hxxps://www[.]cartascontralahumanidadonline[.]com/

Analysis

max time kernel
123s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.cartascontralahumanidadonline.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
4668	msedge.exe
4668	msedge.exe
3152	identity_helper.exe
3152	identity_helper.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 4440	4668	msedge.exe	84
PID 4668 wrote to memory of 4440	4668	msedge.exe	84
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 736	4668	msedge.exe	85
PID 4668 wrote to memory of 64	4668	msedge.exe	86
PID 4668 wrote to memory of 64	4668	msedge.exe	86
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87
PID 4668 wrote to memory of 2744	4668	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cartascontralahumanidadonline.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cce346f8,0x7ff8cce34708,0x7ff8cce34718
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10646421637074507843,11899606242494586240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
83KB

MD5
87b8e78ea961d90a24b8437c833cefdb

SHA1
121692a83100971875b68c84db33a5337cfdea30

SHA256
24d1e81cbe95da12166afdad1acf49fcfafe00efcbe06808880d841ab188a79f

SHA512
547929f58cb75fb7a1fa0eb42f2f6f68746e2d93cdd60dd744da32d2b92b29eacf299e05c06f97229567031b6605fa2d3f356a13cc46ed3fb6a9d05386025ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
cb5dc66d4594e42e9094c57cbcae403f

SHA1
7cf61e85dbec93797743796066775d16e14d90c2

SHA256
3765fd8179ca04dc3bd700e2ed86f7bd96dc634206ec1d609a4c3b4d67a52620

SHA512
68457ae8e8689ce7a3302b90511a9c35c10d83141bc4901d35d07eda3bb24b16bf8c7e5d6af7eceb3c7e2befc65bc3e0a8eaf00a9f8320fb562ea33a6df3291c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
77KB

MD5
b5dddb64163b5496a6043989937da5cf

SHA1
0d2d176eb54a0ae593dc52903f836283acb28417

SHA256
f1fa5bfc614842c284ba3cb3113b5dcdf45c7ad0d1e6ae74a714e6fd6a9c2274

SHA512
133faf06a61144aa06e4d5e341f140074b8840e24489f4bd9a09dce1cf5b8814c75a4c0f445d2640b10d0ca18e5556df1abfec82b317e12b2959482e92cfa095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
24KB

MD5
9c700e17e974d4ab2dfde82f6451dbbb

SHA1
d5b85e82e10c2d96b36316670c76b8a0112bf246

SHA256
3ec0462dbcae8561ca0465558845da248d434dc6205cbde99c47ae3be2ac99c0

SHA512
1428b7401d281ad3d635eb007e45b6e5798be6b029f270874af2312627c496407ec7440df4a3028f3cd6c1ec587b0805425ae5de4bcb04b90d942145e26966fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
102KB

MD5
090f386c0515c60f076b93e1ff452869

SHA1
6bd218497a034d10e8cb0498d9f68fd0acf1667f

SHA256
56eb681240ab84a6e2589f92585e5af697612572cdc3ff3ef611f3b903e3f410

SHA512
2c07202e18a36ee8283617ad9d36f998bfca7b5436ed5201726c57b81328e6e7f7f87d52ad883e2be4e9d782a1bb94b7621127452429bdd654b48c2d07b1faf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
33KB

MD5
5a085062031efc9402382ae386ba3b93

SHA1
9ea59366d60f1bedb937e6e9d11342955401e4a6

SHA256
1680946771c6db76aae2ea6b2fa9eb2774971e3cd6e482eed02ce44204696297

SHA512
73334bf33fb119e6e59be5e0d9ec655d31101971bf93e6a401380a2d5fe5bc3eee4f88c609b1c1f132dfc3274960975d08e1d5222e59405594422c434de9ea63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
66KB

MD5
b62d64ef6acb7d9e69619926d12987fd

SHA1
d17547ac81a5b9ec9d3cfaa7fbecd563233af351

SHA256
e82a5776a21790a3b2855755cb37d2aea37274b04b5b4e4ee48c318e8127d7e2

SHA512
04272f633659e6e220fb325fc42f5909f36b144e5fe8107c65a093ab2b553620749a9b995cf0e8bdb2bfa9fd5cd6708a4f743874a5988ef524d4155e7d8d6e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
19e7d70984332edf967633d59d3ba177

SHA1
85c9acf89181e4f8e1df6b13045b58f9d6c42295

SHA256
9ae308ec1f930ae7c579b58df8968d140d47cd04a4e469563f3d44f608428153

SHA512
a074784697c73b9b4a6ea134d6888751de7b0b088e4f294a3405ea936403cdc377da88c7c28837e4586b495f2de3032e2b1e505319eee27a150f0ddb006eb52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
e51420f9e05881fd749742c500df6008

SHA1
e0c6e84fe6ca062073dbaf2974903517e9ec97e6

SHA256
7740ac119ea561b31d6f348ec602d5bb6550992253f2b3da235957044939e7f3

SHA512
3d5216fe8a14e9caba5295338216fabd895d4fddd18c32daafaad02594de85dd2105ccb16675b513f4fee7681fba8120bcc539e5eae8921342863aacfc511c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
12facbaa05556a29b8633c66dc8d95d3

SHA1
cb8f6113fba718852243d94f23689536e5d0f04c

SHA256
b8e0e5dda35d5382177ed47b12f21c778cbc31d0a4f72a8c61f20852372a7918

SHA512
dff68fdc672856fc20fa9d3ffe33fcfb1e339e978ceec7d15d860df4ed9ea174edea99ed6b6388a2026e3fdd8b56e9686feb300098bdbff55412efddfcf3ae9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f155b2ba46fde49851740f8440f99665

SHA1
0b29958dd6ae153307d99b76bc3785454a93bb40

SHA256
63b4f34a95f2fa29a154c3ce19f445eec7a7d007d84dc91b28a3cc07a85e5b6d

SHA512
cb4d73bb66263cedd949c7033d3c0da6df87a8d207953da6c4d47cd44a55d6211f17e42842a629be95a1646215dbfc3328cf19a382f148149729037635464fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51b15a383e51bff3557c3526920890b3

SHA1
033b690b0b1063043264f99e8adec8d08b8e7ae9

SHA256
a96c4fa07a0532adcf68d31b6d88a561215df52c40b0ff4ba7c040d29a0a37d5

SHA512
c3ebbc55969fb5c5493035a679459c4d8e3aacf1a4da85d94ce3d2485d878d2be41fe50dbe85a38cff23d94dd4e59da97f97d800ccf313209c4176c2e66876d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
048bdf25561da9a0725029a94a4c49c8

SHA1
fccd56ad18465feca05ccc1bb56baa79b7cba724

SHA256
560ac2f4a15be5c0b26907aa0e35939547783728c4d5b679ecfb2404e9451a57

SHA512
27910686b1d28a6436e2448483b56f6a6201807de48950399ac15e4ce3924cd64a76fc4ee7f47cf2ccfd221d0aa154d6c6bfd1496a05d3fb9eb3ff2dfc656b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c01d8f7e08ac36bfc6e09689ee7fd949

SHA1
2ce9b449f789dd5730e949bd5ed798ec07731728

SHA256
6e8696b6939aa844275ce26169ea583e561cd15ff5a3b286c8cb94ed99ff290c

SHA512
3231985d168cf226f3381b74570bcf3e2be074c199f9d8efafa95b3a8997333dd15ad647b1255b193fd49ce57243be2ebf602c23062b8645b8e92ec99f3f1f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7748f5a9578d9e374cdaba41b98a2367

SHA1
6c2f1f110476d6834c83944500f565879d7bb707

SHA256
84960758e0a6057512f51f5ab444fdd0efc5ee96daf9148230c6a7f7ca02a01f

SHA512
65f981831eea1d5679c88eb7ce5275d88759204b53253b889d288d56d58424fb8616887eb104cb66c7b35f50557577c27e3b208a83cadd71a3d0a14bd4a6039e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c94e1fc464cd6db3e8a0104474281668

SHA1
10322756da62d2880a1eb70793d762514fc49d52

SHA256
c40fdb2905505e0303cb4ff1fcf7d03369e9ed01fc4702a7df039dc846f39833

SHA512
822247baf159cc9f2a53df3b378fda94b3a71c3a50e358ca3cc5b8bb793a4cfd6af47cddfa9b3ad5b2492959817b159f0778d3ab00e792a69b62648c3409d533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5c2f683daab02786c17cdf890f193ee7

SHA1
c63147212eaea0ace72a57fb7218fa909834a0d0

SHA256
6128abef4671577a7c20b10e6958b64115839badf6d45bf763348c97bca87845

SHA512
09c074843a635936ec3215a61c05bd73b633abc9f45ad100703de8ddef3f97e78289fe955786f217e4f3a707cf0c49480880bb35660233b62b1b2639c4f4e693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c6ab.TMP

Filesize
48B

MD5
0a90170f47f33723c136c4a329849b31

SHA1
f50ebed6091b8c64c7db70bf03ecdc7843234793

SHA256
cb7be24fd14f26ed1d708e5c1626bcbd82d358bc071292f6bc00042cafdab482

SHA512
1f77e958d6a8e8c3c2942d222e90c3c6074d14131832a84dd554483362f22bc23bf3738e526005029e98bf37f32f53e0ab046529e7794d184b3f3b03f757e042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3ad9f453a8e9ac6c38b950b289bfd8c1

SHA1
66cf645d4fd1a19b0ba3ab0414ef9a95a21423df

SHA256
0d32980de2b3ad521016e1ef5813ad09cd63f2e2fbd4877d73fb3e979deaff88

SHA512
023ea1193b6588f0c68238fadc14c38a70cbe003ec8befb95f4d8b8c56eb26ba5e70faffb35e581ef8f7b975cd32fd53ab6d9d6c274bde97cc28f158b34898c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90b9ee14c6978fb978a0a66c46d612fa

SHA1
ae435e5b333a3f6b0d4185240c7c11186272718d

SHA256
68880e3539bcc81cb68b120d439fdfb854544fd80d8a86d531a607c4ac0fd04e

SHA512
69d953f796e706a9111e4e4047e93f58a6bedefe73e708fea0593d44096eaa6a3f58abfc38c3e412b98b05d607656a05c17e566889dce67d9ce2ba177dd7ff5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0427b15e1c89ca7571fdc43fe6a00c71

SHA1
e68b7309a0cab53b256c83c5f231831bbe0d52c0

SHA256
160ec962f1f5e6e4b4079144a23853b0b0adcbb07ec042d3b8a90791a199afe4

SHA512
dae201ac6910a7db3f3567cd07066232a7ab0c9f684a0640cdafd62dea8e27e541006327e5c3956bd3e20a16484305f1a4f592dd2d83c9a8021c1c78236324ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f072e7ad903ceeb09099d70b72e580b5

SHA1
1afaef370ade33e46b60928e45c7f2c733051c27

SHA256
f27a9f3e4cbbe3f019483c71e228b6a806fa93cca2dd8c8e3ff805204fd8c230

SHA512
7a7f9c821e3fb5b1725f901af26883dbb03fac71d6e55c54d77ad6ba9b6d4cba234160c583de988fa24bd5b0414fb90a8f8965c81f0d1b717968f5a835437771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd02.TMP

Filesize
2KB

MD5
fefbef092df174d49eb0b5a7b6e989b8

SHA1
f2a173f81679371b409ce2ef14bd06f743fefe43

SHA256
635e2631e7a99a245f8383df8d637ea91039b61dc8f31e193d94aee62062f863

SHA512
6999b58ed7d8ad6496ac9ed314ff0b9f00704d8950277f3cb9e51d50d8f1529d2b00a96c04cb575350d17c35f4bc6978089b5bef4996db832f98a5e32e6f190c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3537541341fc99ec45e74c3c72cef286

SHA1
603471a62650341a2d9c0585a8a933b0bd9cd729

SHA256
711e85f00045d8bc2af64972143c0c88a4b188541208677d04bdfa97f2f8fd65

SHA512
cc77c3460115b509ab1ec1e258afd77db7f8872007d8994fe7e0bdb89eca45e2e444dafe35a7bc6659d29fa973310383aadd74170c888cbb77cf5625e5af8137

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit