b-858a-0877c963e22d\index-dir\the-real-index

Filesize
2KB

MD5
c7023d819906404343e2e32fea8cae4c

SHA1
aa88adf538a22c4763269c752af988a88e92d87b

SHA256
40b64a2cbb8ee99cefb067cd56f766d48fd974347211cf1f67213bc3fe7d910c

SHA512
49a7c89ce8ce7003d224bbc3d5230798e622afc8e476a4b82118d32c99ae3e61ffac49c1c33e7d2b7e7e95784031652e326c02e661eee8866b28594f3ae2472a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\180172a0-27ca-448b-858a-0877c963e22d\index-dir\the-real-index~RFe587f8b.TMP

Filesize
48B

MD5
1e5d57a205e1a90e16b72c5272a02f25

SHA1
aae3aa90566da1484b049105be645c4210eb9c17

SHA256
961dddf66968d716b273928ed6b881d6dbc2dc4bd05e3be950f6f69ccd83f1be

SHA512
a3ff3211843df8865100ac64d866720902315db543c9b61a6dd6c4f712044086b052c0942b7d7f6eb6bc9f66c5a73b13b4024ec6b90e3e05773fb74ae0c39150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cf0a28fb-7fc8-4e44-ab3a-ee7babad82b5\index-dir\temp-index

Filesize
624B

MD5
b3f141512e7456664fd61e7e492bc235

SHA1
26c18d50dc23087edb424188e0a601d0c8453779

SHA256
2812c9c97ec10e9cdf09b858860c93ca8af7bb15e6037815bf259dd9ee0ce1bc

SHA512
35eab11e2891fd31a02b89c31e81350287fb9d516fe14191334bf66f67eae006ac6f50ea6ba81dccb32f59b2f9fc929b940f57cf470ba2fe6408836f79b1f0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cf0a28fb-7fc8-4e44-ab3a-ee7babad82b5\index-dir\the-real-index~RFe58898e.TMP

Filesize
48B

MD5
8cb60941b3d35414678fc2e3da915e21

SHA1
2330712e9ed6fa89491fa4d2193feb650668086b

SHA256
951405dbd9adc92f3894982f477f43db1b14176dc0e8c8aa8bc8833fa9c796c5

SHA512
97412aafc0dd07e654ee3d3498408398a6c84db4721b6ba1507f0b90e5c1256fb5655ae2cf59c239b8df671765bf5565444ad2ee32ac62b1ec519a84a133518c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
5e8f9e191196af01cf538c17ba6cfb59

SHA1
63bd825915a10ccb4e39e396a49474416d8dbf06

SHA256
95ebe1e46a0a61f61ed9e327437e7a3b11f8b927114e4817b5bb3e8bc3303d4d

SHA512
3a25b9f17786c8037fa079f3645742d7b8349b1b649e04ef1f894d6b2b983f4f52fa630ccbd79b762141ffa8bc9f034ff444c068920dcdd19833c024b0d77be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e214abe506585d63633eafe9f0d7be96

SHA1
98f34fdd66dfb8bf2146aaa732176b3cf30dad83

SHA256
d7be5b7af296178f8a49b017a29ae11a360caaffd9024baee26169d9c4f62a46

SHA512
0e68f121820198ce0c6db405a9037dc6c3f124e5ebb7e1f8f13b6335c361bde7e30aa2f07ae3a658b4dea88c0c77e80fb6b0177bdd5fe268d91ae4554dfe87de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
c59d802269d9949ac518e41dd5db1d93

SHA1
b4d86984ff84052ab30007abe2310ad1a75f3597

SHA256
07b012a6e54e2a2f6540a23348fd2c3510520652db90c3fd82516084179cf1cf

SHA512
f9dd9e50dd3ef7fd79c3f7049ef71357feae70c4205ef67c55e775ec1df848cbfbbddc62b13076fd75dd4ebf94d2f1e09adccb6633c6876f839ff8b63ac27cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
071998f48b96b888467aba34ce8917d5

SHA1
9c19f644c000a97635b39d7cf97a5d8d188c718d

SHA256
ef6fe3eb36dfed9033c7bf87b9e465e89116535eaa3776e0ad02d7613acff97d

SHA512
833376973761bdf70ae8920dd136efd022e060c42e16812ab79e2756dd01f405563db2cd7ad7850780b597c841610f48055571b535b20a9cc17615da015f0cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
93cf991d33aa48b7892537d80c60821b

SHA1
f29643c5c9674689ef65ad5db19abcc2eac617cc

SHA256
e6c5cfc865e80f6fd6bbc386a1540e16237a3bf23d3c756041820d96e2420c66

SHA512
e572700a18fe7d0b44872918c08bc8b5c923bf2e0955ecf07481a02bf89a3e80a4c9a18ef48852c823638444f3a99221de7d0ab2483acd41665ff464057198a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
15051c19dd680438f4aba4113fd0a7c1

SHA1
50d91865701c63c5aa5d3e113d52ec6d3f576bfc

SHA256
390c9dbf42349e4c7a8424eb1bd755871b3ad0d399e5292ea6c365e5aecca8e1

SHA512
b62bc54982d16a3ce6f27f1877884d0002f32bd2fedbe167f4aa751ea95051492953a9362181ea89dba3f2d686823c95620c82afcf3af5f3c887ab25f66e8678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586ffb.TMP

Filesize
48B

MD5
8ad5d9772378ff202cfa6aa8aa74f0e5

SHA1
31618cc76c33f417bc6f3e864bea75d2b007acaa

SHA256
381e2e18973389e6f1cb6c9d91acf5796ae22afb731eb6e7b8ab5ac288655500

SHA512
f9d22287b34e7d2d4452ba7c7514eaf4edfc9b0e0436ce8b3496bf1ebc08ad6072baa420818ff07497f70aa6307168d4acd951536baa7e2929123f0a6f6ea951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
29f7180cc6cd7a8c1e14781f38360ccb

SHA1
7e4ab8a4c6695f70a182a692be7d363eade4847b

SHA256
843d04c29dd0f9ee77bfa7e2d9ce65b8662725e9f203410241c8e003bd99d0f0

SHA512
cd11900348171d02dadf8efae7bf1da5a8279d7f8f889dfc5a3d5f9b1e7a5b156ca9a0bc86e4e1e4d084c89a9e52fc6780af00cfe9800bc315efc772727e6f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a82febdc96548b939b0cacb3d17fd986

SHA1
8f40767e8cc94b5a4a356d74ac008cf1a9012fd0

SHA256
4b8505f3bddd99e53e936fe0fb1588641489d031e474ddd3f0e3282ebacd771a

SHA512
e15c16eb9442d43113c3fbfe3302d8f7b63fc3dad11ff2223d3ac86a1a00f53afe71710b6a13610860722de130566ee4947ee2fbbb53cd3c3a9cac9c7618566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585ec5.TMP

Filesize
539B

MD5
4a707379375d1670cec36ef2046f9847

SHA1
5cce844fdc1cf9189c39dcafd04166a088dfde51

SHA256
b6c980ea22bd0b37043ffee7ae6ab596f97e0c9c80fef03c92492abf7989dba7

SHA512
bda2af44de663c57a7ebb2e88132e4fc9ed5bfcc02b99b2ba29afc65f58e57a2ef1f3ef1ba2d0b0dc334ce57f4b78554a7f9fea49e7c5ae440e264c7b72b84b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
053641088720239ecfe30c5a8f41c374

SHA1
63d08f39c011407e8134b5667a3a42e08ce00c93

SHA256
4aaf364407663a154a86a1de4fec74f551bc429c8d47ddd6056e69a98812aa14

SHA512
559deae4c88d7481e466c18a496b6787698c42715a462465e94c1cd0fdde30ad33986db31c413ae1bd6b75b8f7ef82f0d3667d223d573a8e0399f6b228701e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
59a81af47154867889b9076d04a402fc

SHA1
9a7b6fd0dc439d3e5d7ec0aa34cf429df1321eed

SHA256
6112f1cc29956d6b1f4da12c6f7a4d2290fcaff7ffcc92d5749fe930194a60bc

SHA512
dd6d5d56f8c1ed02ed120a725d28fc0b1742f246336542d12e320f979d3db8b60762784c8064c88ab37aed695a758e638b004a9ab8452e5400f61a658749aaeb

Download Submit